The end of the year brings numerous cyber threat predictions for the new year from cybersecurity vendors. We have summarized some of these below. These should be taken very seriously since, as the Ponemon Institute reports, there are 720 million hack attempts every 24-hours worldwide, costing companies on average $9 million each year.
Many companies will not be in compliance with the European Union’s General Data Protection Regulation’s by its effective date (May 25, 2018). Look for the EU to make an example of a potential compliance laggard.
Ransomware attacks will continue to grow and are likely to target point of sale systems and mobile devices. Ransom-as-a-service platforms will be available on the dark web making ransomware campaigns much easier.
The profitability of traditional ransomware campaigns will decline as vendor defenses, user education, and industry strategies improve to counter them. Attackers will target less traditional, more profitable ransomware targets, including high net-worth individuals, connected devices, and businesses.
Internet of Things
IofT attacks will continue to grow, including the use of IofT devices to carry out DDoS attacks.
The number of cyber-attacks powered by compromised IoT devices will be a great concern of IT security industry that will push to regulatory responses. The lack of security by design and poor security settings will continue to be the principal reasons for the success of the attacks that will target IoT devices next year.
Banking Trojan and mobile ransomware will be the primary threats to mobile systems. Both Google and Apple will refine their systems to identify potentially harmful applications that could be deployed in their official store. Tech giants will adopt machine learning systems to prevent malicious app being download by end-users.
Financial Trojans are expected to surpass ransomware as a revenue source for hackers.
Cloud Storage and Mainframes
With the increased use of cloud storage, experts predict this will be an increased target for cyber-criminals. In addition, mainframes which are the epicenter of financial services for thousands of global organizations including 92 of the world’s top 100 banks, are potential high-value targets for attackers.
State Sponsored Cyber Attacks
State-sponsored hacker groups from both North Korea and Russia will continue to target Western entities for cyber espionage purposes.² North Korea’s army of 6,000 hackers will continue to use cyber-attacks to gain access to much-needed hard currency.
The United States has not addressed the systemic vulnerabilities that can be found in its voting systems, which depend on software to cast votes, count them, verify them, and report them. Hackers will attempt to compromise the integrity of 2018 elections. Hackers need not access voting machines to alter results, instead, they
could modify the spreadsheet or database that tabulates precinct voting totals, or use compromised Windows machines to adjust the voting tabulation results in web-accessible software.¹
See One-fourth of Trump’s Cyber Security Council Resign Claiming He is AWOL on Cyber Threats, Threatening Homeland Security; CLBR #273: Hacking the Vote with Jake Braun
Resources: Forrester’s top 6 cybersecurity predictions for 2018; InfoSec Institute 2018 Cybersecurity Predictions; McAfee Labs 2018 Threats Predictions Report.; Vectra 2018 Cyber Security Predictions; Cyber Security Predictions for 2018.