Threat Predictions for 2018
As we step into the new year, 2018 and embrace the fast changing digital world, on the behind we leave a trail of 2017 marred with cyber-attacks which have been more sophisticated and lethal in a way that sabotaged many industries to individuals with huge financial loses as well as personal data loss. This raises the bar towards stronger cyber security and defence against the growing menace of cyber-attacks, which needs round the clock vigil and vigor to protect the industries and individuals for protecting the valuable data and business continuity.
The trends also showed that AI and machine learning becoming the de facto norms of adoption for future growth of businesses and industries. Cyber security solutions also now adopted it to be prepared for any untoward incidents arising out of the weakest link of cyber security that is human error.
eScan security research team has identified some of the key trends that will emerge stronger as well as the most targeted segments for security breaches. Some of them are as below:
1. Crypto currency: 2017, saw the emergence of crypto-currency as the volatile commodity, moreover, the volatility hasn't subdued the interests of the investors. The latter half of 2017 saw Ransomware attacks with Wannacry in the forefront and their dependence on Bitcoin. Cyber criminals will continue to demand ransoms in crypto currency because of the unregulated anonymous currency market.
2018 would be the year of crypto currencies, with numerous players vying for the stability of their currency and the latter half of 2018 may lead to market consolidation, with the emergence of top crypto currencies. Due to the spiraling price of the Bitcoin, in 2018, criminals would shift their focus to other crypto-currencies and this would be the game changer in the popularity of the crypto-currencies.
The hard forks of the Bitcoin resulted in the creation of Bitcoin Gold and Bitcoin Cash furthermore there are plans to introduce Bitcoin Silver, Bitcoin Platinum which would fuel the growth of Bitcoin. With so many forks, the investors would have to exercise caution as the very likelihood of fake crypto-currencies, scams and Ponzi schemes may surface in 2018.
2. Ransomware: Ransomware will continue to be a major threat in the year 2018. It is one of the easiest ways for a cyber-criminal to extract money from the victim. In 2017, we witnessed Wannacry and its usage of publicly available exploits viz. Eternal Blue for lateral movement within the network, 2018 would highlight the importance of patch-updates as a sure-way to mitigate lateral movement by Ransomware. Furthermore, Ransomware creator may shift their loyalties from Bitcoin to other crypto-currencies, since the payment of the ransom has to be viable for the victims and the surging price of the bitcoin would be the contributing factor.
2018, would also witness the custom pricing of the ransom based on the country and the capability of the targeted organization to pay up the ransom. Traditionally, spear-phishing was limited to Information Warfare; however, we may find organizations being actively targeted with specifically tailored Ransomware so as to increase the ROI for these criminals.
3. Improved Security of IoT Devices: Since the demand for smart devices and other Internet of Things (IoT) devices are increasing every day, the need for advanced security for these devices has also increased. According to recent statistics, there will be almost 30 billion connected things in major industries and IoT will touch every role across the corporates. Simultaneously, the attacks against these devices will also rise.
Besides, in 2017 IoT devices have been targeted by various botnets including the infamous Mirai botnet, which leveraged the vulnerabilities to further attack the critical infrastructure. 2018 would be a mixed bag and witness the emergence of implementation of security guidelines for the development of IoT devices amongst the vendors. Furthermore, 2018 would also be the year of IoT Botnet attacks.
4. Increase in mobile hacking: 2017 was the year which saw the emergence of DDoS malware affecting Android Devices, also witnessed the takedown of WireX Botnet which had created havoc. Information-stealing Mobile Malware cannot be attributed to cyber criminals alone, device manufactures have come under fire for violating the privacy of its users and as a precautionary measure Indian Govt. had issued a diktat against a majority of device manufacturers, furthermore black-listed more than 40 apps developed by Chinese organizations.
Device manufacturers and App developers would find 2018 to be very lucrative but would also come under the radar of privacy activists and government for flouting the norms laid down for protection of their citizens' data. With the enforcement of GDPR just a few months away, the latter half of 2018 would witness a slew of privacy breaches by mobile app developers.
Furthermore, in 2017 users were bombarded with fake apps and vulnerabilities discovered in Android and iOS have forced companies like Google and Apple to innovate with their individual app stores and increase vigilance of the apps. 2018 would be no better and we may observe an increase in incidents involving compromised devices. Although, a few of these incidents might be attributed to Jail-Breaks / Rooting using automation, but the primary focus of the malware authors would be on fake apps.
5. Cyber espionage between countries: Global Intelligence systems within many countries today have advanced to an extent that they can effortlessly extract data from across the world to frame strategies. The nation states have seen a new realm of spying in the form of cyber espionage. This new form will affect the economic and political relationships between nation states as well as change modern warfare scenario.
Lastly, we can conclude that our users, readers and administrators should be on their toes to escape the deadly fangs of the cyber crooks. Implementation of multi-factor authentication after understanding the exact requirement thoroughly will help the organization in minimizing the chances of any kind of cyber-attacks. Use eScan and stay safe!