Cyber Threat Predictions for 2018

Cybersecurity companies are publishing their predictions for threat trends in 2018. Here’s a quick summary of a few of them with links to the full reports:

Trend Micro – Digital extortion through ransomware attacks will continue. Cybercriminals will take advantage of old and new techniques to go directly for the money from ransomware victims. Companies subject to the EU’s General Data Protection Regulation (GDPR) are especially vulnerable to large-scale ransomware attacks. Internet of Things (IOT) attacks will be more numerous and used for purposes other than Distributed Denial of Service (DDoS) attacks. Delivery drones can be hijacked; medical devices and wearables can be hacked; and IoT devices can be used to mask the identity of clever cybercriminals. Business email compromises (BEC) through spearphishing and other techniques will continue to plague U.S. business to the tune of over $9 billion. Social media will see more fake news and cyber propaganda instigated and promulgated by botnets. Countries with general elections in 2018 will be especially targeted. Machine learning and blockchain technologies, while promising in terms of cyber defense and financial transactions, are new vectors for hackers and cybercriminals to exploit. And enterprises are especially at risk given newly discovered vulnerabilities in operating systems and enterprise-wide planning and analysis capabilities. Increased connectivity will lead to more complex cybersecurity challenges. Trend Micro 2018 Predictions - Internet of Things (IoT) vulnerabilities will be exploited as billions of new devices come on line, leading to possible government regulation of IoT products. Ransomware will increase and become emboldened by cyber insurance; hackers will hold companies hostage for the upper limit of their insurance policies. Ransomware will be increasingly targeted at big retailers, who would rather pay ransom than risk the loss of public confidence. Mobile apps will be increasingly targeted as hackers understand that leaky apps provide a path to sensitive personal and corporate data. Corporate phishing attacks and tax scams will increase. Migration to the cloud and new restrictions on data protection imposed by the EU’s GDPR provide new opportunities for professional hackers and cybercriminals. Predictions

FireEye/Mandiant – Increased nation-state activity from China, Iran, and Russia, not only for cybercrime but also to infect global supply chains. More cyber espionage from China against law firms, entertainment, and the health care industry. Increased hacker access to enterprises via phishing attacks against employees. As more companies migrate data to the cloud, hackers will find ways to compromise cloud security, including obtaining cloud security credentials from oblivious employees. The entertainment industry may be increasingly targeted. Advanced threat actors (e.g. nation-states) will increasingly target upstream software development activities to infect the supply chain of trusted software. More data protection laws including data localization as already seen in China and Russia. Multi-vector phishing attacks with capabilities to evade detection technologies. Use of “https.” domains for phishing attacks. Auto-spreading malware based on stolen credentials, and malware that misuses operating systems. Predictions – U.S. companies not prepared to implement the EU’s General Data Protection Regulation; the EU will likely make an example of one or more companies to send a strong message on the need for compliance. The Equifax breach and other 2017 attacks means that password-only authentication will be replaced by multi-factor authentication to include biometrics. State-sponsored attacks, especially from North Korea and Russia, will keep testing the ability and willingness of Western nations to respond. Expect more IoT botnet attacks. Machine learning will help defenders identify and respond more quickly to many types of attack. The lack of trust—in government, companies, and services—will continue to be a problem. Predictions

Forbes – More attacks on the U.S. Government and critical infrastructure as hackers show their growing capabilities; some of these attacks may come from North Korea or Russia. More fake news, accompanied by new techniques to verify the reputation of online senders/authors. New attacks will take advantage of the vast amounts of personally identifiable information (PII) lost in the major data breaches over the past several years. Improved data protection as companies begin to deal with increased cybercriminal capabilities to use stolen data for profit. More IoT attacks against all types of devices. The cybersecurity “arms race” between defenders and hackers will increase with the increased use of machine learning and artificial intelligence. Cyber threat detections will become more automated. Bitcoin and other digital currencies will increasingly be targeted by cybercriminals and used for ransomware payments. More breaches of digital currency will lead to regulations by banks and governments. Biometrics and multi-factor authentication will grow in use and importance. Enterprise cybersecurity will grow to meet industry demands for security in the cloud. Small and medium businesses will become more vigilant about cybersecurity. Companies will become more active in protecting the software development cycle to combat the increase in upstream malware insertion that affects the software supply chain. The talent gap in cybersecurity skills will only widen in 2018. Forbes Predictions

Return to our HOME PAGE