2017 showed us that the cyber crime economy is growing rapidly and it is getting harder to keep pace with cyber hacks and effective vulnerability responses. According to The Hiscox Cyber Readiness Report 2017, in 2016, “cyber crime cost the global economy over $450 billion…over 2 billion personal records were stolen and in the U.S. alone and over 100 million Americans had their medical records stolen”. We saw some of the worst ransom-ware attacks in 2017, NotPetya/ExPetr, WannaCry and Bad Rabbit being some of the worst kinds. Malware on the official Android app store managed to infect thousands of devices globally. Some of these compromised applications even contained Monero-mining scripts. The Mac OS, one of the least vulnerable to malware and spyware, also found cyber criminals create critical viruses for this OS such as MacRansom and MacSpy.
The statistics on cybercrime are just as concerning. Statistics reveal that 68% of funds lost owing to a cyber attack were declared unrecoverable. Further, there has been a 96% increase in the annualized cost of cybercrime in the U.S alone. Given that it takes an average of 170 days to detect a malicious cyber attack, it becomes imperative to look at cybersecurity with greater importance.
As the cyberspace becomes more complex and darker, here’s a look at some cybersecurity attacks that might launch on us in 2018!
As the value of real-time data collection becomes evident, IoT devices are becoming commonplace both at work and at a personal level. Pundits feel that through 2018, attacks against home automation/AI assistants such as Apple HomeKit, Amazon’s Echo, and Google’s Home and other IoT-enabled devices that control home locks, video surveillance systems, TV’s etc. will become a target. IoT-based attacks are also likely to continue to grow in 2018 as hackers will try to compromise these systems to steal sensitive information or for ransom.
While phishing is quite a simple and straightforward attack and we are well aware of its existence, it’s a little worrisome at how good cybercriminals are getting at it. Verizon’s 2017 Data Breach Investigation Report shows that almost 30% of phishing emails are opened. The Ponemon Institute discovered that phishing had increased from 43% in 2016 to 48% in 2017. It is, therefore, likely that phishing will continue its exploits in 2018 as well.
As merchants take steps to secure their payment systems with end-to-end encryption to prevent cybercriminals from obtaining valuable information such as credit card details, cybercriminals are getting smarter and turning to ransomware to monetize an attack.
Web-based attacks which include cybercriminals attempting to ‘break into’ a website, attacking a user’s machine and leveraging a user’s machine to conduct malicious activity will continue to remain a concern in 2018. Malware in the form of Trojan horses, worms, viruses and rootkits will become more targeted to smartphones and tablets becoming a cause for concern especially since the BYOD movement has become prevalent across large and small organizations alike.
Organizations have to be more careful of DoS attacks, since these attacks can be executed by even the most novice hackers. DoS attacks involve overwhelming servers or network traffic to an extent that even valid users are rendered incapable of using them. This can bring operations to a screeching halt and lead to business continuity nightmare.
Sometimes a vulnerability goes undetected by an organization and that vulnerability is identified by a cybercriminal before a developer has a chance to identify or resolve it. Zero Day is the term used to describe the time that the developer has once the vulnerability has been identified and before it is exploited. The Poneman study found that zero-day exploits have been rising incrementally and found that 16% of SMB’s dealt with these exploits in 2017 while 14% faced this problem in 2016. Unless the right measures are taken, these exploits will continue to plague organizations in 2018 as well.
Cross-Site Scripting is a serious threat to look out for in 2018. This cyber attack is quite similar to the SQL injection where a malicious code is able to access critical information stored in browsers such as session tokens, cookies etc. Making modifications and even impersonating users then becomes a piece of cake for the cyber infiltrators.
Clearly, as the cyber world evolves with the power of greater computing and technological advancements, security with a focus on vulnerability detection and fast response to these issues assume center stage in 2018. The threat landscape is increasing and so is the iterative process these attackers are taking to expand their threat surface. However, while it might be almost impossible to say where and what these cyber attackers will target, being meticulous and diligent about digital assets can go a long way and help you get all your ducks in a row to minimize damage.
Alcor is a global cloud advisory and implementation services company serving Fortune 500, Government Agencies, and other leading organizations in multiple industry verticals across the Americas, Canada and India. Alcor is a ServiceNow Gold Services Partner and also partners to Salesforce , FireEye , Microsoft , Dell Boomi, BOMGAR , and BigPanda amongst others. They advise leading businesses on cloud platforms, architecture, enterprise service management and integrating IT service delivery. They also provide business process consulting to capture, re-engineer and improve processes that can easily be automated to deliver real value. The Alcor consulting team has excellence in Business strategy, Cloud Technology and Organizational Change Management. For more information, connect with them at firstname.lastname@example.org