If you think 2017 was bad, hold on for dear life because 2018 is going to be the worst yet when it comes to cyber attacks, with new and better coordinated attacks looming large.
Why? Three forces are going to be combined by the bad guys:
- The massive amount of stolen personally identifiable information from breaches will be harnessed through commercial-strength merge/purge/append processes with social-media info into a rich, granular dataset ready for spear-phishing with stunning precision using social engineering tactics.
- Machine learning has become a well-honed science. Online advertisers and political campaigns have become very good at applying data analytics to large data sets. The bad guys are using this very same technology now to target your end-users using all the data breach "take", including Equifax.
- Botnets continue to proliferate, which allow bad actors to bypass your filters using hundreds of thousands of personal computers.
This toxic combo of stolen data, mixed with machine learning and poured into an unbeatable botnet gives the bad guys a potent way to weaponize phishing attacks.
Cybersecuity firm Check Point said you should prepare for larger, orchestrated worldwide outbreaks as hackers devise new strategies to cash in on human errors.
Check Point spokesperson Doros Hadjizenonos said: “As operating systems beef up their security, we expect to see a decline in the use of exploits to target vulnerabilities, in favor of an increase in the use of human-error driven basic hacking techniques.”
Here are five areas you will see these attacks surface:
- Ransomware: It's been a cash cow for criminals, as well as being used as obfuscation for highly destructive purposes like disk wipers.
- Cryptocurrency Hacks: The combined market cap of Bitcoin, Ethereum, Litecoin and Monero is now more than $500 billion which makes them a juicy target for criminal hackers. You can just wait to see them get hit so hard that the bubble will burst because people start to understand the risks.
- Cloud Concerns: Many of us are now using server-less computing and data storage in the cloud. It's still relatively new though, and we all know that V1.0 has holes that can provide entry for hackers and spread rapidly across networks.
- Mobile mishaps: Mobile devices are part of the business IT fabric everywhere, yet they continue to be rarely, if ever, secured appropriately. They are more and more a vulnerability risk.
- Critical infrastructure: The majority of critical infrastructure networks were designed and built before the threat of cyber attacks. This year we saw Russia, Iran, China and North Korea proactively probing and, in a few cases, successfully breaching the dedicated networks that run our utilities and manufacturing plants.
A slight glimpse of what an attack like this could cause was the DDoS attack against domain directory service DynDNS in 2016, which caused an internet outage affecting users of large web businesses such as Netflix and Amazon.
I hope we will not get hit with a major disruption like this as part of a cyber war, although this is not impossible.
And oh...Happy New Year!
Warm regards,
Stu Sjouwerman
Founder and CEO, KnowBe4, Inc