2018 may have just started, but it's never too early to be aware of potential security threats and how to prevent them in the future. Here's a roundup of some of the organizations, security flaws, and other things that go bump in the night to watch out for.
Political Intrigue Turns Cybercriminal
In December 2017, the White House publically attributed the WannaCry ransomware attacks to the Lazarus Group, which works on behalf of the North Korean government. The computer worm affected more than 230,000 computers in more than 150 countries earlier last year, targeting primarily businesses, governmental entities, and the UK’s National Health Service (NHS).
The Trump administration is not alone in their belief: U.K. Security Minister Ben Wallace told the BBC, “We believe quite strongly, that this [attack] came from a foreign state,” that he later clarified to be North Korea.
Outside of outright war, the United States has few options to retaliate on North Korean to deter future cyber attacks besides amping up their own security, so we're sure to see more attacks of this sort.
Companies Desperate for Cybersecurity Pros
Cybersecurity Ventures predicts that by 2021 there will be a gap of 3.5 million jobs where companies have a demand for security worksers, but are unable to fill those positions with qualified candidates.
According to ESG research from early 2017, 45% of organizations reported that they already have a “problematic shortage” of employees with cybersecurity experience. The skills shortage puts an increasing workload on existing staff, including the training of inexperienced employees. Because of the increasing risk of severe cyber threats, spread-thin cybersecurity divisions are forced to focus all of their time and energy on emergency issues, rather than strategic planning or skills development and training.
IoT Hacks Hit the Big Time
As more and more devices and public infrastructure become connected to the internet, and the potential pool for hacks grows exponentially, we’ll see more attacks against them. IoT-connected devices, such as smart refrigerators, webcams, TiVos and Smart TVs are more vulnerable to attacks, and have already been exploited for use in botnets, but we predict that they will be targeted for often in ransomware attacks. We already saw the WannaCry ransomware affect small utilities and manufacturing sites in the United States. In 2018, we’ll start seeing larger-scale attacks against infrastructure and IoT security.
Artificial Intelligence and Machine Learning for Hackers
One of the biggest threats to IoT security is AI technology.
AI is useful to cyber-attackers because they can both infiltrate an IT infrastructure and stay on the network for an extended period of time, undetected. From there, machine learning will give malware the ability to gain insider knowledge of the network and its users, all-the-while while escalating privileges to build control over entire systems of data.
This may sound a lot like the modus operandi of a traditional, carbon-based hacker, but unlike people, AI doesn’t need to follow sleep or work schedules—it can work at any time, without breaks. It goes without saying that AI can also process large amounts of data faster than humans can, and therefor can work through databases faster and more efficiently.
Companies are already preparing for an increase in artificial intelligence cyber-attacks, largely by developing their own AI defenses against harmful AI. Google has already created a non-traditional security group called “AI Fight Club” for deterrence and to train systems to more effectively combat harmful AI.
Stricter GDPR Regulations Can Cost Organizations Millions
On May 25, 2018, the EU General Data Protection Regulation will go into effect, and that means big changes for businesses that process and store a lot of data.
GDPR requires that all organizations processing personal data prove that they have taken “appropriate” security measures to protect that data from malware and other cyber threats. Besides the vagueness of “appropriate” security measures, the ability to meet this requirement is further complicated by the fact that third parties provide specific data processing activities to many organizations, which makes overseeing all of their individual security measure difficult.
Organizations that do not maintain sufficient GDPR compliance can be fined €20 million or 4% of worldwide annual turnover.
The new GDPR rules will make large databases of unmanaged information a big liability for businesses in case of data breaches. They will have to start thinking about what data they are collecting, why, and how they’re storing it.
Sleeper Design Flaws On the Scale of KRACK and Meltdown/Spectre
Sometimes, the services and devices we use every day have major, hidden design vulnerabilities that can be devastating if a cybercriminal takes advantage of them.
In 2017, we saw large scale problems with loopholes and issues in widely used software. The KRACK attack, where attackers were able to intercept information on Wi-Fi networks travelling between devices and routers, was made possible by a long-standing flaw in WPA2 software. The Meltdown and Spectre bugs are another high-profile examples of design flaws that survived for years, leaving millions of devices vulnerable to attack.
These kinds of attacks are so difficult to predict and guard against because the flaws need large-scale architecture and design reviews to discover.
As cybercriminals become more sophisticated, flaws that have survived undetected in devices and software will become increasingly at risk for hackers to uncover and exploit. Thorough reviews of the design and architecture of products are the only thing that can be done to mitigate attacks in the coming year.
Leave a Reply
Your email address will not be published. Required fields are marked *