Cybersecurity company Proofpoint announces 2017 predictions

Snapchat users are just one of the groups expected to be targeted next year, experts warn. Photo / Getty Images

The evolving digital landscape means we are always at risk of being hacked.

Based on the trends seen this year, cybersecurity company Proofpoint has delivered its 2017 predictions, which include a rise in mobile threats, Snapchat and groups ramping up their efforts to fool humans.

SHIFTING THE FOCUS

The improved security of browsers and operating systems combined with individuals and organisations patching their software more consistently means it is becoming increasingly hard for cyber criminals to use exploit kits - a type of malicious toolkit used to exploit security holes found in software applications.

As such, Proofpoint suggests 2017 will see hackers shifting to social engineering, which focuses on fooling the human.

"Exploit kits will become 'human kits,' with an extensive tool set of techniques designed to trick users into infecting their own machine with a malicious payload, with users lured in via malvertising, clickbait or through convincingly individualised emails," Proofpoint explained.

"At the same time, exploit kits will not disappear; instead, they will become more focused, targeting clients in regions that have traditionally been slower to patch and where monitoring by researchers is less intense."

GOING FULLY AUTOMATED

In 2016, fraudulent social media customer service accounts lured victims into clicking malicious links by using a technique dubbed Angler Phishing.

While Angler Phishing has grown both in the breadth of targets and in the depth of social engineering techniques it employs, the technique often has copy-paste errors, grammatical and spelling mistakes, and other trademarks of humans doing manual work.

Knowing people are more aware of these factors, 2017 will see attackers implementing automation and some light level of natural language processing to improve attack techniques.

"With the increased automation, we should see attackers scaling up their targets to more brands and scaling up the number of victims they can message in each campaign," Proofpoint said.

"Attackers have already shown an ability to be aware of product launches so that they can launch their campaigns at a time when a lot of communication is expected on social support channels; we expect this to increase in 2017 because of more scalable resources."

THE NEW FRONTIERS

The quick growth of social media means cyber criminals are using emerging platforms to trick victims.

Of all the social media platforms, Proofpoint flag Snapchat as the highest risk.

"Snapchat has become one of the hottest social networking and communication platforms, yet thus far attackers have not carried out major attacks with any consistency on this platform," Proofpoint said.

"We predict that in 2017, either a number of major campaigns will be launched with great success, or a major security vulnerability in the platform itself will be revealed, with proof-of-concept (POC) code made available."

In addition to social media, Proofpoint believe there will be an increase in the use of SMS and iMessage systems to deliver malicious URLs and zero-day attacks - a hole in software that is unknown to the vendor.

"These will be both broadbased, such as phishing for bank account passwords and debit cards; and targeted, including attacks on employees and executives," Proofpoint said.

"At the same time, the category of malicious and risky apps will expand to include fraudulent apps, where users are socially engineered into installing apps that are not from the company from which they purport to be.

"These apps may be designed to infect mobile devices, or to simply make money by using a legitimate company's brand to trick users into fraudulent credit card purchases or to click on fraudulent ads."