Kaspersky Lab has made a number of web security predictions for 2016, alerting IT security professionals to what the company’s security experts believe next year has in store. The company has listed some of the biggest security threats that are expected over the coming year.

Kaspersky Lab is one of the leading anti-virus and anti-malware software developers, and is a supplier of one of the two AV engines at the heart of WebTitan Web filtering solutions.

The Kaspersky web security predictions for 2016 include opinions gained from over 40 of the company’s leading experts around the globe. The web security predictions for 2016 can be used by IT professionals as a guide to where the next cyberattack could come from.

The Biggest Cyberattacks of 2014 and 2015

Last year saw numerous high profile attacks on some of the world’s best known brands. Around this time last year, Sony was hacked and its confidential data was posted online, causing much embarrassment and considerable financial loss. Some of the biggest names in retail in the U.S. were attacked in 2014 including Target and Home Depot.

The start of this year saw attention switch to health insurers. In February, Anthem Inc. was attacked. The records of 78.8 million insurance subscribers were stolen. News of a cyberattack at Premera BlueCross closely followed. 11 million subscriber records were compromised in that attack. Later in the year, Excellus BlueCross BlueShield discovered hackers had potentially stolen the records of approximately 10 million subscribers. Healthcare providers were also hit. UCLA Health System suffered a data breach that exposed the records of 4.5 million patients.

The U.S. Government was also targeted this year. The Office of Personnel Management was hacked and, while the perpetrators have not been identified, the attackers are believed to be government-backed hackers based in China. Over 22 million records were potentially stolen in that cyberattack. The IRS was also hacked and 300,000 individuals were affected.

37 million highly confidential records were obtained from internet dating website Ashley Maddison, and Hacking Team – a somewhat controversial provider of spyware – was also hacked. 40 GB of its data was dumped online for all to see.

Many of these attacks were highly sophisticated, but were made possible after employees fell for spear phishing emails.

Web Security Predictions for 2016

Hackers have been developing ever more sophisticated methods of breaking through security defenses to gain access to confidential data, to sabotage systems, or to hold companies and individuals to ransom by taking control of their data. Phishing and social engineering techniques are often used. While these are likely to continue, Kaspersky Lab experts believe hackers are likely to concentrate on stealthier techniques over the coming 12 months. The company’s experts believe there will be a growth in silent attacks that are difficult for security professionals to detect. The main web security predictions for 2016 are listed below:

APT Attacks to come to an end

Advanced Persistent Threats have proved popular with hackers, yet Kaspersky believe these attacks will soon come to an end. Instead, hackers are expected to conduct more drive-by attacks using stealthy memory-based malware. Memory based malware is not downloaded but resides in the memory where it cannot be easily detected. While the injection of malicious code into the RAM of a computer could only previously be used for short term infections, new techniques have been developed that are capable of surviving a reboot. These are likely to grow in popularity over the coming year.

Off-the-shelf malware use to increase

Rather than criminals paying hackers to develop new exploits, there is expected to be an increase in off-the-shelf malware attacks. Instead of developing new malware from scratch, existing malware will be used and tweaked to avoid detection. There is no need to reinvent the wheel when malware exists that can be used or rented out cheaply. The malware will just be made stealthier and more difficult to detect.

Alternative payment systems will be targeted

Financial cyberattacks will continue, and banks and financial institutions will be targeted. Expect a rise in attacks on alternative finance providers and payment systems such as AndroidPay, SamsungPay and ApplePay.

No end to extortion and mafia-style tactics

Not all hackers are motivated by money. Kaspersky has predicted a rise in the number of hacktivist attacks, which aim to shame the rich and famous. Attacks will continue to be conducted on companies that have caused offense. The attack on Ashley Madison and the 2014 hacking of Sony being good examples. Some hackers will use the threat of publishing data to extort money from victims, others will just be keen to sabotage companies. The use of ransomware is also expected to increase, with companies large and small targeted with increasing regularity.