As the year draws to a close and a new one emerges just beyond the horizon, Perpetuity Research and Consultancy International (PRCI) has been exploring the crime and security trends to look out for in 2016. Gathered from across the web, the collection of information is intended to help risk professionals prepare for the 12 months ahead.
Ransomware is being touted by many sources to be an area likely to witness substantial growth in 2016. This type of threat typically originates from phishing e-mails containing suspicious links, which upon clicking infect your machine with malicious software that encrypts your files and then effectively ‘holds them hostage’.
At that point, hackers demand payment for your files to be decrypted, leaving your computer locked and your data permanently lost unless the ransom is paid.
McAfee Labs reports that there were more than four million samples of ransomware in the second quarter of 2015 alone, and expects this figure to rise in 2016. More alarmingly, current estimates from the Cyber Threat Alliance put the damage caused by the CryptoWall ransomware at $325 million, up by a massive 1,800% since June 2015.
On that basis, 2016 should be the year of frequent back-ups.
Also, traditional fingerprint authentication has the potential to become a thing of the past, with recent technological improvements rendering them less and less secure. Back in 2013, hacker Jan Krissler demonstrated how easy it was to use fingerprints left behind on a polished surface to unlock an iPhone, stating that we “should only consider Touch ID an increase in convenience and not security.”
However, more recently Krissler has demonstrated that it’s possible to reconstruct fingerprints by way of employing only an image. Using photos of German defence minister Ursula von der Leyen taken at a news conference, Krissler was able to recreate her thumb print from a close-up, stating: “After this episode, politicians will presumably wear gloves when talking in public.”
In the year ahead, expect a shift towards ‘living’ biometrics, such as vein recognition beneath the surface of the skin, and ‘tech’ with the ability to image the sweat pores in a person’s finger.
Privacy advocates have recently raised alarm bells with the authorities about the “increasingly invasive methods” employed by companies to collect your personal data.
New techniques have been found to use high-frequency sounds embedded in TV adverts or banner ads within your browser. While inaudible to the human ear, your other devices (such as your mobile phone or tablet) pick up these noises and impart this information back to the sender, surreptitiously linking all of your device activity together and gathering an unprecedented amount of data about your activities. For example, how long you watched a TV ad, whether you then searched for an item in the advert on your mobile phone and also whether you then perhaps purchased the item on your tablet.
Concerns have been raised that these methods are already widely used by many marketing companies (67 apps presently cover 18 million phones), are installed on devices without permission from the user and are impossible to ‘opt-out’ of at any desired point.
Experts are also concerned that this technique could be exploited by criminals to target devices with malware. Something to keep an eye out for in 2016, then.
Research project on cyber crime
Perpetuity Research is currently running a new research project which looks at the response to cyber crime.
As cyber crime is quickly growing and evolving, the threat posed to businesses is irrefutable, yet the role of private security – both corporate security and security suppliers – in tackling cyber crime remains somewhat unclear.
Through its detailed research, Perpetuity Research is seeking to identify the difficulties and, crucially, the opportunities that the cyber crime threat presents to private security, and also to better understand the relationship with the police and IT security in terms of the role they play in addressing these offences.
An online survey is now running to support the project. If you’re a physical and/or cyber/information security professional and would like to have your say, visit: https://www.surveymonkey.com/r/SRI-cyber-crime. The survey is anonymous and takes approximately ten minutes to complete. The findings will be made available to all participants in due course.
The deadline for responses is Tuesday 2 February 2016.