Malwarebytes Reveals 2018 Security Predictions
Cyber threats will increase from hyped hacker fame and profit, PowerShell based attacks, growing worm functionality and IoT vertical growth
Singapore. – Dec.05, 2017 – Malwarebytes, the leading advanced malware prevention and remediation solution, today announced its 2018 cybersecurity predictions. The company predicts top threats in 2018 will include a rise in browser-based cryptomining, PowerShell-based attacks, hackers using security software as a back door, adaptive worm functionality and the growing connectivity in all industries, with both the education and healthcare sectors increasingly targeted.
The year 2017 was brutal, with global ransomware attacks, including Wannacry, Petya and NotPetya increasing, and unprecedented data breaches such as Equifax and the loss of 198 million voter records.
“Our Labs’ findings show no signs of a slow down in 2018,” said Jeff Hurmuses, Managing Director and Area Vice President, APAC, Malwarebytes. “Hacker tools and techniques are increasing in sophistication and accessibility. We are seeing a new army of cybercriminals coalesce, lured by inexpensive tools and the promise of an easy profit—often publicized and glorified in the media. The forthcoming attacks will require more cybersecurity training, increased education and awareness and a multi-layered approach to business and personal security.”
With the new year around the corner, security researchers at Malwarebytes Labs have compiled a list of predictions likely to impact businesses and consumers in 2018.
- The Cryptomining “gold rush” will be the top priority for cybercriminals. Cryptomining activity has been exploding toward the end of 2017. In one day alone this year, Malwarebytes blocked 11 million connections to coin mining sites. In the Asia Pacific, emerging markets such as the Philippines, Thailand and Indonesia are seen as the top targets for cryptomining events,according to Malwarebytes’ telemetry from October this year. While none of the APAC countries topped the list of drive-by mining activity globally, we suspect that we will see far more activity in in the region come 2018, particularly as the value of cryptocurrency escalates. What makes this kind of activity interesting is how it has created a blurry line between the everyday Internet user and the cybercriminal. An individual mining cryptocurrency could very well be mining for their own wallet, based on visitors to their own web properties. There is also a very likely chance within those circumstances that disclosed cryptomining activity could replace advertising on sites to become an entirely new revenue stream. However, the largest portion of cryptomining is likely to occur from legitimate websites compromised to mine currency for the criminal wallet. Regardless, cryptomining will be one of the cybercrime activities to watch in 2018.
2. We will see an increase in PowerShell-based attacks. Earlier this year, entities of the Saudi Arabian government were compromised using a macro in Word to infect the target’s computer with an information-stealing Trojan . Rather than retrieving a binary payload, the attack relied on malicious scripts to maintain persistence on the device and to communicate with compromised websites acting as proxies for the command and control server. These malicious script-based attacks, specifically PowerShell-based attacks, are incredibly difficult to identify. They can easily evade antivirus engines, making it that much more appealing to cybercriminals. We predict many more PowerShell attacks in the year to come.
- Educational institutions will be a prime target. Despite increasing sophistication, cybercriminals will continue to target the easiest endpoints to penetrate. Educational institutions are often an under-protected patchwork of systems, lacking the resources to defend themselves. There is a loose network of seemingly unlimited endpoints containing a massive amount of proprietary data on students, faculty and parents. Furthermore, educational instititutions serve as a great platform for hackers to access government and research data, similar to how cybercriminals recently used advanced persistent threats (APT) to attack the systems of National University of Singapore (NUS) and Nanyang Technological University (NTU) earlier this year. As we have witnessed, the data thefts of the last year often target the richest data available. Education systems seem like the next most likely target for cyberattacks. This is partially due to their richness and piecemeal security.
- The cybercriminal underground will continue to evolve and grow. While it may seem like we are already overwhelmed by the amount of cyberattacks occurring daily, this will not slow down in 2018. In fact, with a recent increase in cybercriminal tools and a lower threshold of knowledge required to carry out attacks, the pool of cybercriminals will only increase. This growth is a likely response to news media and pop culture publicizing the profitability and success that cybercrime has become. Ransomware alone was a $1 billion industry last year. Joining the world of cybercrime is no longer taboo, as the stigma of these activities diminishes in parts of the world. To many, it’s simply a “good” business decision. At the same time, those already established as “top-players” in cybercrime will increase their aggressive defense of their criminal territories, areas of operations and revenue streams. We may actually begin to see multinational cybercrime businesses undertake merger and acquisition strategies and real-world violence to further secure and grow their revenue pipeline.
- Security software will have a target on its back. In 2018, cybercriminals will target and exploit more security software. By targeting trusted programs and the software and hardware supply chain, attackers can control devices and wholeheartedly manipulate users. Hackers will leverage and exploit security products, either directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic to achieve their means. As these events become more publicly known, the public and business perception of security software, particularly that of antivirus solutions (AV), will further deteriorate.
- More cyber criminals will use worms to launch malware. In 2017, we saw Wannacry and Trickbot use worm functionality to spread malware. More malware families will use this technique in 2018 because network compromise from worms spread faster than many other methods. If hackers can figure out how to use worms without being too noisy (a traditional downfall of this approach), this tactic can amass a large number of victims very quickly.
- IoT will fuel additional data security and patient concerns in 2018. With the ability for medical devices to connect directly to the Web, the growing Internet of Things (IoT) model offers many benefits. Greater connectivity means better data and analytics and patient care, but it also opens the door for data loss of personal health information (PHI) and unauthorized access to devices. The healthcare industry will need to closely examine a new era of connectivity and patient security. Similar to the electronic health record (EHR) conversion, security protocols will need to change and evolve to meet the growing threat. Devices should have strict authentication, limited access and heavily scrutinized device-to-device communications. Encryption will be a crucial element of securing these devices, a responsibility that if not adopted by device providers and manufacturers, is likely to be driven by third-party security providers.
- Cybersecurity posture in ASEAN to improve. The ASEAN region will likely see a more concerted effort by local governments to shore up cyber security capabilities for both the public and private sectors. With Singapore having recently announced plans to table a new Cybersecurity bill, other regional nations are likely to follow suit. Malaysia has also recently announced plans to augment its cybersecurity talent pool, whilst Indonesia launched a national cyber agency recently. We anticipate that by the end of 2018, overall levels of cybersecurity in the region will improve via government led collaboration in the region.
- Mobile malware on the rise in the Asia Pacific. With the rising mobile penetration rates and weak cyber regulations in developing markets in the region, smartphones are becoming a more attractive channel for hackers as opposed to PCs. Countries such as the Philippines, Malaysia and Indonesia are already seeing wide spread usage of mobile banking and social media via smartphones. However, the lack of regulation results in third-party app stores selling malicious apps, and pirated software left unpatched due to lack of official support in the region. Outdated prevention security, use of pirated software, lack of remediation or response and poor cyber hygiene will continue to contribute to increasing levels of mobile malware in the region.