Chasing the ever-nimble hacker
by Joe Dysart
June 21, 2016

Homecare businesses that are still reeling from seemingly endless reports of hacker break-ins to protected company servers last year should brace for even more sophisticated capers in 2016, even as IT security departments rollout new tactics for thwarting criminals.

“We have a healthy respect for, and are cautious and aware of, the damage hackers can do to a corporation’s technology,” says Sharman G. Lawson, owner of Sharman Lawson Consulting and a consultant for the homecare industry.

Alan El Sheshai, IT consultant, Kadan Homecare, takes the same approach, “We have decided to err on the side of caution and overprotection,” when it comes to hacker threats, he says.

Security experts say the image of yesteryear’s hacker—the nerdy teen on a lark for grins and giggles—has given way to organized crime teams, determined to steal and monetize data.

“Select any economic sector at random, and the chances are high that you will find something in the media about a cyber-security incident or problem,” says Aleks Gostev, chief security expert, Kaspersky Lab, a security software maker.

Moreover, the impact of hackers’ antics has never been greater. For example, a string of suicides were attributed to the hacking of the Ashley Madison website, a meeting place for cheating spouses. The hack revealed the identities of 30 million individuals who had joined the website, according to “Hazards Ahead,” a November 2015 report released by security software maker Trend Micro.

“The evolution of breaches is beginning to take a turn toward real-world effects on enterprises’ bottom lines and people’s lives,” says Raimund Genes, CTO, Trend Micro.

High on the list of threats minority-owned businesses should watch out for in 2016 will be a spike in ransomware showing up on Apple computers, which previously had been bypassed by hackers in favor of more prevalent Windows machines, according to Kaspersky Lab.

Ransomware invades a computer by encrypting all its data files, rendering them useless until the computer owner pays a ransom. Sometimes the computer is returned to normal once the ransom is paid. Other times, hackers simply grab the ransom money and run.

“We expect ransomware to cross the Rubicon to not only target Macs, but to also charge Mac prices,” says Juan Andres Guerrero-Saade, senior security researcher, Kaspersky Lab.

Adds Stu Sjouwerman, CEO, KnowBe4, an IT security firm, “This is the next generation of ransomware—and you can expect this new version to spread like wildfire.”

Ransomware is especially dangerous, in that it can be easily delivered to a company computer when a employee clicks on a ransomware-infected link with an innocuous title such as “missed fax” or “voicemail,” according to a recent cybersecurity report released by Dell.

Also increasingly vulnerable will be point-of-sale computer systems and ATMs, according to the Trend Micro “Hazards” report. Many of these systems are still running Windows XP, an obsolete operating system that stopped receiving security updates from Microsoft more than a year ago.

More vulnerable, too, will be mobile devices, including those running the Android operating system, according to the report.

Hackers are also expected to spend more time plundering home computers, which can often serve as portals to what hackers are really looking for—easy entry into the corporate networks they are linked to, according to the “McAfee Labs Threats Predictions Report,“ released by Intel Security.

“Organizations should expect to be hit,” says Tom Kellermann, chief cybersecurity officer, Trend Micro. “Preparing to overcome this challenge will become the mantra of winter 2016.”

Equally vulnerable will be all those wondrous devices connected to the much-ballyhooed Internet of Things—including your business vehicles, according to the Intel report. Unfortunately, just like any other connected device, cars, trucks and other motorized vehicles can be hacked, as security researchers Charlie Miller and Chris Valasek—who now work for Uber—proved with chilling certainty in July 2015, when they wirelessly hacked a Jeep.

Incredibly, Miller and Valasek’s infiltration into the Jeep’s computer systems—which they hacked via the Sprint Network—gave them complete control over the vehicle’s steering, transmission, brakes and dashboard. Chrysler gulped, and within weeks rushed out a corrective software update on a USB drive to 1.4 million Jeep owners.

“Vehicles are now connected devices, confronting manufacturers and suppliers with a whole new world of security challenges,” says Hubertus von Roenne, a vice president at BT Global Services.

Expect the same kind of vulnerability for many new devices such as activity trackers, smart watches and other gadgets. Most are long on the wow factor, but short on protection from hackers, according to the Intel report.

Hackers are also expected to increasingly drill down much deeper into computers in 2016, bypassing software and operating systems, and instead infecting a machine’s BIOS or firmware—systems that, until recently, were considered impenetrable. For example, Equation Group Malware is capable of reprogramming a hard disk, even after the infected computer has had its operating system erased and its hard drive completely reformatted. Such feats, according to the Intel report, were “stunning” to uncover.

Incredibly, the coming year is also expected to give rise to the hacker-as-information-broker, with hackers aggregating data they have stolen about your business from more than one database, repackaging it and selling the resulting much more dangerous and potent invasion of your privacy at a higher price. For example, instead of simply selling your stolen credit card info, an enterprising hacker could combine that data with other information stolen from a health insurance plan, tax return and employee records.

“With agencies performing background checks, employment verifications, drug screening, reference verifications, etc., it is important for homecare facilities to protect the personal information of their senior clients that they keep on file,” says Kadan’s El Sheshai.

Adds Sharman, “The homecare industry receives very sensitive and personal information from clients. It is imperative that clients’ information is protected and remains confidential and safe.”

Intel researchers say hackers in 2016 will also be using personal data stolen from major security breaches from the past few years to steal even more data by phone or over the Internet—given that the same data is often used in challenge questions companies use to identify you. Questions such as, “What is your social security number?” or “What street did you grow up on?” will be child’s play for hackers who may already have this information from previous data breaches.

Moreover, would-be hackers without the technical wherewithal to break into your computer unfortunately have an easy alternative: There is already a thriving market for off-the-shelf hacker software, specifically designed for the nontechnical criminal—a market that is expected to grow in 2016, according to “Kaspersky Security Bulletin: Predictions 2016,” released in December 2015 by Kaspersky.

But even as increasingly sophisticated hacker break-ins appear inevitable in 2016, IT security experts do not plan on taking the onslaught lying down. Google, for example, has announced that it will issue regular security updates for its Android software, after being repeatedly stung by a series of hacks in 2015. Plus, antivirus makers such as Symantec (which has candidly admitted that antivirus software is becoming increasingly ineffective against hackers) have added behavioral analytics to their arsenal.

Essentially, behavioral analytics scout your computer for signs of unusual behavior or the installation of unknown programs and offer you quick tools and/or advice for how to neutralize the problem.

“Integrating breach detection systems with intrusion prevention systems is fundamental to decreasing the time hackers dwell on their networks,” says Trend Micro’s Kellerman.

Finally, the Cyber Threat Alliance—including Intel—has been formed to foster the sharing of information about hacker techniques and exploits between business, governments and security vendors.