2018: The gloves are off as cybercriminals leverage AI, profiling

Automation, artificial intelligence and machine learning will escalate the volume and sophistication of cybercriminal activity in 2018, security pundits have warned as the business community closes the books on a year filled with the most destructive and costly cybercriminal activity ever.

Growing returns from cryptocurrencies will see malware authors focused on compromising coin exchanges, users’ coin wallets, and installing coin miners onto malware victims’ computers and mobile devices, according to Symantec Pacific region chief technology officer Nick Savvides.

The depredations of 2017 were “just the warmup to a new year of more virulent malware and DDoS attacks,” he said, adding that cybercriminals are set to “step up their attacks” on the world’s growing Internet of Things (IoT) networks and exploit the move to DevOps by looking for blind spots in companies’ process automation efforts.

Also likely to drive the agenda in 2018, Savvides said, are new forms of malware such as fireless and file-light malware that helps avoid detection tools; attacks on company supply chains to find weak points that facilitate lateral movement within a company; and ongoing struggles with security as a service (SaaS) and infrastructure as a service (IaaS) security, which created security issues for the likes of the Australian Broadcasting Corporation this year.

Tenable ANZ country manager Bede Hackney warned that IoT’s lack of security standards would keep the sector “an unorganised mess” in 2018 and industrial security getting attention as plant operators get serious about the need to protect themselves with enhanced security. Hackney was more bullish on DevOps, arguing that the operational philosophy would go mainstream in 2018 as elastic computing and containers are increasingly adopted.

“Understanding an organisation’s cyber exposure gap in 2018 will transform security from a raw list of vulnerabilities to a metrics-driven program,” Hackney said, “where cyber risk is quantified and measured alongside every other business risk and every strategic business decision will rely on it. Attackers will always find the weak link, so understanding and protecting what matters most across your entire attack surface is essential. Infrastructure must be constantly monitored and changed as the threat landscape evolves.”

Tony Jarvis, Check Point Software Technologies APAC/MEA chief strategist for threat prevention, warned of a climate of growing IoT threats, the increasing use of infrastructure to cause physical damage, and the need for users to sift through fake news on social-media platforms, Jarvis warned.

There was “absolute certainty”, Jarvis said, of growing ransomware volumes during 2018 and argued that CSOs would need to step up efforts to help users identify potentially fraudulent emails.

His thoughts were echoed by Eugene Weiss, lead platform architect with Barracuda Networks, who argued that ransomware’s continuing presence would be fuelled by new cryptocurrencies and the use of extensive research and profiling to target specific victims more effectively. Senior sales engineer Mark Lukie noted the contributing efforts of inexpensive ransomware-as-a-service offerings, with more ransomware using SQL injections to lock entire web sites rather than just scrambling a single file system.

Corporate data-security strategies would be dominated by software-defined WANs, hybrid cloud adoption and high-profile website breaches. But the growing popularity of Microsoft’s Office 365 would make it an increasingly popular target for cybercriminals, Lukie noted, with account compromise attacks on the rise and a growing body of customer data making the platform “a breeding ground for highly personalised, compelling attacks by cybercriminals.”

IBM Security specialists believe cybercriminals will plumb the more than 2 billion data records stolen this year to launch identity-based criminal activity “at a scale never seen before”. Africa would emerge as a key battleground for “impactful cyber events”, the firm predicted, with ransomware locking up IoT devices and many companies finding themselves in an AI-versus-AI battle against cybercriminals leveraging machine learning to adaptively attack their targets.

Yet it won’t all be one-sided in 2018, with IBM predicting that many companies would demonstrate “a fast and appropriate response to a large-scale data breach or cyberattack” as their NDB preparations are put to the test.

Sense of Security chief technology officer Jason Edelstein believes companies will increasingly look past penetration testing to take a more holistic – and ongoing – approach to security efforts. Companies will expand their information-security efforts to include physical buildings and other assets, Edelstein predicts, with developers “shifting left” to include security earlier on in their software development lifecycle.

“If anything, this year has shown us companies need to increase their focus on identification, preparation and response,” Edelstein advises. “Cyber security is a volatile environment and the smallest human error can bypass any amount of protection in place.”

“Organisations are often exposed to product and protocol layer vulnerabilities irrespective of the application or implementation. Easy to guess pins and default username and password combinations, such as admin/admin, all acted as open doors for hackers to gain access.”

The new Notifiable Data Breaches (NDB) scheme will increase pressure on organisations to be better informed about their security posture – and to detect data breaches faster than ever.

“How effective the bill will be in encouraging better security practices is still unknown, as interpretations of the new law and the impact of a breach can be highly debated,” Edelstein says. “Many will wait to see if the government will follow through on penalties and, if there is no real incentive to incur costs to be compliant, won’t abide by the new legislation.”