Trend Micro Says IoT attacks, cyberpropaganda to become more common in 2017


Cybersecurity firm Trend Micro has released a new report outlining what it considers to be key trends in cyber threats and cyber attacks for 2017. The upcoming year will include an increased breadth and depth of attacks, with malicious threat actors differentiating their tactics to capitalize on changing technologies.

Perhaps most notably for government, the report says that more attacks through devices that are connected to the Internet of Things (IoT) are likely. These attacks will capitalize upon the growing acceptance of connected devices by exploiting vulnerabilities and unsecured systems to disrupt business processes, as happened with the Mirai attack earlier this year. The increasing use of mobile devices to monitor control systems in manufacturing and industrial environments will be combined with the significant number of vulnerabilities found in these systems to pose threats to organizations.

Ransomware may also expand to IoT connected devices even while it plateaus as a type of attack in other areas. In November, CivSource reported on a ransomware attack against the San Francisco Muni public transportation system, which sent transport officials scrambling to get ticketing systems back online after more than 2000 devices were compromised. Trend Micro says in the report that IoT vendors will be unable to secure devices in time to thwart similar attacks.

Cyberpropagada will also become an even bigger issue in 2017 and beyond. The report notes:

Most recently, we have seen platforms like WikiLeaks used for propaganda—with highly compromising materials leaked through the site just a week before the US elections. In our continuous monitoring of the cybercriminal underground, we also noted script kiddies advertise their earnings from fake election-related news. They claim to make around US$20 per month by driving traffic to fabricated smear content about electoral candidates. There are also existing groups of dedicated cyber agents who are paid to post propaganda materials on social media sites like Facebook and LinkedIn. They take advantage of the platforms’ electronic content filtering to multiply the visibility of their content.

The lack of vetting for accuracy of information, coupled with avid sharers who wish to sway people with opposing beliefs or simply to support their own, has led to the popularity of these fake content and memes. All this makes it very difficult for casual, unsophisticated Internet users to distinguish between facts or otherwise.

In January, Trend Micro published a report on a cyberpropaganda operation called PawnStorm. PawnStorm is an operation that is targeting military, embassy, and defense contractor personnel from the Unites States and its allies, including government institutions such as the North Atlantic Treaty Organization (NATO). Opposing factions, dissidents of the Russian government, international media, and high-profile political personalities in Ukraine are targeted as well. Researchers suspect that operations like PawnStorm, which may have been involved in the US presidential election, will also target upcoming elections in France and Germany. The number of targets for these types of operations could expand into lower levels of government as the use of social media for government communications continues to increase.

“Next year will take the cybersecurity industry into new territory after 2016’s threat landscape opened doors for cybercriminals to explore a wider range of attacks and attack surfaces,” said Raimund Genes, chief technology officer for Trend Micro. “We foresee the General Data Protection Regulation (GDPR) causing extensive data management changes for companies around the world, new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion.”

The full report is available here.