In 2017, the world suffered a record number of data breaches. It lets to predict that the problem of online security is not going away anytime soon. Furthermore, it is likely to escalate unless significant checks are put in place to get the situation under control.
Oksana Tunikova, an expert of online security, takes a look back on the cybersecurity events of 2017, analyze their long-term effects, outline the lessons learned, and explore where things are heading in 2018.
Artificial Intelligence and Machine Learning
If you were alive in 2017, there was no chance of escaping from conversations about artificial intelligence (AI) and machine learning especially, when it comes to making tech predictions and forecasts. The cold truth is that we cannot (and absolutely should not) ignore the possibilities these technologies offer for improving cybersecurity.
Dealing with a variety of threats that differ by scale, attack vectors, and in tactics of execution means that there is an abundance of data, which needs truly rapid analysis. When it comes to preventing a data breach, every minute counts. Literally. This is where AI and machine learning come into play, providing the fastest possible way to analyze large volumes of data and detect patterns that would be hard to notice ‘manually.’
Another reason for the advance of AI and machine learning is that these technologies may help proactively detect threat behaviors and build patterns to look out for abnormalities. This includes previously unknown (zero-day) threats that exploit a vulnerability that hasn’t been identified and patched. Once the threat is flagged by AI algorithms and isolated by researchers, there is a higher chance to stop an unfolding attack and minimize its negative consequences, including data breaches.
By removing the workload for analyzing variants of trivial (read: “previously encountered”) threats,
these AI-based monitoring and analysis tools will free up time for cyber-security specialist to address new challenges. The demand for cyber-security specialists is surging. AI offers a way to amplify human talent rather than replace it.
In 2018, cyber security will definitely continue to expand its AI-based tool inventory. Cybercrooks, in their turn, are also looking for ways to automate their activity, so we will probably see some AI advances in cybercrime as well.
The Internet of Things
The Internet of Things sounded revolutionary when we first heard about it. Today, however, it is a growing market with some of the biggest tech players like Google and Amazon exploiting the technology with great success.
According to Gartner prediction, there will be 21 billion IoT devices in use by 2020, but much like with any other game-changing technology, there are certain risks associated with the IoT.
One of the biggest threats related to this technology is that adversaries may take over connected devices, like routers or IP cameras, and use them for distributed denial of service (DDoS) attacks to paralyze websites or businesses. Of course, it would take hundreds of thousands of devices to implement something like this but, unfortunately, proof of concept already exists. There are two factors that make IoT devices a popular target among hackers.
First and foremost, the majority of users simply do not think of the connected devices as computers that can be attacked. Second, as researcher Michael Krebs explains, most vendors fail to communicate a message about the need to secure IoT devices by resetting passwords from default ones.
These two things together result in an escalation of IoT security problem. In 2017 alone, compromised IoT devices contributed greatly to rapid 91% growth of DDoS attacks and the trend is likely to continue gaining momentum.
As usage of connected devices grows both in private households and enterprises, the list of common IoT-related security risks continues to expand. According to predictions by Rapid 7, a leading security research firm, the upcoming year will be marked by the following IoT security risks:
- Malware actors using poorly monitored IoT infrastructure to maintain persistence on the compromised network.
- Abusing public facing IoT devices connectivity to “get a foot in the door” with corporate networks.
- Possible uptick in abuse of hardware (chipsets) vulnerabilities.
- Privacy issues due to attacks on IP cameras, DVRs, and other IoT with cameras that basically turn devices into surveillance tools.
GDPR and Privacy
There is one thing we can be certain of: the privacy discussion is going to be huge in 2018. The more connected we get, the higher the risks for our personal data. What aggravates the problem even further is that at times we may not even be aware of some risks until we’re faced with dramatic consequences.
In 2018, we expect at least a minor, positive shift in the current situation. Data breaches will most certainly continue in 2018. However, there are grounds to believe that the GDPR enforcement by EU in May 2018 will change the approach to consumer privacy and data processing practices dramatically and not only in the EU.
Whether we like it or not, malvertising will most certainly stick around and keep posing online security threats in 2018.
Ads are just another attack vector for hackers. Unfortunately, to all except hackers themselves, malvertising appears to be on the rise.
The number of ads with blacklisted content such as scams, phishing, exploit kits, and malware increased by 18% between the first and the second quarter of 2017, and there is a tendency of annual growth by about 18,65%.
Malvertising is illegal. To spread ads with restricted content, hackers pretend to be legitimate advertisers by registering with ad networks under fake credentials. Once registered, they upload weaponized ads which get distributed to partner websites of these ad networks. When users click on infected ads, they are redirected to fake pages on which their devices are ‘fingerprinted’ and a so-called exploit kit is dropped. This exploit kit then opens a gate for malicious payload delivered from the attackers’ servers.
What makes malvertising extremely fearsome and hard-to-defend-against is that in some cases one doesn’t even have to click on an infected ad to initiate the knock-on effect. If cybercrooks are especially skillful, simply hovering over an ad is enough to get the malicious ball rolling. Ordinary internet users are not the only target for malvertising criminals.
There are a few reasons why malvertising is becoming increasingly popular with time and will not likely be decisively defeated soon:
- In most of the cases, ad delivery infrastructure is not particularly secure, which makes it an easy task for online criminals to hack an ad server and start distributing weaponized ads across the network of websites.
- The ad industry, browsers, and websites rely heavily on Java and Flash—technologies that are easily and often exploited.
- In many cases, ad platforms and networks neglect the importance of high-quality advertiser verification practices and have no moderation of ads and links.
All this, however, does not mean that malvertising is completely out of control. Simple steps like using an ad blocker, investing in high-quality anti-virus tools, and learning the basics of safe browsing will help you stay away from the majority of malvertising attacks.
In 2017, Ransomware made headlines with large-scale attacks that employed different methods of infection, hitting users and enterprises alike.
It is predicted that both self-propagating malware and use of ransomware for means other than money (political, cyber-warfare, and alike) will continue in 2018. Furthermore, with the variety of tools that have been published by the Shadow Brokers, other sophisticated attack variants might emerge.
Some experts predict an advance of IoT ransomware that may extort money by stealing sensitive data from devices under threat of spreading it publicly. Ransomware will also continue using phishing as the attack vector. In fact, SANS Institute ranked spear phishing emails the second most significant threat with ransomware being at the top.
Lastly, it is projected that ransomware will strengthen its presence through RaaS (ransomware as a service) scheme. This means that individuals with malicious intent can start their own extortion campaign despite having little to no coding skills.
The algorithm is anything but trivial. Knowledgeable criminals develop a ransomware package that requires little to no coding skills to be deployed; low-skilled cybercriminals buy this package and use it for their own attack.
In nearly all the cases, developers of a ransomware package require a one-time payment or a percentage of a revenue generated from an attack where their ransomware package will be used.
The increasing availability of ransomware packages and the fact that little-to-no tech skills are necessary for deployment attacks creates an alarming tendency and calls for new prevention techniques and monitoring processes.
The Final Word
2017 has finally brought the issue of online security to a head. The record number of data breaches faced this year made it obvious that more efforts should be put in place to prevent the escalation of the problem in the future.
Hopefully, the enforcement of the GDPR and similar data protection regulations will mark the beginning of the new era of online security. But so far, the wisest decision for all internet users would be educating themselves on online security and thinking twice before clicking on a suspicious link or a banner ad.
The post originally appeared on: www.business2community.com