Symantec has prepared a list of predictions of what we can expect in 2018 regarding cybercrime, given that in 2017, criminals caused severe service disruptions around the world. They used their increasing technical knowledge to bring down many virtual defenses. The company believes that in 2018 this trend will become more pronounced as hackers will use machine learning and artificial intelligence to carry out even more devastating attacks.
The year is going to be busy! Incidents like WannaCry, which affected more than 200,000 computers worldwide in May, are just a taste of the more powerful malware and DDoS attacks to come. Meanwhile, cybercriminals are preparing to step up their attacks on the millions of devices now connected to the Internet of Things in offices and homes. So, see what you can expect throughout 2018 and get ready:
Blockchain will not only be used with cryptocurrencies. Cyber criminals will focus on common currencies and exchanges
Blockchain is finally not just being used with cryptocurrencies anymore. It has expanded into banking clearings, something driven by the growing advancement in IoT. However, these use cases are still new and do not represent the focus of most cyber criminals today. Instead of directly attacking blockchain technology, they will compromise currency exchange and user wallets as they are the easiest targets and offer a good return. Victims will also be tricked into unknowingly installing coin miners on their computers and mobile devices, handing over their CPU and electricity to cyber criminals.
Cyber criminals will use artificial intelligence (AI) and machine learning (ML) to conduct attacks
Today, a conversation about cybersecurity is not complete without talking about artificial intelligence and machine learning. So far, this kind of conversation has focused on using these technologies as protection and detection mechanisms. However, that will change next year as both will be used by cyber criminals to conduct attacks. It will be the first year that we see AI versus AI in a cybersecurity context. Criminals will use AI to attack and exploit the victims' network, which is often the hardest part to compromise after an intrusion.
Supply chain attacks will become common
Supply chain attacks are essential to classic espionage and signals intelligence, affecting contractors, systems, companies and suppliers. They are very effective, with agents across the country using human intelligence to damage the weakest links in the chain and deploy malware at the manufacturing or distribution stage, through compromise or coercion.
These attacks are now becoming common cyber crimes. With publicly available information about technology, suppliers, contractors, partners and key employees, criminals are able to find and attack weak links in the supply chain. They carried out some successful and relevant attacks in 2016 and 2017 and will focus on this method in 2018.
Fileless and filelight malware will explode
In 2016 and 2017, the amount of fileless and filelight malware has consistently increased, and hackers have exploited organizations with no defenses against these threats. With fewer Indicators of Compromise (IoC), use of victims' own tools, and complex disjointed behaviors, these threats are more difficult to stop, track, and combat in multiple scenarios. As in the early ransomware era, when the initial success of some cyber criminals triggered a Gold Rush-like mindset, more hackers are now rushing to use the same techniques. While fileless and filelight malware are still smaller in magnitude compared to traditional malware, they will pose a significant threat and will explode in 2018.
Organizations will still struggle with security as a service (SaaS)
SaaS adoption continues to rapidly increase as organizations engage in digital transformation projects to drive business agility. The speed of this change and adoption creates many security challenges, as access and data control, user behavior, and data encryption vary considerably across SaaS applications. While this issue is nothing new and many of the security issues are well understood, organizations will continue to struggle with this in 2018.
Adding to the fact that new privacy and data protection laws will come into force globally, this will have significant implications in terms of penalties and, most importantly, reputational damage.
Organizations will still struggle with infrastructure-as-a-service (IaaS) security – More gaps due to error, compromise, and design
IaaS has completely changed the way companies manage their operations, offering tremendous benefits in agility, scalability, innovation and security. It also introduces significant risks. Simple mistakes can expose massive amounts of data and bring down entire systems. While the security controls that lie above the IaaS layer are the responsibility of the customer, traditional controls do not lend themselves well to new cloud-based environments, causing confusion, errors, and design issues. Ineffective and inappropriate controls are applied and new controls are ignored. This will cause more gaps throughout 2018 as organizations strive to change their security programs to support IaaS.
Financial Trojans will still do more damage than ransomware
Financial Trojans were some of the first malware to be monetized by cyber criminals. From their simple beginnings as credential harvesting tools, they have grown into advanced attack frameworks that target multiple banks and banking systems (making duplicate transactions, for example) and hide their tracks. They have proved to be very profitable for cyber criminals. The shift to mobile and app-based banking has somewhat constrained effectiveness, but criminals are quickly moving their attacks to these platforms. The profits made from financial Trojans are expected to increase, giving criminals greater gains compared to ransomware attacks.
Expensive home devices will be held hostage
Ransomware has become a major problem and is one of the scourges of the modern internet as it allows cyber criminals to make huge profits by locking down users' files and systems. The Gold Rush mentality has not only driven more and more criminals to distribute ransomware, it has also contributed to the growth of ransomware-as-a-service and other specializations in the cybercrime underworld. These specialists now want to increase the range of their attacks. To that end, they will exploit the huge increase in expensive connected home devices. Users are often unaware of threats to Smart TVs and to toys and other smart devices, which makes them interesting targets for cyber criminals.
IoT devices will be hijacked and used in DDoS attacks
In 2017, we saw a massive number of DDoS attacks utilizing hundreds of thousands of compromised IoT devices, in homes and workplaces, to generate traffic. And this is not expected to change as cyber criminals are trying to exploit poor security settings and lax personal management of home IoT devices. In addition, the controls and sensors of these devices will also be hijacked. Hackers will feed them audio, video or other fake inputs so that these devices do what they want instead of what users expect them to do.
IoT devices will provide persistent access to home networks
In addition to DDoS and ransomware attacks, IoT home devices will be compromised by cyber criminals to provide persistent access to the victim's network. Users often fail to consider the security implications of their home IoT devices, keeping the default settings and not updating them as vigilantly as they do with their computers. Persistent access means that no matter how many times a victim cleans their machine or secures their computer, the hacker will always have access to the network and systems the victim connects to.
Hackers will explore the move to DevOps
The agile DevOps and DevSecOps movements are transforming the IT and cybersecurity operations of every organization. With greater speed, more efficiency and more responsive delivery of IT services, this is fast becoming the norm. While this is all for the greater good, as with any transformation, there are chances not only of errors but also of exploitation by hackers. As with the shift to SaaS and IaaS, organizations are struggling to enforce security controls in new models of continuous integration and continuous delivery and automation. As environments change constantly, anomaly detection becomes more difficult, with many systems creating too many false positives to handle effectively. In the coming year, we will see more hackers taking advantage of this to cover up their activities in the victim's environment.
Cryptowar resurgence will enter its second phase
Cryptowars were fought and ended in the 1990s, or so everyone thought. Over the past two years, the fight has re-emerged with governments, policymakers, legal authorities, technology companies, telecom companies, advertising agencies, content providers, privacy bodies, human rights organizations and virtually everyone expressing different opinions about how encryption should be used, broken, circumvented, or enforced. The war will continue to be fought, for the most part, over privacy versus government surveillance, particularly in the case of device encryption and communication (email and messages). Furthermore, it is expected to see content providers, telecom companies and advertising agencies heavily influencing the adoption of transport layer encryption, as it is often seen to be against their business models.
EN 
PT 
