2018 cybersecurity trends and predictions

The New Year is almost upon us and with it new development in cyber security. 2017 was “exciting” year for many of us in the industry and the trend will continue into 2018. Here are some predictions of developments I see in the New Year:

AI-powered attacks

With abundance of free and commercial statistical AI implementations, it’s just a matter of time before bad guys jumped on an AI trend. State actors have been using it for a while, passing the technology to closely associated proxies and should be the year for a wider cyber-criminal adoption of AI. Some of possibilities for AI-related attacks include:

• Spam/fraud/phishing messaging utilizing chat bots. When you are involved in multi-stage phishing attacks or email scams, automation is the way to go. Intelligence gathering for advanced attacks. AI can be used for automated collection of relevant intelligence on organization, it’s systems and identities, before attacks. This includes farming legitimate sources such as support forums, external code repositories, and other internet sources for relevant data that can simplify attackers job.
• Smarter brute force attacks with AI-powered password guessing. With vast number of password data from previous breaches available for analysis, narrowing down probable passwords by geography, demographics and publicly available personal information significantly reduces amount of password guessing effort.
• Cryptographic attacks by using advanced pattern recognition capabilities to reduce complexity of brute force operations. Specifically, analysis of encrypted traffic in known-cyphertext attacks makes a great proving ground for AI technologies.
• AI-powered attack obfuscation. Using AI to create patterns around attack operations to prevent detection by behaviour analysis technologies (AI to counter AI). In this scenario, legitimate operation and communication patterns are observed and gradually modified before an attack is commenced, thus reducing anomaly rating of actual attack operations.

Reduced sandboxing technologies effectiveness

Over the last few years the rate of adoption for sandboxing technologies grew rapidly. Sandboxing against malicious threats became a new anti-virus standard for enterprises. As effective as it appears to be, sandboxing has shortcomings in both delay it introduces, process, where a sandboxed detonation can be effectively identified as such, and change-over-time ineffectiveness. Threat actors are finding more and more ways to defeat sandboxing, reducing the technological advantage the vendors had. Sandboxing improvement became a cat-and-mouse game, much like with antivirus in the past. Effectiveness of sandboxing will start gradually falling to a point where an additional layer of technology will be required to protect against advanced threats.

Cyber-hijacking

Ransomware was a big topic over the last few years. With abundance of IoT and industrial control systems and autonomous control for transportation moving closer to reality, we should see successful cyber-hijacking attacks as early as 2018. In such attacks hackers will be able to take a full control of an industrial or transport automation and control system, cutting a legitimate owner out with no possibility of regaining control. Hackers will then demand ransom payments to relinquish control of the system.

More compliance regulations

2018 is the year GDRP comes in effect and many vendors already tuning in with their marketing campaigns and anticipate capitalizing on the regulation, much to the same effect as with PCI or SOX. Considering high profile breaches of 2017, we will see further regulations designed to dictate how organizations should behave during the breach or minimum level of detection and prevention controls they require. This would be a big win for any vendors in incident management and response space, but as a case with most regulation, these would not significantly increase security stance of regulated companies.

Enter the cyber-insurance dragon

Cyber-Insurance policies have been around for a while, but insurance industry is still trying to figure things out, particularly when it comes to digital assets valuation. Nevertheless, these insurance policies are becoming more mainstream and, much like with physical security, insurance companies are poised to become major drivers in cybersecurity industry.

Cyberwar

In 2018 we should see a further escalation of an international conflict in cyberspace. This may include attacks on infrastructure and utilities, as well as disrupting normal operations of government and financial systems. Current passive-aggressive actions of trust erosion against traditional society institutions such as banks, press, law-enforcement, judicial and government will turn into an open aggression directed by hostile nation or by proxy through associated cyber-terrorism groups. As a result, we may see erection of cyber-borders across the internet and further loss of right to remain anonymous on the web.

Attacks against cybercurrencies and blockchain systems

No, that Bitcoin and blockchain technologies went mainstream, we should see increase in attacks, including zero days vulnerability exploitation, denial of service, as well as, majority related attacks against smaller blockchain systems. While probability of cryptographic attacks against Bitcoin are slim, other blockchain systems may opt for weaker cryptographic algorithms to increase performance. An ability to pass an arbitrary data in a block combined with lack of secure coding practices will, sooner or later, result in remote code execution attacks against the participating nodes for one or more of blockchain systems.