2017 was the year when it became clear that we need to take our online security seriously. Huge companies like Uber or Instagram fell victim to breaches and hacks. Not to mention the most significant breach of the year brought you by Equifax. Many are asking the question: what’s next?
Going into the new year, we believe this is an important question is how we are going to protect ourselves, our data, and our finances.
Prediction: Evolution of the IoT market and hacking targets
The current forecast is that there might be more than 20 billion IoT devices by 2020. More insecure IoT devices equal more target options for cybercriminals. Adoption is growing both in corporations and consumer spaces (i.e., Smart homes are havens for opportunistic hackers).
It’s clear that this trend toward Internet-connected everything introduces enormous opportunities for companies and convenience for home consumers. On the other hand, IoT vendors are racing to be the first on the market. In this haste to release the first, newest, more exciting product, manufacturers cut corners when it comes to security. Naturally, such dynamics and trends mean that the attack surface within IoT space will increase.
So, that’s what we should be expecting: lots of poorly secured devices spread across households and corporate environments. Lots of hackers are trying to target these insecure devices, rather than just PCs as we’ve been seeing.
We need to rethink security controls that come to effectively managing IoT ecosystems, that would provide accountability. The way to combat these hacking techniques should come in the form of timely anomaly-based detection and blocking services. These solutions would be intelligence driven, able to proactively flag risks with both home consumer and corporate environments.
It’s important to also keep in mind the instances of IoT botnet like Mirai, IoT Reaper, and Satori evolvements. They are highly effective to bring down huge commercial services when instructed utilizing DDoS attacks, and we predict these capabilities to continue to grow.
Prediction: Exploit Kit (EK) Evolution Equipped with Ransomware Payloads
An exploit kit is a toolkit that attackers use to take advantage of vulnerabilities in a system. We can always find ups and downs within various EK evolvements and developments. While one exploit kit goes into a dormant state (it’s not being used by an attacker at the moment), others are evolving and are seen active. The environment is continuously changing. Criminals adapt and incorporate new EKs as soon as vulnerabilities in a system are identified.
A recent study by Veracode reveals that only 14% of high severity vulnerabilities are fixed in less than 30 days, which means that 86% of vulnerabilities take longer than 30 days to patch. It is more than enough time for advanced malicious hackers to change and adopt exploit kits to take advantage and maximize profits from attacks.
We definitely will see an increase in this area going into 2018. Exploiting vulnerabilities with an EK is an easy payday for cybercriminals. Equipped with the latest, more evolved ransomware payloads, EKs are more dangerous attack vectors both for corporations and home users.
Make sure you patch your devices as soon as updates become available. For reasons we have mentioned, this may not always be enough to protect against hackers. It is an excellent place to start. Large-scale attacks, such as the WannaCry scandal, could have been stopped or greatly minimized if users had updated their computers.
Prediction: Advancements in Social Engineering Schemes
Email is still one of the leading communication channels (although Snapchat does have exciting filters). For that reason, it’s the main channel through which hackers target their victims. We predict that email will continue to be one of the top attack vectors in 2018.
We have seen how the latest PayPal phishing scam targeting is getting better. It can be attributed to the incredible amounts of personal information now freely available on the social channels. Spoofing and social engineering scenarios will get even more sophisticated and specific to individuals, making them harder to detect.
Social engineering is not just getting better and more efficient but is also getting wrapped up with ransomware schemes. Hackers use traditional social engineering methods to infect your computer and take over your data. They can then charge you to regain access to it. That is a dangerous trend in cybersecurity.
This attack trend wrapped up into hybrid ransomware delivery scenarios will be one of principal and most dangerous trends to watch during 2018.
Prediction: the Nation States and Cyber Warfare
In 2018, things are likely to take a political turn when it comes to cyber attacks. So far, there’s been lots of consumer-focused attacks, but cyber warfare is the new front when it comes to war between countries. There is no question that governments will invest in building up their cyber capabilities.
We can look at some prominent examples of the Iranian Cyber Army, the PLA Unit 61398 in China, and Bureau 121 in North Korea. We have already seen for the last few years that some of most prominent attacks and breaches were attributed to nation-state capabilities and actors.
In 2018 and forward, there is no question that states that possess such offensive capabilities will exploit all the opportunities to gain a competitive advantage in economic markets, and steal governments and corporate secrets.
Governments may even start using cryptocurrency and engage in bitcoin mining to continue funding future cyber attacks. Whether all this makes it to public news is a different story.
Here’s another excellent article if you want to learn more.
Prediction: ioS may get compromised even more, despite its unhackable reputation
Everyone said the Titanic was unsinkable, and we don’t need to tell you how that turned out. Nearly 64% of the American population has an Apple product in their home, a number that has increased by 50% since a study done in 2012.
CUJO AI security expert Leon Kuperman tells us why this may be the case:
“Android has had its fair share of malware. Apple so far has thwarted hacker attempts by keeping a closed ecosystem but a major iOS attack is inevitable and statistically overdue”.
Of course, we can’t know for sure, but it is something to keep in mind. Apple products are not unhackable, as they would like to have you believe. Check out an unexpected Mac hack that happened earlier this year.
Here are some steps you can take before 2018 to stay safe online:
We’re not all doomsday predictions and hacking epidemics. Here are some tips that you can follow to keep some of these risks at bay in the new year.
- Update software! Again, this is not necessarily a cure-all solution, but updating as soon as it becomes available is an excellent way to ensure that you have the best security available on your device.
- Invest in secured devices. Do some research before you bring new devices into your home. A cheap IoT printer, baby monitor, or doorbell may be the way a hacker targets you with ransomware.
- Update your credentials on IoT devices (change usernames, passwords, etc.). Factory settings are often weak and easily exploited.
- Check out the Ultimate CUJO Guide, and learn more tips to stay safe online
Does your New Year’s resolution list include staying safe online?
CUJO AI provides a security service based on AI cloud platforms. It is continually evolving and getting smarter, meaning that it does not only protect against already seen attacks, like traditional AV solutions. It can predict and block in real time, never before seen attacks, giving consumers the upper hand in the hacker/defender arms race. Read more on our Amazon page.