Cybersecurity Predictions: What to expect in 2018

Get ready! 2018 is going to be much worse for cybersecurity than what it was for 2017.

Before we get on with the cybersecurity predictions for 2018, let’s take a quick flashback of 2017
2017 was riddled with cybersecurity mayhem: WannaCry – the biggest ransomware attack in history; took down over 300,000 computers worldwide, closely followed by Petya (later classified as NotPetya) which, according to many experts, cost affected organizations 10 times more than WannaCry. Then came the Equifax (a consumer credit reporting agency) data breach exposing credit card numbers of over 209,000 people. And just when we thought that the worst was over, the Bad Rabbit ransomware reared its head out of its hiding place costing some major organizations hundreds of millions of dollars. And the cherry on the cake was the Uber hack. The hack happened in 2016 but the fact that the management hid the incident from its users for almost a year and paid the hacker ‘shut up’ money does qualify it to be one of the major cybersecurity incidents of 2017. And these, for troubling reasons, are just a few of the several other incidents that were afoot in 2017: HBO hack, Deloitte hack, Forever 21 hack, Imgur hack, and the allegations on antivirus firm Kaspersky being involved in a Russian government hack of an NSA contractor in 2015. Phew! The list is never ending. So, circling back to the question – was 2017 a good year for cybersecurity? Well, think twice before saying yes.

Cybersecurity predictions for 2018
To make a long story short – 2018 is going to be much worse for cybersecurity. As much pessimistic as this prediction may sound, it should be an eye-opener for businesses and individuals. Day by day we are clinging to technology, increasing our dependencies on it, and sharing our data with almost every digital object we use. It’s a click-and-done world we live in. But, when it comes to securing our digital selves, we are as primitive as the first computer. Case in point: the worst password used by most people in 2017 is ‘123456’ (study conducted by SplashData). Our complacent attitude towards cybersecurity is one of the major reasons why cybercriminals will get the better of us in 2018 as well. Starting off with the predictions, here they are:

#1. Ransomware will become more vicious
This is a fairly obvious and logical cybersecurity prediction for 2018 – deductible from the success rate of ransomware and their growth in 2017. Ransomware is no more just a malware category but it has evolved into a fully functional business thanks to Ransomware-as-a-Service: seasoned coders create ransomware and sell them to beginners or novice criminals on the online black market – that’s right, as a service. Ransomware hits businesses and individuals where it hurts the most – their data. And because these attacks pay off well, attackers will strengthen their encryption techniques and work on advanced methods to beat antivirus software. In addition to that, most ransomware creators ask ransom in cryptocurrency like Bitcoins whose value have recently started going through the roof – a sort of encouragement for cyber crooks to work harder on their ransomware business.

In Q3 2017, Quick Heal Security Labs detected about 25,750 ransomware per day and 9 new ransomware families.

#2. Crpytojacking – a new menace to deal with
If you haven’t been paying attention, cryptocurrencies (digital or virtual currency like Bitcoin) have skyrocketed in the recent few months. During the time when this article was written, 1 Bitcoin was worth $15,400. That’s a lot of money in there; which brings us to ‘cryptojacking’. Cryptojacking refers to secretly mining cryptocurrency (generating digital cash) by a website using the resources of your computer usually without your knowledge. How is this harmful? It is estimated that a single Bitcoin transaction (which happens in cryptojacking) consumes 215 kilowatt-hours (KWh) of energy causing significant system slowdown and spiked electricity bills. Now, cryptojacking might be used by legitimate sites as a revenue stream instead of serving their visitors with pesky advertisements – which makes sense in a way. But, the fact that, this entire thing goes on without the user’s consent still makes it malicious. Looking at cryptojacking from an angle of cybercrime – there is another side to it. Hackers might inject mining codes into legitimate websites (without the website owner’s nor its visitor’s knowledge) to generate cryptocurrency and fill their wallet.

Now, all this might not look as harmful as a phishing or traditional malware attack, but at the end of it all you are being robbed of your money indirectly without your knowledge or will.

If you want to know more about cryptojacking, here is a good read.

#3. Increase in threats to mobile devices
The biggest elephant in the room of cybersecurity is mobile device security – we all see it but no one wants to discuss it. Let’s agree that most of us are more worried about our smartphone getting scratched than having it infected by a virus. Threats to mobile devices will increase in 2018 and the years to come because of two simple reasons (at least):

1) Mobile transactions (banking, shopping, paying bills, etc.) are growing exponentially. If we talk about only India, Prime Minister Narendra Modi’s website stated a startling fact that over 72 crore transactions were done using mobile banking in 2016-17. This is a mammoth jump from 9.47 crore in 2013-14.

2) Netizens are replacing computers with mobile phones to stay online. According to a data published by StatCounter GlobalStats, users in India accessed the Internet through their mobiles nearly 80% of the time in 2017. And as accessing the Internet and buying smartphones become more affordable, it is only a matter of time before laptops and desktops suffer the same fate as that of the floppy disk. As of now, India leads the world in accessing the Internet by mobile phones.

So, with mobile phones becoming an inseparable part of our daily lives, it should be pretty easy for us to sense the magnitude of the threat that looms over all of us – well, particularly those who believe mobile phones are less attractive targets for cybercriminals.

In Q3 2017, Quick Heal Security Labs received over 2 million Android samples (samples are files exhibiting malicious or suspicious behavior).

#4. Artificial Intelligence – its use and misuse
The same technology that we use to improve our lives is used by cybercriminals against us. It’s a double-edged sword, and AI is just one example. In a bid to counter advanced cyberattacks that most traditional antivirus software fail to do so, security software are now being bolstered with AI and machine learning. AI will fasten up the process of detecting security weaknesses and patching them, and analyze the history of attacks to prevent future attacks. Involvement of AI will prove to be more helpful in detecting Advanced Persistent Threats that usually go undetected until a time where the damage becomes irreversible. And these are just a handful of examples of how AI can bring about a revolution in cybersecurity. Now, the AI prospect becomes scarier when we start decoding the possibilities of how it can be used by folks on the other side of the wall – cybercriminals. They will use AI to speed up the process of detecting vulnerabilities and exploiting them, for staying hidden and launching their attacks in more intelligent and full-proof ways. In short, it will be AI-powered security vs AI-laden malware.

#5. Internet of Things will still remain an easy picking for attackers
When convenience triumphs security, we get the Internet of Things (IoT). Your smartphone-controlled coffee mug can make your mornings bright but if misused by a cyber crook, the results might just be the opposite. One of the biggest challenges that have remained with IoT is their slow adoption of security. They are like the newborns in a heard of animals who are relatively weak, slow, juicy, and fresh but with no security – easy pickings! And this has been proved time and again; case in point: the Mirai botnet attack in August 2016 which was responsible for one of the largest DDoS attacks in history. And the Persirai botnet attack that targeted over 1000 Internet connected camera models to launch DDoS attacks. Having said all of that, the IoT security ecosystem seems to have been put on high priority in 2018 according to experts. So, we can hope to see some major improvements there.

If there is anything worse than living without any security is living with a false sense of it.

#6. Small and medium-sized businesses will remain in the kill zone for cybercriminals in 2018
This is more of a logical deduction than a prediction. Small and medium-sized businesses operate with a false sense of security – ‘they are too small to attract predators’. And if there is anything worse than living without any security is living with a false sense of it. According to the Verizon Data Breach Investigation Report of 2017, 61% of all cyberattacks target small businesses. Still, wonder why that happens? Primarily for two reasons:

1)    Small businesses hold information (although less) but valuable

2)    And even if they do not hold any data worth stealing, they can be used as pawns by attackers to hack into bigger clients who hold more valuable data.

So, if you own a small food joint where you collect basic information about your customers such as phone numbers, email addresses, names, etc., or if you are dealing with a bigger organization as their partner, you have all reasons to worry about the security of the network you are on and the computers you use.

Well, the cybersecurity predictions for 2018 do not look pretty at all. In a battle, knowing what you are up against and predicting your enemy’s next blow may fill your heart with dread and ominousness. But, this is what being prepared for a brewing storm is all about. It is about surviving an attack, learning from it, and fighting the next wave and keeping up the fight. 2018 sure looks terrible for cybersecurity, but all is not lost. An attacker might send you 10 infected emails – all they need is one click on your end. What if you avoid this? There might be 10 malicious apps in the app store just waiting to get inside your smartphone and ruin your life. What if your mobile is secured with an antivirus app? You might get 10 pop-up ads infected with malware on a random website you visit. What if you know better than to click on them?

Our one cautious step can foil 10 malicious attempts of an attacker to trick us. All we need to do is find an answer to the question, “Will investing my time and money in securing my digital devices cost me more than what I’ll suffer from a cyberattack?” If we choose the answer wisely, then we have nothing to worry about in 2018 and for the years to come. Stay safe.

Also read: Are small and medium-sized businesses an easy target for hackers?

Content references:

https://www.csoonline.com/article/3241766/cyber-attacks-espionage/top-5-cybersecurity-concerns-for-2018.html

https://special.ndtv.com/cashless-bano-india-14/news-detail/india-sees-55-increase-in-digital-transactions-in-a-year-mobile-banking-jumps-122-1724624/7

https://www.sendwordnow.com/blog/trends-threats-mobile-security/

https://www.csis.org/programs/cybersecurity-and-warfare/technology-policy-program/other-projects-cybersecurity

https://www.forbes.com/sites/gilpress/2017/11/26/60-cybersecurity-predictions-for-2018/5/#71ba171743b2

Rajiv Singha