I would love to say that 2018 is going to be a lighter year in terms of cyberattacks and threats, but no one can afford to be that naïve. The truth of the matter is that today’s world simply lives on digital data which means there is more and more for the bad guys to try to steal.
Watching how cybercriminals work and constantly “upgrade” their attacks the following predictions allow organisations to prepare themselves and train their workforce to make smarter security decisions and create a human firewall as an effective last line of defence when all security software fails.
Here are six cyber security predictions that organisations experience today and should expect tomorrow:
1. Exponential Growth Of Ransomware
The massive ransomware attacks of 2017 aren’t going anywhere. Instead, they will grow exponentially and mutate to gain further traction. We’ll see a rise in ransomware attacks that also exfiltrate data, allowing cybercriminals a second way to ransom data through the threat of exposure. Additionally, ransomware-as-a service will continue to grow and will be the source of a significant percentage of attacks. Custom-made ransomware attacks will be reserved only for very high-value targets.
2. Hybrid Attacks Will Be Used To Distract
We saw it happen in Ukraine last month when Bad Rabbit ransomware served as an obvious and intrusive attack while, simultaneously, a silent, hidden spear-phishing campaign was carried out. We will see this as a new criminal modus operandi through 2018; ransomware infections will be used as a distraction, so the bad guys can accomplish their other more devious goals. Additionally, we should expect to see an increase in multi-vector social engineering attacks leveraging ‘smishing’ (text) and ‘vishing’ (voice) along with traditional phishing (email) social engineering techniques.
3. Automation Makes Detecting Attacks Harder
Phishing bots and intelligent scraping of social media and the Dark Web will make automated spear-phishing a very real, very hard-to-identify problem. The amount of data stolen in mega breaches over the past year—especially Equifax—makes it easy to automate mass spear-phishing emails that are both highly detailed and very effective social engineering attacks.
4. Extortion Scams Will Have A Long Tail
It’s bad enough to have your data held hostage until you pay a ransom 48 or 72 hours later. As we move into 2018, scams are going to extend that timeline, creating long-term or lingering extortion situations that are an ongoing nightmare for organisations and individual internet users alike. An example of this would be a ransomware attack that demands nude photos of the victim as “payment”, opening the door for continued blackmail.
5. Search Result Tampering Will Cause Confusion
Whether you call it search “tampering” or “poisoning”, 2018 will see an increase in search results that route users to compromised sites which exploit bugs in the workstation’s software, resulting in a complete take-over of their computer. Users will have to be particularly vigilant if they work in regulated industries such as Financial Services, Insurance and Healthcare, where personal identifiable information abounds.
6. Increase In Blameware & ‘False Flags’
Due to the recent European Union’s declaration that a cyberattack is an act of war, we’ll see more cyber propaganda operations that are engineered to spark conflict between countries, undermine democracies, and destabilise trust globally, making attribution very hard to determine.