Cybercrime Monetization: How Attackers Will Make Money in 2017 and Why It’s Getting Easier

In many Asian cultures, the number eight symbolizes wealth and prosperity. For cybercriminals, 2017 promises to be a lucky year indeed. As the digital underground evolves, attackers are finding new ways to turn breaches into profit. This article explores the key trends in cybercrime monetization for 2017, from ransomware to cloud compromises, and why the barrier to entry is dropping.

The Rise of Ransomware and Social Media as Revenue Streams

Ransomware remains a dominant force in cybercrime monetization. According to RiskIQ VP EMEA Ben Harknett, modern threat actors move fast, and seconds will count more than ever. Attack campaigns now go live within hours of account creation, lasting only a short time to evade detection.

Social media platforms are also being weaponized. Phishing and malware campaigns spread rapidly through fake profiles and malicious links. This low-cost, high-reach method allows criminals to target millions without sophisticated tools.

State-Sponsored Cybercrime: A New Level of Organization

Symantec’s Chief Strategist for EMEA, Sian John, warns that rogue nation states may align with organized crime for financial gain. The SWIFT attacks serve as a stark example, where state-backed actors stole millions by exploiting financial systems. This collaboration could lead to downtime for political, military, or financial infrastructures.

Therefore, cybercrime monetization is no longer just the domain of lone hackers. State funding brings resources and sophistication, making attacks harder to stop.

Cloud Infrastructure: The Next Big Target

Anomali senior threat researcher Aaron Shelmire predicts that cloud services will be a primary target in 2017. Security conferences have highlighted cloud-based persistence and compromise methods. Shelmire expects leading security organizations to detect malicious actors breaching cloud management infrastructure.

Malware designed to capture cloud credentials is on the rise. Once inside, attackers establish persistence through cloud management profiles, complicating intrusion timelines. This shift means cybercrime monetization will increasingly rely on cloud vulnerabilities.

Low-Sophistication Attacks Still Pay Off

Not all attacks require advanced skills. Mike Scutt, analytic response manager at Rapid7, predicts a surge in script-based malware and the use of native OS tools for execution, persistence, and reconnaissance. The dark web provides ready-made tools, lowering the entry barrier.

As a result, even less skilled criminals can profit. The websites hosting malware and phishing lures may last only hours, but the malware persists. Improved detection and response will help, but attackers adapt quickly.

How Businesses Can Defend Against Cybercrime Monetization

To counter these threats, organizations should invest in real-time monitoring and employee training. Phishing simulations and cloud security audits are essential. Additionally, adopting a zero-trust architecture can limit the damage from credential theft.

Building on this, companies must prioritize patch management and endpoint detection. As cybercrime monetization evolves, proactive defense is the best offense.

For more insights, read about ransomware prevention strategies and cloud security best practices. Also, check our guide on social engineering awareness.

In conclusion, 2017 marks a turning point in cybercrime monetization. Attackers are more organized, better funded, and leveraging low-sophistication methods with high success. Staying informed and vigilant is key to protecting assets.

AI and Machine Learning: Why These Trends Will Dominate 2017

As 2016 draws to a close, the cybersecurity industry is buzzing with predictions about what the new year will bring. Among the most prominent forecasts is the continued rise of AI and machine learning trends, which have captured significant attention over the past two years. Experts agree that these technologies will not only persist but evolve, demanding sophisticated Big Data capabilities and reshaping how organizations defend against cyber threats.

The Growing Role of AI and Machine Learning in Cybersecurity

According to Sian John, Chief Strategist of EMEA at Symantec, the expansion of AI and machine learning will unlock powerful insights for businesses. She emphasizes that this growth will foster increased collaboration between humans and machines. From a security standpoint, this means impacts on endpoints and cloud mechanisms. Enterprises will need to invest in solutions capable of collecting and analyzing data from countless endpoints and attack sensors across diverse organizations and geographies.

Similarly, Staffan Truve, CTO of Recorded Future, argues that the scale and complexity of cyber threats are pushing human analysts to their limits. He predicts that the next generation of cyber threats will require a combined effort from AI-equipped machines and human experts. Truve draws a parallel to weather forecasting, where improved sensors and advanced algorithms have enhanced prediction accuracy. In cybersecurity, web intelligence offers new sensing capabilities that, combined with novel algorithms, can predict future threats.

Machine Learning: Hype vs. Reality

However, not everyone is convinced that the buzz around AI and machine learning trends translates into genuine innovation. Adrian Sanabria, senior analyst at 451 Research, warns that these terms have become buzzwords, pressuring companies to claim they are leveraging them—whether they need to or not. He points out that many security and IT vendors have used machine learning algorithms for years, with Amazon employing the technology for book recommendations in the late 1990s.

Sanabria highlights both positive and negative aspects. On the upside, machine learning helps defenders gain an edge in preventing malware infections. On the downside, it may not be as effective in addressing the information overload that plagues defenders. The quality of input data is crucial, and much of the data fed into security analytics engines—such as threat intelligence, vulnerability scans, and logs—is often low quality, raw, or unfiltered. As the old adage goes, “garbage in, garbage out.”

How AI and Machine Learning Trends Will Shape the Battlefield

On the defensive side, the McAfee Labs 2017 Threats Predictions Report from Intel Security suggests that AI and machine learning will be instrumental in teaching machines to operate on the front lines of a global battle. Eric Peterson, director of threat research at Intel Security, notes that when expertly applied, machine learning can solve complex business problems. Regression algorithms predict values, clustering algorithms reveal data structures, and anomaly detection identifies abnormal data points.

Peterson describes machine learning tools as “force multipliers” for security professionals. He warns against assuming that cybercriminals are not also adopting these powerful tools. This arms race means that organizations must stay ahead by embracing AI and machine learning trends proactively.

The Human Element: Collaboration Over Replacement

Despite the emphasis on automation, experts stress that AI and machine learning are not about replacing humans. Instead, they augment human capabilities. For instance, at Microsoft’s Future Decoded conference, the Cortana digital agent demonstrated how AI can assist in online helpdesk tasks—a far cry from the high-stakes environment of a security operations center. Nevertheless, the trend toward human-machine collaboration is undeniable.

As we move into 2017, the conversation around AI and machine learning will intensify. However, the actual impact on businesses and legacy IT systems may be slower to materialize. Organizations must navigate the hype, invest wisely, and focus on quality data to truly benefit from these transformative technologies.

For more insights on cybersecurity trends, check out our guide to cybersecurity predictions for 2017 and learn about ransomware protection tips to stay safe.

More IoT Attacks on the Horizon, But Are New Defense Frameworks Finally Emerging?

The cybersecurity landscape is bracing for another wave of IoT attacks as smart devices proliferate across homes and industries. With each passing year, the Internet of Things expands, but so do the vulnerabilities that come with it. Experts now warn that without robust defense frameworks, the coming months could see unprecedented digital chaos.

As we move deeper into 2025, the question is no longer if attacks will happen, but how prepared organizations are to counter them. From ransomware to botnets, the threats are evolving fast. However, there is a silver lining: regulators and security firms are finally pushing for structured, enforceable solutions.

Why IoT Attacks Are Becoming More Frequent

The sheer number of connected devices is staggering. From smart thermostats to industrial sensors, every new gadget adds a potential entry point for cybercriminals. Unfortunately, many of these devices lack basic security features. A recent survey found that over 40% of smart home users never update their devices, citing lack of time or knowledge as the main reasons.

This creates a fertile ground for IoT attacks. Botnets like Mirai have already demonstrated how easily unpatched devices can be weaponized. Experts at Bitdefender predict that personal IoT devices will increasingly cross security boundaries in workplaces, compounding the risks for enterprises.

Moreover, the market for legacy devices—those that remain unpatched forever—continues to grow. This opens the door to crossover threats, where a compromised smart TV could serve as a gateway to a corporate network. In short, the Internet of Things is slowly becoming the Internet of Threats.

Emerging Defense Frameworks: A Shift in Strategy

On a positive note, 2025 may mark a turning point in how we approach IoT security. Industry leaders are now calling for new defense frameworks that go beyond traditional patch management. For instance, Ivanti (formerly LANDESK) has emphasized the need to reevaluate core protocols like DNS to build more resilient networks.

Rob Juncker, a senior engineering executive at Ivanti, has argued that the DYN attack was merely a precursor to something larger. He believes that 2025 will see the development of structured steps to harden defenses against IoT attacks. This includes rethinking how data travels across the internet and creating backup pathways to prevent widespread outages.

Similarly, Quentyn Taylor, a director at Canon, has predicted that the conceptual foundations for IoT legislation will be laid this year, with formal rules expected by 2027. He stresses that security must become a fundamental part of product design, not an afterthought. Without legislation, consumers will continue to prioritize convenience over safety.

The Role of Legislation in Curbing IoT Attacks

Legislation could be the catalyst that forces manufacturers to take IoT security seriously. As Taylor points out, no consumer has ever bought a product based on its security features. Therefore, governments must step in to protect users. This means setting minimum security standards, requiring regular updates, and holding companies accountable for vulnerabilities.

Some regions are already moving in this direction. The European Union’s Cyber Resilience Act, for example, aims to impose stricter requirements on connected devices. If similar frameworks emerge globally, they could significantly reduce the attack surface for cybercriminals.

However, legislation alone is not enough. Organizations must also adopt proactive defense frameworks, such as zero-trust architectures and continuous monitoring. Building on this, security teams should prioritize employee training to prevent risky behaviors like connecting unsecured devices to corporate networks.

What to Expect in 2025: More Than Just IoT Attacks

While IoT attacks dominate headlines, they are not the only threat on the horizon. Ransomware remains a persistent danger, with attackers increasingly targeting critical infrastructure. Social media platforms are also becoming vectors for phishing and disinformation campaigns. Meanwhile, artificial intelligence is being used both to defend and to attack, creating a new arms race in cyberspace.

Despite these challenges, there is reason for cautious optimism. The cybersecurity industry is more aware than ever of the need for collaboration. Governments, private companies, and security researchers are sharing threat intelligence more effectively. This collective effort could lead to more resilient defense frameworks that adapt to emerging threats.

As we navigate the rest of 2025, one thing is clear: the battle against cybercrime will require constant vigilance. But with the right strategies and regulations, we can turn the tide against IoT attacks and build a safer digital future.

For more insights on cybersecurity trends, check out our guide on cybersecurity best practices and explore how to secure your IoT devices at home and work.