Predicting big events in cyber security can be a tricky task. Attacks seem to have waves of innovation and adaptation then plateau and stay low on the radar, only to come back years later in new forms or adapted to other new exploits. An example of this is the use of encryption and destructive software in malicious ransomware campaigns. Both have been used before but are now repurposed in a much more effective manner. Predicting malicious campaigns or new exploits, is made even more difficult because of new software or hardware with unreleased bugs and vulnerabilities that may drive and shift attack and defense paradigms
With the creation of new technology and development of new software applications, the possibility of abuse and exploitation is always parallel. Hence, predicting these type of events may be linked to the creation or widespread adaptation of new technologies, even though we have seen at times how code that was allegedly a decade old as of 2017 was still very powerful..
Cyber attack trends and the use of weaponized code are also inexorably tied to geopolitical factors, as cyber has become part of warfare. It is known that once such code is disclosed, it will be repurposed and adapted to exploits and known type of attack vectors to make them more effective. Example of that is the addition of EternalBlue to WannaCry ransomware software last year.
The internet is now, more than ever, embedded everywhere, from Personal Area Networks, Home AI, Internet of Things and the corresponding big data distributed backends needed to interconnect and process their information in the cloud. They have blurred the edge and made the internet part of our homes, bringing its risks with them. The adoption of Artificial Intelligence in cyber security is still its infancy and yet to be developed. Just as AI is being used mainly to drive defense technologies, however, it is a matter of time until this technology is adapted as well for malicious purposes. With all these caveats in mind, here is what past and present events suggest may happen this year:
- Exploitation of IoT will increase as they become pervasive in homes and companies. AI technology is here to stay, it is still unknown how many risks and vulnerabilities these devices may have, as such devices are incorporated into houses and companies, it is very likely that malicious actors will target and successfully exploit them.
- Likely a byproduct of the IoT home networking exploitation, 1TB plus volumetric DDoS attacks will increase in frequency, as more devices are available for exploitation and abuse, hence being added to attack botnets.
- SMS will be discarded as authentication tool due to phone porting, SS7 and MFA phishing attacks. This is a clear trend as of last quarter of this year, however it is likely to grow in numbers, to a point where SMS will have to be discarded as an authentication factor.
- Cell phone Infrastructure driven attacks. Vulnerabilities in cellphone/wireless spectrums will be targeted to pivot to critical infrastructure (Power, Transportation and other utilities). This type of infrastructure is known to connect in many instances, parts of our critical infrastructure such as Dams, bridges, pumps, etc. This cell phone infrastructure will continue to be targeted and we might witness actual effects on critical infrastructure.
- Ransomware / Destructive malware used against critical infrastructure. In 2017 we witnessed the targeting of governments via specially crafted and obfuscated ransomware, destructive code. Examples of that were the attacks against Britain’s NHS and Ukrainian infrastructure including nuclear power plants. The time will come where these types of attacks pass through our current defenses and affect our critical infrastructure. This likely will happen during 2018.
- Mega breaches will continue, not too long ago SQL injections where the main drivers of mega breaches, nowadays Amazon S3 buckets seem to have replaced them as the driver of mega breaches and data disclosures. This is unfortunately likely to continue as research indicates there are still plenty of unsecured S3 buckets, plus high value target organizations.
- AI/ML tech will be weaponized. This is inevitable as malicious actors will eventually find a way to incorporate current AI/ML technology into their attacks, this may likely happen either via addition to DDoS or exploitation attacks.
- Client based exploits (Phishing) will continue to be the main vector of attack as enterprises harden up defenses. Phishing continues to be a challenging attack vector to defend against, and pretty much an unsolved problem for enterprises, this will keep driving these types of attacks.
- Identity “Firewalls” will become a thing. With prevalence of stolen identity information, a tool or mechanism that detects unauthorized use will have to be created. It may imply a new identity framework or technology beyond current “identity protection services”.
- Devastating cyber attack may lead to “break up” of internet. It is a matter of time until an attack with grave effects on people’s way of life leads to a forced “break up” of the internet. This means the days of reaching governments, airplanes, cars, nuclear plants, dams, etc via internet from everywhere may be numbered.