Top 5 Cybersecurity Threats For 2018
Hackers are constantly finding new targets and refining the tools they use to break through cyberdefenses. The following are some significant threats to look out for.
1. Crime-As-A-Service (CaaS) Expands Tools and Service
Criminal organizations will continue their ongoing development and become increasingly more sophisticated. The complex hierarchies, partnerships and collaborations that mimic large private sector organizations will facilitate their diversification into new markets and the commoditization of their activities at a global level. Some organizations will have roots in existing criminal structures, while others will emerge focused purely on cybercrime.
Organizations will struggle to keep pace with this increased sophistication and the impact will extend worldwide, with cryptoware in particular becoming the leading malware of choice for its threat and impact value. The resulting cyber incidents in the coming year will be more persistent and damaging than organizations have experienced previously, leading to business disruption and loss of trust in existing security controls.
Over the past few years, it’s become easier to be a cybercriminal. You don’t even have to have a lot of technical knowledge — just the ability to find the right tools. The more we publicize the success of cybercrimes, the more likely criminals are to take notice. For example, the ransomware profits saturated news headlines, touting it as a $1 billion industry last year — meaning, for too many, it’s becoming too profitable to ignore. The educated cybercriminals will make their attacks more destructive and harder to prevent in order to establish dominance in a saturated criminal market.
2. Ransomware in the Cloud
The past 12 months have seen a plague of ransomware attacks, with targets including Britain’s National Health Service, San Francisco’s light-rail network, and big companies such as FedEx. Ransomware is a relatively simple form of malware that breaches defenses and locks down computer files using strong encryption. Hackers then demand money in exchange for digital keys to unlock the data. Victims will often pay, especially if the material encrypted hasn’t been backed up.
That’s made ransomware popular with criminal hackers, who often demand payment in hard-to-trace cryptocurrencies. Some particularly vicious strains, such as WannaCry, have compromised hundreds of thousands of computers (see “The WannaCry Ransomware Attack Could’ve Been a Lot Worse”). One big target in 2018 will be cloud computing businesses, which house mountains of data for companies. Some also run consumer services such as e-mail and photo libraries. The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.
“While the biggest and oldest cloud service providers such as Google, Amazon, and IBM have the resources and experience to make it difficult for attackers to succeed, the MIT Review points out the smaller cloud providers are likely to be more vulnerable and more likely to pay up if customer data were encrypted and held for ransom,” writes Warwick Ashford for Computer Weekly.
This never-ending fight for big data caches all but ensures that we will continue to see data breaches to the degree of 2017’s Equifax breach. If we look back to the end of 2014, 500 million records and 1.2 billion emails addresses and usernames had been exposed by data breaches, according to the University of Alabama Birmingham’s Collat School of Business. By July 2017, Risk Based Security reports that number being closer to 6 million records, and that’s only halfway through the year.
3. Cyber-Physical Attacks
More hacks targeting electrical grids, transportation systems, and other parts of countries’ critical infrastructure are going to take place in 2018. Some will be designed to cause immediate disruption (see “A Hack Used to Plunge Ukraine into Darkness Could Still Do Far More Damage”), while others will involve ransomware that hijacks vital systems and threatens to wreak havoc unless owners pay swiftly to regain control of them. During the year, researchers—and hackers—are likely to uncover more chinks in the defenses of older planes, trains, ships, and other modes of transport that could leave them vulnerable.
The rise of Cryptocurrencies is no more a secret to anyone. With rising turn up in Bitcoin users, the Bitcoin network and other digital currency platforms have become vulnerable to cyber threats. With money involved, attempts of hacking Bitcoin and other digital currencies are bound to be of the top level. Decrypting cryptocurrencies, however, requires some massive computing capacity to solve complex mathematical problems. For that hackers will be smartly hijacking thousands of computers.
Recent cases have ranged from the hacking of public Wi-Fi in a Starbucks in Argentina to a significant attack on computers at a Russian oil pipeline company. As currency mining grows, so will hackers’ temptation to breach many more computer networks. If they target hospital chains, airports, and other sensitive locations, the potential for collateral damage is deeply worrying.
The growth of the Internet of Things (IoT) has been phenomenal for innovation. As Ohio University’s online resources point out, the IoT alone has played a humongous part in transportation route planning, accident prevention, safety, and even the development of the autonomous car. In our homes, the rise of Alexa, Cortana, and Siri home devices have simplified ordering and ushered in a new era of voice control. Smart fridges, toasters, and homes — almost everything is “smart” and connected to the internet nowadays. The bad news is that every connection is a doorway, and that’s exactly what attackers are looking for.
In 2016, hackers used an army of connected web of devices to shut down the internet in major parts of the US, in what has now been called the Dyn DDoS Attack. Because many IoT products are manufactured with poor security, they become easy targets for deploying malicious software … and when you coordinate an attack between a million of them, the results can be catastrophic.
It’s predicted that these coordinated “botnets” will become more commonplace, especially with unsecured IoT devices. They may not all attack for DDoS purpose, and they may never make their presence known at all. Some programs exist simply to siphon CPU power for mining cryptocurrencies.
The IoT (Internet of Things) devices are more vulnerable to a hack and have a much more insecure design. However, many organisations are opting for it due to its lack of complexion. IoT devices also kill the transparency and give the organisations a chance to use the user’s data in ways unintended by the user. This is a serious issue as a security compromise in IoT devices connected with industrial control systems can lead to a harm to individuals or even loss of life as the industrial tools would go out of control.
Organizations will adopt IoT devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer many opportunities for attackers. In addition, there will be an increasing lack of transparency in the rapidly-evolving IoT ecosystem, with vague terms and conditions that allow organizations to use personal data in ways customers did not intend. It will be problematic for organizations to know what information is leaving their networks or what data is being secretly captured and transmitted by devices such as smartphones and smart TVs.
Want to Know More?
Want to know one of the best ways to protect your servers?
Download a 30 day trial of RecordTS and begin recording and protecting your servers today.