Hackers used to be the nerd equivalent of charming rogues—math whizzes wielding simple algorithms to wreak havoc primarily for the bragging rights.
But today, hacking is big business. Networks of hackers with greedy or geopolitical intentions use the most advanced technology to steal or extort huge sums of money and bring down businesses.
“The people building today’s hacking tools have PhD’s in math and physics,” said Larry Ponemon, founder and chairman of the Ponemon Institute, a data security research think tank. “They take their jobs very, very seriously.”
Whereas yesterday’s hackers would randomly guess passwords and spend days crafting code to get into a system, modern cyber criminals are using advanced techniques and “hacker kits,” as Ponemon called them, to crack systems and do their dirty deeds.
“These kits are expensive—tens of thousands of dollars at a minimum,” Ponemon said. “But, the ill-gotten gains can be great.”
This new weaponry does not bode well for commercial enterprises at risk from these and other emerging hacking schemes. We asked Ponemon and Eva Velasquez, president and CEO of the Identity Theft Resource Center, to posit five cyber threats on the horizon in 2016.
1: Really, Really Phishy
Phishing scams—hackers masquerading as a trustworthy entity to persuade someone to click on a link that contains imbedded malware—are the scourge of IT securityspecialists. Prepare for worse ahead: Tomorrow’s phishing attempts will be so sophisticated and realistic that Sherlock Holmes wouldn’t detect a whiff of deceit.
“You may get an email that unquestionably came from HR, as it will open with a few sentences that are personal,” Ponemon explained. Stuff like, `Hey Bob, how’s the new Hyundai driving?’ Bob is then asked to click on a link to fill out a simple form. He does as directed, and the hacker is now in the system.
2: The Internet Of (Risky) Things
We love the Internet of Things—the idea of having our cars, appliances and home security systems linked to our mobile devices. The problem, Velasquez said, “is that these connected systems create new entry points for hackers to penetrate.”
We’ve seen this before with networked printers providing hackers an access route to computers on the company network. And, more recently, in a high-tech Jeep Cherokee whose wireless communications system was hacked, giving the intruder a way into a mobile device. “Hackers sit around all day looking for weaknesses,” said Velasquez. “Nothing’s impenetrable.”
Not even the IoT-enabled washing machine.
3: The Imitation Game
IT security specialists truly hate it when hackers take a tool they’re using to protect data and turn it against them. This will soon be the case with personal authentication security measures. “Biometrics like thumbprints on our smartphones and voice recognition to start our cars are really cool, but hackers are already figuring out how to duplicate them,” Velasquez said.
The more digital tools we rely on, the more vulnerability points we potentially create. “We want to create simple, convenient ways to use mobile technology, such as voice recognition for people with disabilities or seniors with hand tremors,” Velasquez said. “But, without the development and adherence to multi-authentication procedures, the risks of a hacking will rise.”
4: Devious Decryptions
Encryption of sensitive, proprietary and personal information is supposed to a surefire way to keep it safe even if the data is hacked. But is it? “In the past, hackers would use a technique called `brute force,’ trying every possible decryption key to get at the meaning of encrypted data,” Ponemon said. “Now they are becoming more elegant, easily hacking into the `cleartext.’”
He’s referring to the messages or data that are stored in a network without cryptographic protection, i.e., the stuff that’s not meant to be encrypted. That data can be valuable, according to Ponemon. “Even though hackers don’t have the full encryption key, they can get enough information from the cleartext to figure out places to attack,” he explained.
5: Location Unintelligence
IT security specialists prize their ability to know where an email is coming from. Originating locations like China or Russia send up red flags. “If an email looks like it’s coming from a region known for hacking U.S. companies, and you’re not doing any business in the region, you can assume it’s probably a spear-phishing scam,” Ponemon said.
Aware of this geographic recognition capability, hackers are developing tools to produce fake originating locations. “Security may think the email is coming from Kansas, but in reality, it is coming from somewhere else,” Ponemon said. That somewhere else is not a good place.
Businesses can expect these five threats to either proliferate in future or evolve as hackers develop iterations on these themes. Forewarned is forearmed. But, as Velasquez conceded, “We will never be 100 percent protected from cyber crimes. There is no such thing as an impenetrable fortress.”
This article was originally published by Forbes.com.