As the year winds down it is time to have a look at the past and make some predictions for the future. This year saw some large breaches disclosed. Not necessarily perpetrated this year, but made public this year. We saw IoT devices used in large DDOS attacks as well as some changes in phishing practices, designed for mobile devices and the quick reader.

If anything this year showed us that large organisations get their security wrong, as do smaller ones, as do governments. Still plenty of work to do for us all. I think the one surprise to many was the effectiveness of IoT devices as an attack tool. Hopefully the phrase nobody would ever try and use our device to do that will not come up in new product briefings when deciding to leave default passwords or use a 10+ old network stack. In the mean time security researchers are loving the ability to expense all kinds of network connected devices.

So, what will 2017 bring us? More IoT, thats for sure. Based on the changes in some phishing techniques, those may become a little bit more effective (more on that in a later diary). However what else are people seeing in the future of IT security in 2017. Let us know your predictions.

Enjoy the holiday period and a safe 2017.

Cheers

Mark H

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

I am looking for some phishing emails that are using as part of their URL something-my.sharepoint.com/personal/something

If have received one of these please send it through to markh.isc at gmail.com or upload it using the contact form.

Regards

Mark H

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status