The top security threats of 2016

You'll find everything from ransomware to Microsoft's Edge browser on McAfee's 2016 cybersecurity threat report.
Written by Charlie Osborne, Contributing Writer
It's been an interesting year in the world of cybersecurity. Ransomware is running rampant across multiple platforms, the Ashley Madison hack left heartbreak in its wake, Jeeps were hacked and taken offroad and TalkTalk is fumbling after the latest data breach allowed cyberattackers to dance away with customer data.

We're seeing a shift as threat actors turn towards digital methods to cause harm or get their point across -- but what are we likely to see next year? According to Intel's McAfee security team, things are going to get interesting.

A selection of 2016 threats to cybersecurity are below:


McAfee noted the emergence of hardware-based cyberattacks over the course of this year. While hardwarecentric cyberattacks are not a new concept, the discovery of hardware cyberattacks outside of research and academia was uncommon. In recent years, however, cyberattacks have begun to explore hardware attacks. As an example, Equation Group, discovered earlier this year, has employed USB flash drive worms to conduct surveillance on its target -- and stay installed even if a drive is formatted.

The security firm says cyberattackers are likely to keep exploring how hardware can be infiltrated, and more ongoing attacks of this nature will be uncovered as we "peel back layers of current threats."


Ransomware is turning out to be one of the most virulent and potentially heartbreaking malware infections to become a victim of. If you are unfortunate enough to accidentally download this type of malicious code -- whether through phishing attacks or illegitimate downloads and compromised websites -- the malware locks your screen, encrypts your files and attempts to exhort a fee before giving you the cryptographic key required to get your files back.

There are many strains of ransomware including CryptoWall, CryptoLocker, CoinVault and Bitcryptor. This malware is nasty enough but McAfee predicts that new families will increase in sophistication -- including stealth tactics, the silent encryption of data -- on both systems and backups -- and potentially the use of kernel components to encrypt files on the fly.


A threat prediction list would not be complete without mentioning software vulnerabilities. While Adobe Flash, Java and at one time Microsoft's Internet Explorer dominate the lists of fixes issued in vendor security patches and updates, McAfee believes new mitigation features for Flash will cool down vulnerability discoveries next year, but the transition away from Flash will be slow with so much legacy content available online and ripe for exploit.

In addition, Microsoft's new Windows 10 browser , Edge, might pick up the slack and could potentially replace IE as an attack vector for hackers. However, it is likely to be more difficult to exploit thanks to new mitigation methods and features such as Memory Garbage Collector.

Cloud services

Cloud technology has given businesses the chance to cut costs, improve efficiency and make better use of data, but this doesn't mean security is automatically improved. If a security breach occurs, cybercriminals can exploit companies and steal data valuable to competitors or for financial gain.

Next year, we are unfortunately likely to see an uptake in cloud service providers as a target for such unwanted attention.


The Western world is now moving on from smartphones and tablets to include wearables -- such as watches, fitness trackers and smart clothing -- as an accompaniment to mobile devices which now hold the keys to our digital kingdom and are often viewed as an essential part of modern life.

However, all it takes is a vulnerability or poorly-written code in a wearable to create a backdoor into our mobile devices. McAfee predicts that within the next 12 to 18 months, control apps for wearables will become compromised in a way which provides valuable data for spearphishing campaigns.

Connected cars

The Internet of Things (IoT), the concept of networked devices, now consists not only of smart lighting systems and home security cameras linked to your smartphone, but fridges which keep you informed on the state of food stored within and voice-activated television sets. Enter the connected car -- another IoT addition capable of transforming how we get from A to B forever.

Connected cars are full of impressive tech -- such as rear-facing cameras, inbuilt GPS and maps and infotainment dashboards which can use apps on your mobile device, but this does not mean security meets the same standards. The recall of Jeeps over hacking concerns should be a wake-up call to automakers which now not only must create attractive cars to remain competitive, but also protect the inbuilt computer systems of their vehicles.

The security firm believes attacks in the automotive field will increase rapidly in 2016 due to "the rapid increase in connected automobile hardware built without foundational security principles," and poorly-secured cars will likely result in lost lives.

Warehouses of stolen data

We've seen Sony, Ashley Madison, Anthem and TalkTalk hacked and their customer details stolen in recent times, to name only a few. The price of an identity might only be less than a dollar on the Dark Web, but there is always high demand for information which can lead to profit or entry into corporate networks as a "legitimate" user.

The market is glutted with so many stolen credentials that the price is down, and as hacking appears to be simple enough when it comes to some companies that teenagers have no problem taking what they will, you can no longer believe your data is ever going to be 100 percent safe.

According to McAfee, we will see a "robust" dark market for stolen data and credentials next year, with specialized marketplaces developing based on industry and sector -- giving trusted Dark Web market users the chance to buy credentials for use in their next campaign.


Hacktivism is not a new concept. Cyberattackers have been launched for political and social issues by LulzSec and hacking collective Anonymous , among others. Depending on skill level and resources, a group with a political motive can launch distributed denial-of-service (DDoS) attacks against websites to hamper legitimate traffic, insinuate themselves into corporate networks to steal data and conduct surveillance, or launch wholescale attacks which can result in widespread damage to systems.

Most of the time, hacktivist attacks are conducted with social media fanfare and a political message or threat. In 2016, the security company does not see this trend dying off -- but hacktivisim will likely become "limited in scope." As so many hacktivists are being tracked, arrested or have gone unerground for a silent spell, the rate of attacks launched against targets with political or moral significance will dwindle. However, McAfee says:

"What is likely to increase, however, are attacks that appear to be inspired by hacktivism but actually have very different, hard-to-determine motives.

The reality is that modern hacktivism is nothing more than a case of copy and paste and, as we have seen, our ability to lift the fog of obfuscation will be harder than ever before."

What do you think we're likely to see next year?

10 steps to erase your digital footprint

Read on: Top picks

Editorial standards