2018 Cyber Security Predictions
Sherif El Nabawi
Senior Director of System Engineering, Symantec Asia Pacific
This past year, cyber criminals caused major service disruptions around the world, using their increasing technical proficiency to break through cyber defenses. In 2018, we expect the trend to become more pronounced as these attackers will use machine learning and artificial intelligence to launch even more potent attacks.
Gear up for a busy year ahead. Incidents like the WannaCry attack, which impacted more than 200,000 computers worldwide in May, are just the warmup to a new year of more virulent malware and DDoS attacks. Meanwhile, cyber criminals are poised to step up their attacks on the millions of devices now connected to the Internet of Things both in offices and homes.
The cybersecurity landscape in 2018 is sure to surprise us in ways that we never imagined. As 2017 draws to a close, here is what you can expect over the course of the upcoming year:
Blockchain Will Find Uses Outside Of Cryptocurrencies But Cyber criminals Will Focus On Coins and Exchanges
Blockchain is finally finding applications outside of crypto-currencies, expanding its functions in inter-bank settlements with the help of IoT gaining traction. However, these use cases are still in their infancy stage and are not the focus for most cyber criminals today. Instead of attacking Blockchain technology itself, cyber criminals will focus on compromising coin-exchanges and users’ coin-wallets since these are the easiest targets, and provide high returns. Victims will also be tricked into installing coin-miners on their computers and mobile devices, handing their CPU and electricity over to cyber criminals.
Cyber criminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) To Conduct Attacks
No cyber security conversation today is complete without a discussion about AI and ML. So far, these conversations have been focused on using these technologies as protection and detection mechanisms. However, this will change in the next year with AI and ML being used by cyber criminals to conduct attacks. It is the first year where we will see AI versus AI in a cybersecurity context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion.
Supply Chain Attacks Will Become Mainstream
Supply chain attacks have been a mainstay of the classical espionage and signals-intelligence operators, compromising upstream contractors/systems/companies and suppliers. They are proven to have a high-level of effectiveness, with nation-state actors using a mix of human intelligence to compromise the weakest link in the chain. These attacks are moving into the cybercriminal space, becoming mainstream. With publicly available information on suppliers, contractors, partnerships and key-people, cyber criminals can find victims in the supply chain and attack the weakest link. With a number of high profile successful attacks in 2016 and 2017, cyber criminals will focus on this method in 2018.
File-less and File-light Malware Will Explode
2016 and 2017 have seen consistent growth in the amount of file-less and file-light malware, with attackers capitalising organizations that lack in preparation against such threats. With fewer Indicators of Compromise (IoC), use of the victims’ own tools, and complex disjointed behaviours, these threats have been harder to stop, track and defend against in many scenarios. Like the early days of ransomware, where early success by a few cyber criminals triggered a gold-rush like mentality, more cyber criminals are now rushing to use these same techniques. Although file-less and file-light malware will still be outnumbered by orders-of-magnitude as traditional style malware, they will pose a significant threat and lead to an explosion in 2018.
Organisations Will Still Struggle With Security-as-a-Service (SaaS) Security
Adoption of SaaS continues to grow at an exponential rate as organizations embark on digital transformation projects to drive business agility. This rate of change and adoption presents many security challenges as access control, data control, user behaviour and data encryption vary significantly between SaaS apps. While this is not new and many of the security problems are well understood, organizations will continue to struggle with all these in 2018.
Combined with new privacy and data protections laws adopted by regulators across the world, these will pose major implications in terms of penalties, and more importantly, reputational damage.
Organisations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security – More Breaches Due to Error, Compromise & Design
IaaS has completely changed the way organisations run their operations, offering massive benefits in agility, scalability, innovation and security. It also introduces significant risks, with simple errors that can expose massive amount of data and take down the entire system. While security controls above the IaaS layer are customer’s responsibility, traditional controls do not map well – leading to confusion, errors and design issues with ineffective or inappropriate controls being applied, while new controls are ignored. This will lead to more breaches throughout 2018 as organizations struggle to shift their security programs to be IaaS effective.
Financial Trojans Will Still Account For More Losses Than Ransomware
Financial Trojans were some of the first pieces of malware to be monetised by cyber criminals. From simple beginnings as credential harvesting tools, they have since evolved to advanced attack frameworks that target multiple banks, and banking systems that send shadow transactions and hide their tracks. They have proven to be highly profitable for cyber criminals. Today the move to mobile application-based banking has curtailed some of the effectiveness, so cyber criminals are now moving their attacks to these platforms. Cyber criminals’ profits from Financial Trojans is expected to grow, giving them higher gains as compared to Ransomware attacks.
Expensive Home Devices Will Be Held To Ransom
Ransomware has become a major problem and is one of the scourges of the modern Internet, allowing cyber criminals to reap huge profits by locking up users’ files and systems. The gold-rush mentality has not only pushed more and more cyber criminals to distribute ransomware, but also contributed to the rise of Ransomware-As-A-Service and other specializations in the cyber criminal underworld. These specialists are now looking to expand their attack reach by exploiting the massive increase in expensive connected home devices. Smart TVs, smart toys and other smart appliances can run into thousands of dollars and users are generally not aware of the threats to these devices, making them an attractive target for cyber criminals.
IoT Devices Will Be Hijacked and Used in DDoS Attacks
In 2017, we have seen massive DDoS attacks using hundreds of thousands of compromised IoT devices in people’s homes and workplaces to generate traffic. This is not expected to change with cyber criminals looking to exploit the poor security settings and management of home IoT devices. Furthermore, the inputs and sensors of these devices will also be hijacked, with attackers feeding audio, visual or other faked inputs to make these devices do what they want rather than what users expect them to do.
IoT Devices Will Provide Persistent Access to Home Networks
Beyond DDoS attacks and ransomware, home IoT devices will be compromised by cyber criminals to provide persistent access to a victim’s network. Home users generally do not consider the cyber security implications of their home IoT devices, leaving default settings and not vigilantly updating them like they do with their computers. Persistent access means that no matter how many times a victim cleans their machine or protects their computer, the attacker will always have a backdoor into victims’ network and the systems that they connect to.