If you thought 2017 was a rough year in terms of cybersecurity breaches, fasten your seatbelts and braces yourselves for a worse fate in 2018. After Force points predictions, now Symantec has also revealed their predictions and 2018 is going to be murky if the necessary measures will not evolve. Ransomware incidents and other breaches that were experienced this year are just a warm-up of what it’s to come. From the trends, each year poses more virulent malware, sophisticated data breaches and cyber criminals are also stepping up and improving their game. We are listing 7 predictions for 2018 below.
Meanwhile, the technical proficiency to combat the cyber criminal’s activities are not efficient as expected. This mainly because of new tools from intelligent services that leaked into the internet. With these complex tools, security experts are yet to make a step on what to do next.
Winter is expected to come in the cybersecurity realm in 2018, the landscape is not expected to change much in 2018, but with new regulations and measures being developed, we should not be surprised if anything happens next year. Here’s is the Symantec’s reports of what cybersecurity will be in 2018.
Blockchain Will Find Uses Outside of Cryptocurrencies, but Cybercriminals Will Focus on Coins and Exchanges
Like Forcepoint had predicted, cybercriminals will not attack the blockchain technology but will focus more on the coin exchange services. They have already done it this month, and they stole millions worth of bitcoins from a mining service. Since the blockchain technology is impossible to compromise, in 2018, its extended services will be prone to attack. The focus will also shift to coin wallets since they have high returns. Also, much like botnets, attackers will lure victims and trick them to install mining services unto their machines. By this, the attackers will be using victims computing power. However, good things are also prone to happen, blockchain will be used in other applications, and this will improve their security too.
Cybercriminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) To Conduct Attacks
With the advancement of machines and artificial intelligence, cybercriminals are expected to tap more into it. That’s, cybercriminals are now getting smarter and will let machines do most of the work for them, especially the labour-intensive work which requires a lot of computing power. This will also make it harder for the cybercriminals to get caught. Since most of the countermeasures are AI based, it’s going to be an AI vs AI cyber battle.
Supply Chain Attacks Will Become Mainstream
Attackers usually attack end targets as they are easier to deliver the payload in the required place. With what happened in 2016 and 2017, end targets/ users are now/ have been trained and hence using them is going to be hard. Attackers are now likely to shift to the supply chain. That’s, if the end target is impenetrable, attackers will look for the weakest link in the supply chain and deliver an even more deadly payload. This method has proven to be highly effective by nation-state actors by a mix of human intelligence to perform a classical espionage.
File-less and File-light Malware Will Explode
This is something that attackers realized works perfectly in 2017; this is because few organization are prepared for such attacks, and also there are few indicators of compromises associated with such attacks. With the use of victim’s own tools, file less malware is harder to defend, track and even stop. If this new trend will be evolved and made to be strong as traditional style malware, file less malware will become a menace in 2018.
Organizations Will Still Struggle with Security-as-a-Service (SaaS) Security and Infrastructure-as-a-service (IaaS)
Organizations have started transforming most of their process to the digital world. And as at the moment, a big percentage of major organizations, companies and industries have gone fully digital. As much as there are many accrued benefits, this shift to digital has made the organizations to struggle with security as a service. And since there are new cyber threats every day, its expected that the organizations will struggle even more in 2018. This is because of challenges that come with SaaS such as data control, access control, user behaviour and even data encryption. In IaaS, most security services are a responsibility for the end user. With ineffective controls and measures, its expected that the IaaS will be compromised and more breaches will occur.
Financial Trojans Will Still Account for More Losses Than Ransomware
Since ransomware is not paying much as cybercriminals anticipated, their attention will shift to financial trojans again, but this time, they will do it better. With advanced frameworks for multiple banks, attackers will use shadow transactions to cover their tracks. With mobile-banking – application based banking – cybercriminals are making them their targets as seen recently. It’s expected that financial trojans will be more profitable than ransomware and hence the motivation in 2018.
Expensive Home Devices Will Be Held to Ransom and IoT devices used for attacks
With the invention of ransomware as a service in the cybercriminal world, newbies are now learning on how to launch sophisticated attacks. As the ransomware code keeps evolving, attackers will aim home devices with capabilities of computing power and access to the internet. Devices such as home assistants, smart TVs and even toys will be held ransom or used to propagate more attacks. IoTs are still a loophole as botnets keep attacking them. Although the Andromeda botnet was stopped, hackers and attackers are expecting to create something new to hijack the IoTs again and also use massive DDoS attacks from these devices. Since its rather a harder process to keep these devices free of malware coupled with poor security settings, cybercriminals are expected to thrive once again. Additionally, if a certain home is hijacked, attackers may also penetrate to the victim’s work network and do more damage.
The above predictions are just a tip on what will go down in the course of 2018. It’s time for proper cybersecurity mechanisms to be put in place.