Cybercrime is a fast-paced world, with bad actors constantly networking, researching and testing out new tactics to increase reward and scale of attack. 2018 has been an intense year so far in cybersecurity, with an array of breaches and threats hitting headlines. Here are several trends in cybersecurity to keep an eye on:
A rise of state-sponsored attacks
The rise of nation state cyber-attacks is perhaps one of the most concerning areas of cyber-security. Such attacks are usually politically motivated, and go beyond financial gain. They are usually developed to acquire data that can be used to obstruct the objectives of a given political entity. They may also be used to target electronic voting systems in order to manipulate public opinion.
As a rule state-sponsored attacks are targeted, sophisticated, well-funded and have the potential to be incredibly disruptive. The countries most notorious for unleashing such attacks include; China, Russia, Iran, Israel, North Korea, and the United States.
Of course, given the level of expertise and finance that is behind these attacks, they may prove very difficult to protect against. Governments must ensure that their internal networks are isolated from the internet, and ensure that extensive security checks are carried out on all staff members.
Also it is essential that nations work together and share any information they have about potential state-sponsored threats.
AI/Machine Learning (ML) software has the ability to “learn” from the consequences of past events in order to help predict and identify cybersecurity threats. According to a report by Webroot, AI is used by approximately 87% of US cybersecurity professionals. However, AI may prove to be a double-edged sword as 91% of security professionals are concerned that hackers will use AI to launch even more sophisticated cyber-attacks.
For example, AI can be used to automate the collection of certain information — perhaps relating to a specific organization — which may be sourced from support forums, code repositories, social media platforms and more. Additionally, AI may be able to assist hackers when it comes to cracking passwords by narrowing down the number of probable passwords based on geography, demographics and other such factors.
Passwords being replaced by biometric authentication
Our digital lives are ruled by a number of online applications and each of them require a username and password for accessing. To protect the data behind these apps, we should create complex passwords and change it often. With exponential improvements in computing power, and easy access to lots of it in the cloud, the time it takes to brute force passwords is rapidly reducing. What took nearly 4 years in 2000, now takes only 2 months. Add to that the fact that stolen, hacked, and traded, passwords have never before been so openly available. As a result, it’s increasingly commonplace to encounter biometric authentication (facial, fingerprint, iris, and voice) included in everyday mobile, tablet, and laptop devices, as well as physical access and online services.
Ransomware and IoT
IoT (Internet of Things) ransomware isn’t widely discussed. This is understandable, because most IoT devices don’t typically store valuable data. Even if an IoT device was infected, and the data it holds was encrypted, it is not likely that anyone would bother to pay the ransom. Not only that, but developing ransomware for IoT devices would not be cost effective as the potential number of victims would be much less.
However, we should still be very careful not to underestimate the potential damage IoT ransomware could cause. For example, hackers may choose to target critical systems such as power grids. Should the victim fail to the pay the ransom within a short period of time, the attackers may choose to shut down the grid. Alternatively, they may choose to target factory lines, smart cars and home appliances such as smart fridges, smart ovens etc.
And what are your thoughts on the scale and quality of cyberattacks, and what businesses and governments should do to protect themselves against cyberattacks?