Fifty percent of education respondents are extremely or very well prepared to protect themselves against malware and bots, including worms, viruses and span. Forty-three percent are prepared to fight distributed denial of service (DDoS), 37 percent are prepared to fight web application attacks, 28 percent are prepared to fight social engineering attacks such as phishing, 20 percent are prepared to combat ransomware, and 28 percent are equipped to fight advanced persistent threats.
The education industry faced more challenges this year because vendors on the Darknet began offering school hacking services, according to the report. In 2016, 444 school networks in Japan went offline as a result of a massive cyber-attack. Hacking services found on the Darknet make it increasingly easy for non-hackers to carry out an attack or cause damage to a school’s resources.
In addition, a potential attacker can rent a botnet or a stresser service for as little as $20 in Bitcoin and launch the attack themselves. In most cases, the report notes, it’s either a student looking to delay a test or manipulate the registration process or a personal attack against the school by a student or staff member.
Key predictions from the report include:
- With the code for the Mirai IoT Botnet now available to the public, novice and sophisticated hackers are already adjusting and “improving” the code’s capabilities based on their needs. In 2017, exponentially more devices are expected to become targeted and enslaved into IoT botnets. IoT device manufacturers will have to face the issue of securing their devices before they are brought to market, as botnet attacks from these devices can generate large-scale attacks that easily exceed 1 Tbps.
- Cyber ransom is the fastest-growing motive and technique in cyber-attacks, as most phishing attempts now deliver ransomware. Today, threat actors focus their ransom attacks to target phones, laptops, company computers, and other devices that are a daily necessity. In the future, they may target lifesaving healthcare devices like defibrillators.
- Rise of Permanent Denial of Service (PDoS) for Data Center and IoT Operations: Also known loosely as “phlashing” in some circles, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of the hardware itself. While these attacks have been around for a long time, they only appear sporadically. However, they can do a tremendous amount of damage. Radware predicts that more threat actors will target the destruction of devices via PDoS attacks in the coming year.
- Telephony DoS (TDoS) is expected to rise in sophistication and importance, catching many by surprise. Cutting off communications during crisis periods could impede first responders’ situational awareness, exacerbate suffering and pain, and potentially increase loss of life.
- Public transportation held hostage. From trains and planes to buses and automobiles, entire systems of transportation are becoming self-guided. This automation is meant to provide increased safety, improved reliability, and higher efficiencies. Most of this critical infrastructure may be vulnerable to threat actors looking to hijack public transportation or lock the system down with ransomware.
“Threat actors have a single focus, to develop the best tools possible to either disable an organization or steal its data,” said Carl Herberger, Vice President of Security Solutions at Radware. “Businesses focus on delivering the highest value to their customers. In order to deliver that value, security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organizations will remain vulnerable.”