2017 might end up going down in history books as the Year of the Hacker. Not a week went by, it seemed, without a major cybersecurity attack making the headlines: the WannaCry global ransomware infection, the data breaches of Equifax, Forever 21, and Chipotle, thousands of social media credentials around the world stolen. With the revelation of Uber’s cover-up last year, anxiety about the safety of our personal and proprietary data has reached a fever pitch.
As we prepare to welcome 2018, we also need to take precautions with our information for our financial and personal safety. In that spirit, here are the top five evolutionary steps cyber threats will take next year.
We all have an image of the hacker as the lone individual in a dark room, striking randomly for their own personal gain or twisted ideology. However, cyberattacks are transitioning into a black market service for nations, corporations, and everyday individuals to harm or embarrass their rivals and victims. In other words, it’s becoming niche industry in its own right, possibly even developing a pseudo-corporate structure.
This could mean a new wave sophisticated malware, phishing, and Trojan programs in 2018 as hackers improve their coordination and communication. One result might be that aspiring hackers could purchase formal malware programs so they can conduct major breaches without the requisite technical knowledge.
2. Vulnerabilities in Corporate Collection of Information
As a society, we’re still grappling with the idea of corporations and organizations collecting information—often information outside what consumers are willing to share—
on potential consumers. Facebook’s collection of users’ emotional data is perhaps the most famous, but others businesses such as Google, Apple, and Yahoo all monitor customer behaviors and build detailed profiles for advertising purposes, among others.
This means there are huge databases of potentially sensitive data on company servers–which could prove enticing targets for hackers. And with the Equifax hack, large corporations have proven just as vulnerable to data breaches as smaller corporations.
3. Targeting the Specific Individual Over the Random Attack
Past incarnations of ransomware cast a wide net for its victims, grabbing anyone who encountered the program online or opened a rogue email’s link. It struck blindly and chaotically, or so it seemed. But according to McAfee’s Labs 2018 Threats Predictions Report, ransomware is evolving under the pressure of improved user knowledge, vendor defenses, and industry policies. Instead of targeting the average citizen, high-income, high priority individuals or entire business networks will instead fall under the hackers’ crosshairs. Further, instead of monetary extortion, the intention of ransomware may be shifting to general business disruption, as we saw with Wannacry.
The targeting of VIP individuals may prove even more dangerous than the random attacks, as it could be another tool of the Hackers-As-Service to disrupt the course of everyday life nationally, financially, and socially.
4. IoT and Cloud Vulnerabilities
More and more companies are adopting IoT devices, which unfortunately aren’t designed as securely as other devices. Data leakage is a persistent issue for IoT devices, and those devices record an unspecified amount of data– data your company may not wish to be made public.
According to Cybersecurity expert Rod Soto, director of research at JASK, consumers are bringing devices such as the Google Home Mini and security cameras and connecting them to their Wi-Fi “without any monitoring of the risks they pose. Most devices don’t even have an interface to manage them, so users don’t know if they’ve been compromised as part of a botnet attack or if it’s listening and sending their conversations to a malicious destination.”
At the same time, some of the largest hacks reported this year have resulted from breaches into third party cloud services, such as what happened to Uber last year. As companies demand more from their cloud services, those systems may become more unstable and insecure from the sheer volume.
5. Human Error and Silence
The greatest threat to digital safety may not come from hackers, whether working alone or with the backing of a national government. It may come from within your own company and not even by deliberate action. Workers may share privileged credentials over email without realizing the vulnerabilities in email transmissions, or may click on a rogue link without thinking. Training employees to work within your selected security solution and to adopt best practices will become increasingly important as hackers step up their efforts.
In a similar vein, one of the most alarming lessons we learned from the reveal of Uber’s cover-up is that we have no idea how many other companies or startups may be concealing security breaches; we could be feeding into the very issues we’re looking to correct. The first step to truly stopping hackers might be to take the conversation out of the shadows and to acknowledge that this is a war against persistent and dangerous people. And if we don’t make the effort to work together, we’ll be fighting a far more organized enemy.
Latest posts by Ben Canner (see all)
- How to Get The Most Out of Your Threat Hunting Practices - July 19, 2018
- Cybersecurity: a Political Pawn? The AlienVault InfoSec 2018 Survey - July 17, 2018
- The 25 Best Security Analytics and SIEM Platforms for 2018 - July 16, 2018