Forecast: Hackers Target Software-Based Nets
Among the growing list of security threats expected to expand in the coming year are hackers probing emerging software-defined infrastructure for vulnerabilities.
According to a security forecast released this week by Intel Corp.'s (NASDAQ: INTC) McAfee Labs, exploits targeting the embattled Windows operating system will give way to more aggressive attacks against infrastructure and virtualization software. The 2017 threat predictions also include an anticipated increased in more sophisticated ransomware attacks that have become commonplace this year along with growing concerns about malware infections that can create "backdoors" in Internet of Things (IoT) infrastructure.
Overall, the threat assessment identifies 14 emerging or expanding security trends related to cloud and emerging IoT infrastructure. Among the concerns is misuse of machine learning technology to enhance what the report authors refer to as "socially engineered attacks."
The rise of open source software brings with it growing security threats, the report warns, resulting in a prediction that "attacks on infrastructure vulnerabilities will be very active in 2017." Along with vulnerabilities in OpenSSL networking, which the report notes requires frequent security patches, flaws in the Linux kernel are emerging that, for instance, allow the "hijacking of Internet traffic."
Meanwhile, virtualization software is creating even more security threats as cloud infrastructure expands and hackers seek to exploit vulnerabilities in hypervisors and servers. Along with the Xen open source hypervisor, McAfee security researchers also reported vulnerabilities in VMware and Microsoft Hyper-V platforms that could be targeted in the coming year.
"Although many vulnerabilities have been discovered in virtualization software, when compared to mature browser exploitations virtual machine attacks still lack systematic and universal exploitation techniques and methodologies that can generically cover certain classes of VM security issues," the security forecast notes.
However, "Because VMs have become targets for attackers, we believe it is just a matter of time until we see systematic exploits and sophisticated attacks against virtualization software [and] 2017 could be the year that happens," the report predicts.
An IoT botnot attack in October highlighted the growing security threat as more devices are connected. Hence, the security forecast sees malware spreading via the IoT in the coming year, opening "backdoors into the connected home that could go undetected for years."
Within the next year to 18 months, "we will see malicious code hiding in widely used libraries or directly embedded in devices used in the consumer IoT space," the report warns. "We predict that some home IoT devices shipped in 2017 will have backdoors installed. Due to the nature of these devices, spying and personal information theft may go unnoticed for years."
As if that weren't enough, the rise of machine learning also is emerging as a security threat as cyber criminals leverage the technology to zero in on specific targets. One scam involves duping individuals to transfer funds into bogus bank accounts, a tactic that according to law enforcement officials has generated an estimated $3 billion in stolen funds.
The tactic uses machine-learning tools to analyze large datasets to identify the most vulnerable targets. Malicious machine learning algorithms are then built and trained to carry out social engineering attacks. The growing availability of machine-learning toolkits and training means such attacks are likely to become more common in 2017.
"Security is an arms race, and cybercriminals are fine-tuning their methods with the help of machine learning," the security report warns.