In January of each year, cyber security predictions abound. It seems that every security company releases an article or whitepaper with predictions for the state of cyber in the coming year. Typically, there is broad agreement among them for certain likely threats. Then each throws in something unexpected for the much needed “I told you so” shock factor.
We’re now well into 2018 and here at the Cybermaniacs we thought it would be interesting to see how some of the most common predictions have or haven’t been coming true so far this year.
We reviewed twenty-four sets of predictions and broadly classified them based on topic. Of the 24, no more than 15 agreed on anything and there were only four topics that over half of the 24 believed would be significant in 2018.
So let’s see what everyone thought would be the biggest things in cyber security in 2018.
Rise of the Machine: Artificial Intelligence in Attack and Defense
Artificial intelligence, machine learning, and data mining have been major buzzwords for several years now. The ability to pull patterns out of data enables organizations to make informed decisions on a variety of topics. The power of artificial intelligence has made it a common topic of cybersecurity conversations and predictions.
The majority of the predictions about Artificial Intelligence in cyber security focused on the attacker’s side. One major application was automatic exploration of networks and vulnerability detection in targeted computer systems. Once in a network, AI could be used to slowly inject fake traffic over time, changing what defense systems consider to be “normal” for the network and making actual attacks less obvious.
Chatbots appeared in the prediction lists of several organizations for different reasons. CSOOnline predicted their use in collecting data for phishing attacks. For example, a chatbot on social media could be programmed to engage in conversations via messages or comments and learn information that can be used to make spear phishing emails more believable. Other potential applications of chatbots are the propagation of fake news and performing phishing attacks (sharing malicious links, documents, etc.) via social media.
Finally, hackers are predicted to use AI to make existing attacks more effective. One application is using AI for data mining to improve the effectiveness of brute-force password attacks based on user metadata. For example, knowing that a target was a millennial might mean that passwords centering around Harry Potter, Star Wars, or Lord of the Rings might be more probable. Another way that AI is expected to be a force multiplier for attackers is in the replacement of botnets (where each bot is mindless and centrally controlled) with swarms (where each bot is intelligent and can operate autonomously based on information gathered by it and its “neighbors”).
Predictions for the defenders are sparser (perhaps since they’re less exciting). A common prediction is that AI will be used to detect and defend against cyber attacks. The other prediction that we found is that companies will begin using AI to analyze and monitor their social media presence to detect potential pretexting attacks.
On the defense side, artificial intelligence is very much in cyber security. Many cyber defense products are based solely on using machine learning and other artificial intelligence techniques to detect and prevent malware infections and other cyber attacks.
Attackers have not yet stepped up to use artificial intelligence in any of the interesting ways predicted by cyber defense companies. So far in 2018, no major cyber attacks have been launched using any of the potential techniques described.
Laying Down the Law: Effects of Increased Regulation
The General Data Privacy Regulation (GDPR) officially launched on May 25 and is now a reality. This law increased the regulations and associated fines regarding the privacy of EU citizens’ personal data.
Predictions for GDPR are pretty straightforward. Many organizations aren’t ready and don’t have the manpower or talent in-house to handle their own GDPR compliance. To address these shortcomings, companies will start offering new products, solutions, and services focused on data privacy management and getting organizations ready for GDPR.
Another interesting prediction is focused on everyone not affected by GDPR. With the increase in data breaches in recent years, consumers want increased protection of their personal data. In 2018, it is predicted that customers will demand that the government passes increased regulations for consumer protection.
Now that GDPR has been launched, it is a waiting game to see whether the EU will bring the hammer down on the next organization to have a data breach that falls under the purview of GDPR.
Safe at Home: Targeting the Internet of Things
The Internet of Things (IoT) has great potential, enabling increased efficiency and convenience for the consumer. However, IoT is far behind in terms of security. In fact, a common joke is that the “S” in IoT stands for security. (And yes, we’re aware that there is no S in IoT.) The rapid growth and poor security of IoT has made it a focus for several 2018 cybersecurity predictions.
The number of IoT devices is growing rapidly yet remain immature with regard to security. This is not expected to change in 2018 and creates a growing threat surface for people and organizations. The rapidly evolving IoT market also means that vendors will offer limited support for “older” IoT devices, which further impacts security and alienates early adopters.
Currently, the main threat from IoT devices is large-scale Distributed Denial of Service (DDoS) attacks where an attacker uses a large number of hacked IoT devices to launch an attack against an organization or individual. Since these attacks are largely successful, they are not predicted to end any time soon. However, a new type of attack using IoT devices is predicted for 2018. Generally when people are infected with malware, they run an antivirus on their computer and clean it of malware. But how many think to run it on their smart TV or other “computers” on their network? In 2018, IoT devices are expected to be used as a persistence mechanism, allowing attackers to maintain their access to and reinfect a network even after the target cleans malware off of their computer.
The reality of IoT in 2018 looks a lot like the predictions. IoT devices have certainly been used for Distributed Denial of Service attacks already this year. In late January, a Mirai variant performed DDoS attacks against financial sector organizations that achieved attack traffic volumes of up to 30 Gbps. Hackers even offer DDoS attacks for sale for as low as $20 for 290-300 Gbps attack, which is more than enough to take down a site without DDoS protections.
As predicted, IoT devices have also been used for more than just DDoS attacks.
In Vegas, a casino had invested in a high-end fish tank that connected to the Internet, enabling remote feeding and environmental adjustments. The IoT thermometer inside the fish tank was not secure, allowing hackers to enter the casino’s network and steal 10 gigabytes of data through it.
Network persistence using IoT devices has also already made an appearance in 2018.
Previously, malware on IoT devices did not have good persistence mechanisms, meaning that turning the device off and back on again was usually enough to remove the infection. However, a botnet named Hide and Seek now has persistence mechanisms that allow it to stick around even after a reboot. This means that the easiest solution to IoT malware infections is no longer reliable.
Lock It Up: The Rise of Ransomware
2017 was called “the year of ransomware” with three major ransomware attacks affecting most of the world that year. The first two attacks, WannaCry and NotPetya, used exploits developed by the NSA and leaked by the Shadow Brokers to take advantages of flaws in the SMB network protocol. BadRabbit used a fake Flash update as an infection vector, convincing targets to download and run the malware.
Rather than the large scale attacks of 2017, 2018 ransomware attacks are predicted to target specific individuals or organizations. To date, ransomware attacks have been commercially focused (the hackers want to make money) but a shift to more political motivations is predicted in 2018. For this reason, cyber-hijacking, where ransomware attacks target critical infrastructure (power, water, etc.), is expected to become a major issue this year.
The Internet of Things is predicted to be a potential target due to its large footprint and poor security. In particular, expensive “smart” devices like smart TVs may be targeted since consumers are more likely to pay up if it means they won’t miss the next episode of Game of Thrones.
Finally, ransomware attacks are predicted to become more sophisticated this year. In the past, the ransom amount is typically set for a ransomware variant regardless of the data being held for ransom. This is expected to change in 2018, with ransomware performing data analysis and setting ransom amounts based on the predicted value of the encrypted data.
So far in 2018, ransomware hasn’t reached the levels reached in 2017. That’s not to say that ransomware attacks aren’t still occurring, they are.
One ransomware attack against the City of Atlanta in late March shut down the city’s computer systems for days, causing non-essential functions (utility bill payments, city job applications, etc.) to be suspended until further notice.
In 2017, 400 fold increase in ransomware activity was mainly due to the massive success of WannaCry. Since then, the focus of ransomware attacks has changed from large-scale attacks focused at regular people to attacks targeted at enterprises and large organizations (like the City of Atlanta).
Wrapping Up Cyber Security Predictions for 2018
Cybersecurity companies made a lot of different predictions about the state of cybersecurity in 2018. Here, we compared the state of the cybersecurity landscape after about five months of 2018 to the top four predictions and found that the results are mixed. Predictions for the Internet of Things have mostly already come true in the first five months of 2018 with the exception of offensively-focused use of artificial intelligence. In our Cybermaniacs blog we will continue to match up predictions made by cybersecurity companies to what we’re seeing in the real world.