Skip to main content

Ransomware, mobile payments will be 2016’s most severe security threats

exploit
Image used with permission by copyright holder
This has been a banner year for cybercrime, from Ashley Madison to the Office of Personnel Management to the recent VTech hack, and 2016 doesn’t look like things are going to get easier. According to several cybersecurity experts and companies, threats and vulnerabilities will continue to evolve in 2016.

Ransomware really came of age in 2015, and it will likely continue to grow as more and more new versions emerge, claims T.K Keanini, CTO of security company Lancope.

Kaspersky Lab reports that ransomware attacks doubled in 2015 while Symantec this week noted that there has been significant uptick in TeslaCrypt (one of the most prolific incarnations of ransomeware) infections. This comes several months after McAfee Treat Labs stated that ransomware grew some 165 percent in the first quarter of 2015 alone, thanks mainly to a number of new strains of the malware popping up online.

According to Trend Micro’s predictions report, 2016 will be the year of online extortion. Psychology and fear, its report claims, will form the backbone of the threat. “Reputation is everything, and threats that can ruin an individual’s or a business’ reputation will prove to be effective and—more importantly—lucrative,” the authors write.

We’ve already seen cases of this. Typically ransomware locks down a user’s system and demands a ransom to de-crypt the data. Now attacks are becoming more targeted, whether it’s gamers, or users of digital wallets.

The burgeoning market for mobile payments will also attract greater efforts from cybercriminals, according to Steve Lowing, director of product management at Promisec. “It feels like a new attack comes out on Android-based phones every week, since it is the dominant device. Apple Pay is increasing market share, and almost everyone has a mobile phone as opposed to a laptop,” he said.

This growing market share for mobile payments, which now includes another major player in Samsung, will open up new potential attack vectors. Just last month Bluebox Security examined 10 Android and iOS payment apps, concluding that their security is “still very much in its infancy.” It found that many apps put consumer data at risk, or even have flaws that could allow for the re-routing of money. The study, however, doesn’t specify the vulnerabilities present in each app.

The app stores will also have their work cut out for them. This year, the usually safe Apple App Store was compromised with a number of apps infected by the XcodeGhost malware. The Google Play Store, by its open nature, has been riddled with fraudulent apps in the past too.

Finally, access to cybercrime tools is becoming more of a worry. The “democratization” of cheaply available hacking tools for amateurs will grow, said Javier Vargas, research manager fraud prevention firm, Easy Solutions.

“We’ve witnessed the outbreak of malware code and hacking tool leaks, as well as an increased amount of public repositories of tools potentially exploitable for criminal activity – and we expect this to grow substantially throughout 2016 and beyond.”

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more