It's that time of year when security professionals around the globe pontificate on what's to come in 2018. No one has a crystal ball or nails this exercise from year to year. But, we can use what's in our rear-view mirror to shed light on what's to come and needed to safeguard consumers and businesses.
Let's take a look at 2017. The frequency of cyberattacks reached an entirely new level. WannaCry, NotPetya and Locky wreaked havoc and cost businesses globally billions of dollars. Each year, we say WOW, that was unprecedented, and we shake our heads in hope of a more secure future.
Here are my top five security predictions for 2018:
1. The Cryptojacking “gold rush” will be the top priority for cybercriminals.
Cryptojacking activity has been exploding toward the end of 2017 and I suspect to see far more activity in 2018, particularly as the value of cryptocurrencies escalate. In one day alone this year, Malwarebytes blocked 11 million connections to coin mining sites.
What makes this kind of activity interesting is how it has created a blurry line between the everyday Internet user and the cybercriminal. An individual mining cryptocurrency could very well be mining for their own wallet, based on visitors to their own web properties. There is also a very likely chance within those circumstances that disclosed cryptojacking activity could replace advertising on sites to become an entirely new revenue stream. However, the largest portion of cryptojacking is likely to occur from legitimate websites compromised to mine currency for the criminal wallet. Regardless, cryptojacking will be one of the cybercrime activities to watch in 2018.
2. Increased connectivity in education and healthcare make these Industries a prime target
We will begin to hear more about education breaches in the coming year. Despite increasing sophistication, cybercriminals will continue to target the easiest endpoints to penetrate. Educational institutions are often an under-protected patchwork of systems, lacking the resources to defend themselves. What's more, there is a loose network of seemingly unlimited endpoints containing a massive amount of proprietary data on students, faculty and parents. As we have witnessed, the data thefts of the last year often target the richest data available. Education systems seem like the next most likely target for cyberattacks. This is partially due to their richness and piecemeal security.
IoT in healthcare will fuel additional data security and patient concerns in 2018. With the ability for medical devices to connect directly to the Web, the growing Internet of Things (IoT) model offers many benefits. Greater connectivity means better data and analytics and patient care, but it also opens the door for data loss of personal health information (PHI) and unauthorized access to devices. The healthcare industry will need to closely examine a new era of connectivity and patient security. Similar to the electronic health record (EHR) conversion, security protocols will need to change and evolve to meet the growing threat. Devices should have strict authentication, limited access and heavily scrutinized device-to-device communications. Encryption will be a crucial element of securing these devices, a responsibility that if not adopted by device providers and manufacturers, is likely to be driven by third-party security providers.
3. The cybercriminal underground will continue to evolve and grow
While it may seem like we are already overwhelmed by the amount of cyberattacks occurring daily, this will not slow down in 2018. In fact, with a recent increase in cybercriminal tools and a lower threshold of knowledge required to carry out attacks, the pool of cybercriminals will only increase. This growth is a likely response to news media and pop culture publicizing the profitability and success that cybercrime has become. Ransomware alone was a $1 billion industry last year. Joining the world of cybercrime is no longer taboo, as the stigma of these activities diminishes in parts of the world. To many, it's simply a “good” business decision. At the same time, those already established as “top-players” in cybercrime will increase their aggressive defense of their criminal territories, areas of operations and revenue streams. We may actually begin to see multinational cybercrime businesses undertake merger and acquisition strategies and real-world violence to further secure and grow their revenue pipeline.
4. Cybercriminals will use more worms to launch malware
In 2017, we saw WannaCry and Trickbot use worm functionality to spread malware. More malware families will use this technique in 2018 because network compromise from worms spread faster than many other methods. If hackers can figure out how to use worms without being too noisy (a traditional downfall of this approach), this tactic can amass a large number of victims very quickly.
5. Security software will have a target on its back
In 2018, cybercriminals will target and exploit more security software. By targeting trusted programs and the software and hardware supply chain, attackers can control devices and wholeheartedly manipulate users. Hackers will leverage and exploit security products, either directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic to achieve their means. As these events become more publicly known, the public and business perception of security software, particularly that of antivirus solutions (AV), will further deteriorate.
So, what's going to minimize the daily data breach and ransomware attack headlines in 2018? First, we need to address the elephant in the room – a shortage of security IT professionals. We need our colleges to offer more training courses to both men and women. We as an industry need to make this profession more appealing and look to stop the revolving door of security executives.
Internally, companies need to make education and awareness a priority. Your employees are on the front lines and all too often one click away from a network breach – each and every day. Teach them. Show them. Protect your data and infrastructure.
Organizations should also consider evolving their endpoint security and investing in next-gen AV along with specialized behavioral and ransomware blockers. Having the right protection in place along with education and more training will go a long way in the fight against cybercrime.