CRIME BYTES: New Year, new tech – the upcoming crime and security risks for 2016
As the year draws to a close and a new one emerges just beyond the horizon, this month’s crime byte will be exploring the crime and security trends to look out for in 2016. Gathered from across the web, the collection below intends to help you prepare for the year ahead!
- Ransomware – Ransomware is being touted by many sources to be an area likely to grow substantially in 2016. This type of threat typically originates from phishing emails with suspicious links, which upon clicking infect your machine with malicious software that encrypts your files and holds them hostage. Hackers then demand payment for your files to be decrypted, leaving your computer locked and your data permanently lost unless the ransom is paid. McAfee Labs report that there were more than 4 million samples of ransomware in the second quarter of 2015, and expects this to rise in 2016. More alarmingly, current estimates from the Cyber Threat Alliance put the damage caused by CryptoWall ransomware at $325 million, up 1800% since June 2015. We therefore recommend that 2016 should be the year of frequent back ups!
- Fingerprint forgery – Traditional fingerprint authentication has the potential to become a thing of the past, with recent technological improvements rendering them less and less secure. Back in 2013, hacker Jan Krissler demonstrated how easy it was to use fingerprints left behind on a polished surface to unlock an iPhone, stating that we “should only consider Touch ID an increase in convenience and not security.” However, more recently Krissler has demonstrated that it is possible to reconstruct fingerprints using only a photograph. Using photos of German Defence Minister Ursula von der Leyen at a news conference, Krissler was able to recreate her thumb print from a close-up, stating, “After this talk, politicians will presumably wear gloves when talking in public.” In the following year, expect a shift towards ‘living’ biometrics, such as vein recognition beneath the surface of the skin, and tech with the ability to image the sweat pores in a person’s finger!
- Cross-device tracking – Privacy advocates have recently raised alarm bells to the authorities about the increasingly invasive methods employed by companies to collect your personal data. New techniques have been found to use high-frequency sounds embedded in TV adverts or banner ads within your browser. Whilst inaudible to the human ear, your other devices (such as your mobile phone or tablet) pick up these noises and impart this information back to the sender, surreptitiously linking all of your device activity together and gathering an unprecedented amount of data about your activities. For example, how long you watched a TV ad for, whether you then searched for an item in the advert on your mobile phone, and whether you then perhaps purchased the item on your tablet. Concerns have been raised that these methods are already widely used by many marketing companies (67 apps, covering 18 million phones), are installed on devices without permission from the user, and are impossible to ‘opt-out’ of. Experts are also concerned that this technique could be exploited in the future by criminals to target devices with malware – something to keep an eye out for in 2016.
Perpetuity Research is currently running a research project which looks at the response to cyber crime. As cyber crime is quickly growing and evolving, the threat posed to businesses is irrefutable. Yet the role of private security (both corporate security and security suppliers) in tackling cyber crime remains unclear. Through our research, we are seeking to identify the difficulties, and crucially the opportunities that the cyber crime threat presents to private security, and to better understand the relationship with the police and also IT security in terms of the role they play addressing these offences.
We are currently running an online survey on the project. If you are a physical and/or cyber/information security professional and would like to have your say visit: https://www.surveymonkey.com/r/SRI-cyber-crime. The survey is anonymous, takes approx 10 minutes to complete and the findings will be made available to participants. The deadline for responses is the 2nd February 2016.