With more devices able to connect directly to the web, the IOT s continuously expanding. However, cans of worms are waiting to be opened, including data loss, data manipulation and unauthorised access to devices.
While we were already be overwhelmed by the number of cyber-attacks occurring daily last year, 2018 shows no signs of slowing.
The emergence of a new cyber-crime army is rising. This group has been seduced by inexpensive tools and the potential of huge profits advertised through reported hacking scandals within the media.
On top of this, hacking tools and techniques are increasing in sophistication and accessibility. These combined factors have led to a booming cyber-crime economy. For instance, ransomware alone was a US$1 billion (£740 million) industry last year.
So, let's assess what needs to be looked out for and protected against next year, using Malwarebytes Labs' research to predict the next trends in cyber-crime.
The cryptojacking “gold rush”
The first prediction is that we will see far more cryptojacking activity in 2018. The fast-rising popularity of cryptojacking is mainly due to its ever rapidly rising value. On one day alone last year, Malwarebytes blocked 11 million connections to coin-mining sites – and these numbers are increasing.
Interestingly, cryptomining has blurred the lines between everyday internet users and cyber-criminals. It's now possible that an individual mining cryptocurrency is doing so for their own financial gain, targeting visitors to their own web properties. This principle could lead to a mass adoption of cryptomining as a legitimate form of online revenue creation, and could even end up replacing advertising in some cases.
However, the largest portion of cryptojacking is likely to occur from legitimate websites compromised to mine currency in order to deepen a criminal's pockets.
Educational institutions will have to watch their backs
While cyber-criminals are increasing in sophistication, laziness will certainly factor into deciding who they are going to target. Ultimately, cyber-criminals will continue to target the easiest endpoints to penetrate.
Due to a lack of funding, educational institutions' IT systems are often under-protected and they often lack the resources to defend themselves if an attack were to occur. To a cyber-criminal that's the definition of an easy target.
Even more tempting is the loose network of seemingly unlimited endpoints containing a massive amount of proprietary data on students, faculty and parents. Oftentimes educational institutions deliberately maintain open networks since they are after all, a bastion of learning which should allow free and easy access to information. As previous attacks from this year show, data thefts tend to target the richest data available, educations systems - with a perfect combination of rich data and piecemeal security – seem the most likely targets for 2018 cyber-attacks.
Another sector likely to fall victim to targeted cyber-crime in 2018 is security software providers. Hackers will exploit security products, by directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic.
These attacks will have a two-pronged effect. Firstly, by infiltrating trusted programs, software and third-party suppliers attackers can control devices and leverage their position to manipulate users. Secondly, as these events become public knowledge, the customer and business perception of security software, particularly that of antivirus solutions (AV), will deteriorate and may gain an untrustworthy reputation.
Worms on the rise
Recent attacks, including WannaCry and Trickbot, used worm functionality to spread malware. Our research suggests that more malware families will be using this technique next year because, compared to many other methods, a network compromised from worms spreads much faster.
A common downfall of the worm approach is that it tends to make more noise and can be detected faster. But if hackers can find a way to iron out this crease then this tactic can amass a large number of victims very quickly.
Internet of Things causing concerns
With more devices, including medical device technology, able to connect directly to the web, the Internet of Things (IoT) is continuously expanding. IoT has a number of benefits; greater connectivity means better data and analytics. However, cans of worms are waiting to be opened, including data loss, data manipulation and unauthorised access to devices.
The healthcare industry, in particular, will need to closely examine a new era of connectivity to ensure patient security. In order to combat the threat, devices should have strict authentication, limited access and heavily monitored device-to-device communications. Crucially, these devices will need to be encrypted - a responsibility that is likely to be driven by third-party security providers.
Increase in PowerShell-based attacks
2017 also saw entities of the Saudi Arabian government compromised by a macro in Word which infected the target's computer with an information-stealing Trojan. This attack used malicious scripts to remain on the device and communicate with compromised websites which acted as proxies for the command and control server.
These malicious script-based attacks are very difficult to identify. PowerShell-based attacks, in particular, easily evade many AV engines, making it that much more appealing to cyber-criminals.
However, it's not all doom and gloom – there are many steps companies can take to prepare and protect themselves. Businesses must adopt a layered approach to security, employing both modern solutions that use machine learning and behavioural analysis to block these traditional threats and anti-malware for the more advanced. What's more, all staff members must understand the gravity of the threat posed by outdated software with regular education training sessions.
Contributed by Justin Dolly, the chief security officer at Malwarebytes.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.