Malware prevention specialist, Malwarebytes, has announced its 2018 cybersecurity predictions. The company predicts top threats in 2018 will include a rise in browser-based cryptojacking, PowerShell-based attacks, hackers using security software as a back door, adaptive worm functionality and the growing connectivity in all industries, with both the education and healthcare sectors increasingly targeted.
The year 2017 was brutal, with global ransomware attacks, including Wannacry and NotPetya increasing, and unprecedented data breaches such as Equifax and the loss of 198 million voter records.
“Our Labs’ findings show no signs of a slow down in 2018,” said Marcin Kleczynski, CEO of Malwarebytes. “Hacker tools and techniques are increasing in sophistication and accessibility. We are seeing a new army of cybercriminals coalesce, lured by inexpensive tools and the promise of an easy profit—often publicised and glorified in the media. The forthcoming attacks will require more cybersecurity training, increased education and awareness and a multi-layered approach to business and personal security.”
With the new year around the corner, security researchers at Malwarebytes Labs have compiled a list of predictions likely to impact businesses and consumers in the 2018.
- IoT will fuel additional data security and patient concerns in 2018. With the ability for medical devices to connect directly to the Web, the growing Internet of Things (IoT) model offers many benefits. Greater connectivity means better data and analytics and patient care, but it also opens the door for data loss of personal health information (PHI) and unauthorised access to devices. The healthcare industry will need to closely examine a new era of connectivity and patient security. Similar to the electronic health record (EHR) conversion, security protocols will need to change and evolve to meet the growing threat. Devices should have strict authentication, limited access and heavily scrutinised device-to-device communications. Encryption will be a crucial element of securing these devices, a responsibility that if not adopted by device providers and manufacturers, is likely to be driven by third-party security providers.
- The Cryptojacking “gold rush” will be the top priority for cybercriminals. Cryptojacking activity has been exploding toward the end of 2017 and we suspect that we will see far more activity in 2018, particularly as the value of cryptocurrency escalates. In one day alone this year, Malwarebytes blocked 11 million connections to coin mining sites. What makes this kind of activity interesting is how it has created a blurry line between the everyday Internet user and the cybercriminal. An individual mining cryptocurrency could very well be mining for their own wallet, based on visitors to their own web properties. There is also a very likely chance within those circumstances that disclosed cryptojacking activity could replace advertising on sites to become an entirely new revenue stream. However, the largest portion of cryptojacking is likely to occur from legitimate websites compromised to mine currency for the criminal wallet. Regardless, cryptojacking will be one of the cybercrime activities to watch in 2018.
- We will see an increase in PowerShell-based attacks. Earlier this year, entities of the Saudi Arabian government were compromised using a macro in Word to infect the target’s computer with an information-stealing Trojan. Rather than retrieving a binary payload, the attack relied on malicious scripts to maintain persistence on the device and to communicate with compromised websites acting as proxies for the command and control server. These malicious script-based attacks, specifically PowerShell-based attacks, are incredibly difficult to identify. They can easily evade antivirus engines, making it that much more appealing to cybercriminals. We predict many more PowerShell attacks in the year to come
- 4. Educational institutions will be a prime target. Despite increasing sophistication, cybercriminals will continue to target the easiest endpoints to penetrate. Educational institutions are often an under-protected patchwork of systems, lacking the resources to defend themselves. What’s more, there is a loose network of seemingly unlimited endpoints containing a massive amount of proprietary data on students, faculty and parents. As we have witnessed, the data thefts of the last year often target the richest data available. Education systems seem like the next most likely target for cyberattacks. This is partially due to their richness and piecemeal security.
- The cybercriminal underground will continue to evolve and grow. While it may seem like we are already overwhelmed by the amount of cyberattacks occurring daily, this will not slow down in 2018. In fact, with a recent increase in cybercriminal tools and a lower threshold of knowledge required to carry out attacks, the pool of cybercriminals will only increase. This growth is a likely response to news media and pop culture publicising the profitability and success that cybercrime has become. Ransomware alone was a $1 billion industry last year Joining the world of cybercrime is no longer taboo, as the stigma of these activities diminishes in parts of the world. To many, it’s simply a “good” business decision. At the same time, those already established as “top-players” in cybercrime will increase their aggressive defence of their criminal territories, areas of operations and revenue streams. We may actually begin to see multinational cybercrime businesses undertake merger and acquisition strategies and real-world violence to further secure and grow their revenue pipeline.
- Security software will have a target on its back. In 2018, cybercriminals will target and exploit more security software. By targeting trusted programs and the software and hardware supply chain, attackers can control devices and wholeheartedly manipulate users. Hackers will leverage and exploit security products, either directly subverting the agent on the endpoint, or intercepting and redirecting cloud traffic to achieve their means. As these events become more publicly known, the public and business perception of security software, particularly that of antivirus solutions (AV), will further deteriorate.
- More cyber criminals will use worms to launch malware. In 2017, we saw Wannacry and Trickbot use worm functionality to spread malware. More malware families will use this technique in 2018 because network compromise from worms spread faster than many other methods. If hackers can figure out how to use worms without being too noisy (a traditional downfall of this approach), this tactic can amass a large number of victims very quickly.