4. State-sponsored attacks will increase. The usual suspects for state-sponsored attacks — North Korea, Iran, and Russia — don’t have much to lose by continuing their attempts to extort, steal, spy and disrupt by infiltrating information systems. All are already heavily sanctioned, and the consequences — at least those we know about — in response to state-sponsored attacks have been minimal.
This makes the risk of escalating those attacks seem low. Expect state-sponsored attackers to keep pushing the envelope in terms of scale and impact of their assaults. An area of particular concern is critical infrastructure like power and communications grids. “The progression of cyber-attacks driven by nation-states will undoubtedly place critical infrastructure in the crosshairs, potentially leading to widespread outages or exposed personal information that could impact millions of innocent consumers,” stated Experian’s 2017 Data Breach Industry Forecast.
Affected nations and the international community will respond with more pressure on the bad actors. More sanctions and indictments of foreign nationals deemed responsible are likely. “Unfortunately, until there is a clear international agreement regarding rules of engagement in cyberspace, these attacks are likely only going to increase and escalate,” the Experian report stated.
State-sponsored attacks might also spur countries to form alliances to fight them. “Increased attacks on critical infrastructure will drive countries to begin discussing cybersecurity alliances. Establishing these alliances will provide mutual defence for all countries involved and it will allow for the sharing of intelligence in the face of attributed nation-state attacks, not to mention agreements to not attack each other,” says Eddie Habibi, CEO of PAS Global.
Until effective deterrents are in place, offending nations will escalate their attacks until the cost is too high. That cost might come in the form of in-kind counter-attacks or even some kind of physical strike. Let’s hope we don’t end up with the kind of brinkmanship that kept the world on edge during the Cold War.
5. Attacks via compromised IoT (Internet of Things) devices will get worse. Millions of connected devices have little or no defence against hackers who want to gain control of them. In fact, it’s getting easier for hackers to take over scores of internet of things (IoT) devices. All they have to do is purchase a botnet kit from the dark web and they are in business. The top 3 botnet kits — Andromeda, Gamarue and Wauchos — are estimated to be responsible for compromising more than a million devices a month. The Reaper botnet has infected more than a million devices.
The problem is that we haven’t yet seen what the hackers who control the botnets intend to do with them. Will it be to launch distributed denial of service (DDoS) attacks? Send massive amounts of spam? Or will they do something we haven’t seen before? We’ll find out in 2018.
It takes time to build, secure, and set up the command infrastructure for a botnet at a Reaper-like scale. A hacker would not likely invest that kind of effort without expecting a large return. Botnet attacks in 2018 could be very interesting, and not in a good way.
That’s the bad botnet news. The good news is that efforts against botnets are improving. In December, 3 people pleaded guilty to charges related to their creating and using the Mirai botnet to launch a DDoS attack on DNS service company Dyn. Also in December, ESET and Microsoft announced that they had cooperated to take down 464 botnets and more than 1,200 command and control domains. Also encouraging, an individual believed to be associated with the botnets was arrested in Belarus.
International cooperation will be necessary to stop botnets. The Belarus arrest along with the arrest of Peter Levashov, the hacker behind the Waledac and Kelihos spam botnets, in Spain last spring give hope that hackers will have fewer safe havens next year.
IoT device makers are slowly making progress on securing their devices as well. That won’t help the scores of devices already deployed that are difficult or impossible to patch, however. “Manufacturers will start to address these security faults or risk losing to the companies that bake-in security from the start,” says Ken Spinner, VP of field engineering at Varonis. “GDPR may save the day in the long run, forcing businesses to reconsider personal data collection via IoT, but we won’t see this effect until at least 2019.”
6. Automation of some threat-detection tasks will increase. Security teams wade through massive volumes of alerts and data every day to determine what is or isn’t a likely threat. That volume will increase, driven by more attacks and more attack vectors. Filtering the alert data is repetitive, tedious work, which makes it a perfect candidate to automate using software.
Organizations are already taking advantage of machine-learning-based tools to help filter alerts to lighten the load of over-burdened security staff. We expect this trend to accelerate in 2018 as the volume of threat indicators increase and the security talent pool remains constrained. And why not? Studies have shown that, properly deployed, automation tools are highly effective at identifying which alerts a person needs to look at.
The automation trials that organizations are doing now will give them confidence in the technology and help them understand where it can and can’t help. That will encourage security teams to expand the use of automation where it makes sense. Automation will not be a panacea or replace staff, but it will boost threat detection effectiveness and free staff for other important tasks.
With the increased use of machine-learning-based automation will come a greater awareness of what it can’t do. For example, machine learning is only as good as its model and the data available to analyze. It will likely miss any new type of attack. This better understanding of machine learning and automation will allow security teams to deploy the technology more effectively.
Microsoft spent over a US$1B last year just on security for its emails. This is a massive increase on the previous year and this investment will continue.
7. Trust will be a casualty of the war on cyber crime
Who can blame anyone for mistrusting everything when it comes to cyber security? No one’s personally identifiable information (PII) is safe. Companies can’t count on the integrity of their suppliers’ and partners’ security capabilities. The U.S. government has banned leading providers such as Kaspersky because this security company being based in Russia. It believes the risk of Russian influence to compromise the software too high.
Similar actions by other countries are likely in 2018. “Other countries have shown similar nationalistic tendencies such as China and its recently passed, far-reaching cybersecurity law that requires access to vendor source code. We predict that the U.S. Executive Branch will show similar tendencies and direct government agencies to exercise procurement preference for vendors with development and manufacturing in the U.S. or allied countries,” says PAS Global’s Habibi.
Australia will most likely follow these actions if they have not already started this process of finding safer countries from which to source government software.
Is this over the top? I do not think so. This lack of trust is starting to have a real effect on business that will continue into 2018. Uber did not help matters when it was revealed that the company hid a large breach for a year. It will be harder to engage consumers when they are reluctant to trust companies with their PII. As explained above, this will drive companies to provide stronger authentication.
Expect more companies to demand security audits of their partners, suppliers, and service providers. Third-party breaches are becoming more common, and it shows that any organization’s security is only as good as its extended network. It can’t assure its customers and employees that their data is safe if they don’t know the risk presented by other organizations with which it does business.
The environment of mistrust will present opportunities for companies that can show genuine concern for protecting data and that they have proper security infrastructure in place. In other words, earned trust becomes an asset when consumers and other organizations are willing to do business with you because they feel secure doing so.