Cyber criminals are getting craftier and remain steps ahead of the latest technology. PAT PILCHER looks at the potential devastation that cyber crime is likely to inflict on lives in 2018.
What a year to be a cyber-criminal! Ransomware attacks were paid out in droves as panicked business owners grew desperate to unlock business data. This was happening as the personal data of millions was stolen and on-sold as data breaches occurred globally. Then there’s that old cyber security chestnut of distributed denial of service attacks (DDoS) causing major outages around the world.
I caught up with Mark Shaw, Technology Strategist at cyber security firm Symantec to see what he thinks 2018 holds for us as cyber crims make use of increasingly sophisticated tools to break through cyber defences. Here’s what awaits the unprepared in 2018.
Cryptocurrency Heists Will Be Big News
Blockchain, the technology used with crypto currencies like Bitcoin is gaining a following beyond cryptocurrencies and is getting bigger than huge. According to Shaw, it won’t be the focus for most cyber criminals. His logic is compelling. He says that instead of attacking Blockchain, cyber criminals will most likely focus on coin-exchanges and individual user’s coin-wallets. These are the easier targets, and given the exploding value of crypto currencies, the rewards for successful attacks are high. According to Shaw, another common but far less serious gotcha will see users tricked into installing hidden crypto currency miners on their devices, handing over their CPU and electricity to make money for other unknown and potentially shady individuals.
We’ve seen AI and machine learning grow at an explosive rate, so it isn’t a huge surprise that they’re capturing the attention of cyber criminals. So far says Shaw, much of the interest around AI and ML has centred around using them as protection and detection mechanisms. This is likely to change going forward and AI and ML is likely to be used by cyber criminals to conduct attacks, creating Terminator-like AI versus AI battles.
File-less And File-light Malware Attacks To Explode
2017 saw growth in the amount of file-less and file-light malware attacks. These attacks see hackers capitalising on the general lack of awareness of file-less threats. It’s long been held that traditional cyber-attacks required tricking users into installing malware. File-less attacks instead take advantage of applications already installed. While the near zero footprint of such attacks are talked up by security experts, many of these attacks can leave traces on the attacked device provided the security expert knows what they’re looking for.
Either way, file-less attacks that make use of the victims’ own apps or behaviours can be much harder to stop, track and defend against. According to Shaw the early success of file-less attacks has triggered a gold-rush like mentality, with a growing number of cyber crims using these techniques. File-less attacks are expected to pose a significant threat and lead to an explosion of such attacks in 2018.
Financial Trojans have come a long way from being simple tools designed to harvest credentials. As they’ve advanced, they’ve evolved to attack multiple banks and banking systems that send shadow transactions that help hide their tracks. Unsurprisingly, Financial Trojans have proven profitable for cyber criminals. The move to mobile application-based banking is seeing cyber criminals moving their attacks to mobile platforms. According to Shaw, profits from Financial Trojans are expected to grow and ultimately outstrip Ransomware attacks.
Expensive Home Devices Will Be Held To Ransom
Ransomware has allowed cyber criminals to reap huge profits by locking up mission critical business data and systems. Desperate businesses have been forced to pay up to regain access to affected business data and this has created a gold-rush mentality. This has not only seen a growing number of cyber criminals distributing Ransomware, but has seen Ransomware become a specialised industry with Ransomware-as-a-Service and other specialisations now commonplace. Another side effect is that cyber crims specialising in Ransomware are looking to exploit the growing number of connected home devices. Smart TVs, smart toys and other smart appliances are likely to become an attractive target for cyber criminals in 2018.
In recent years massive DDoS attacks have happened by using hundreds of thousands of compromised personal computers to take part in attacks. In 2018, the sheer volume of poorly protected IOT devices installed in households is likely to represent a huge opportunity for cyber criminals looking for stooge devices to be used as part of a DDoS attack. Equally concerning, says Shaw, is the fact that cyber crims are also likely to use cameras and smart speakers to eavesdrop on unsuspecting users. Home IoT devices will be compromised by cyber criminals to provide persistent access to a victim’s network. Most IOT devices are left with default settings enabled and are not regularly updated. This means that no matter how many times they are reset, attackers will still have a backdoor into victims’ home network.