Vectra 2018 Cyber Security predictions
- Ransomware attack trends will split based on motives
Ransomware as a disruptive or destructive attack will increase. Cyber warcraft is the new oil – in essence, total control of corporate networks or industrial plants have become as valuable as energy resources and motivate nation states. However, we will see a decrease in ransomware purely for financial gain as fewer victims pay up.
- Global threats will be orchestrated by national state
North Korea will continue to use cyber-attacks to gain access to much-needed hard currency. North Korea showed the world their cyber skills when hackers successfully stole $81 million from New York Federal Reserve in 2016 and when hackers launched the WannaCry attack on the NHS in May 2017. Although, the hackers intended to get away with $1 billion in the New York Federal Reserve attack, $81 million is still a significant loss. The army of hackers is 6,000 strong, demonstrating that the country poses a devastating threat to any targets it chooses. Further, North Korea’s lack of electronic infrastructure makes it less susceptible to retaliatory cyberattacks than most nations. Even more concerning, the lines between nation state cyberwarfare and cybercrime will become increasingly blurred.
- Exfiltration of data from cloud-based storage will accelerate
We will see an uptake in the exfiltration of sensitive data at the cross-section of IaaS and PaaS. On top of this, organisations will often have no idea that their data has been stolen. Virtual forms of traditional security products will be powerless to contain this threat.
- The way the good guys and bad guys use AI will shift
Cybersecurity is an arms race and the weaker party will resort to asymmetric means to achieve its goals. Just as organisations are adopting machine learning and AI to improve their cybersecurity posture, so are the threat actors. Attackers will increasingly use machine learning to speed up the process of finding vulnerabilities in commercial products, with the end result being that attackers will use ever more new exploits without signalling that AI was involved in their creation.
AI will also increase the number of qualified cybersecurity professionals as it lowers the barriers of entry into the profession and allows less trained individuals to still be effective on the front lines of the cybersecurity battle. In addition, AI will allow existing cybersecurity professionals to move up-market by leveraging AI to find more complex attack scenarios before they do significant damage.
- The return of the worm
Worms will rear their ugly heads again as a popular method of fast propagation of malicious payloads. Worms can bypass the need to get past firewall and phishing controls, easily accessing the soft underbelly of the enterprise network. In the wake of worm attacks like WannaCry and copycats, enterprises will continue to struggle to get out in front of a worm progression moving at machine speed.