NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Threat and Exposure Research

2018 Top Cybersecurity Threats

It’s a cliché now to declare any year the year of the _____-breach. It’s especially difficult to see around corners in the cybersecurity industry, but not impossible. To do so, it’s necessary to closely watch and understand the latest technologies, socio-economic trends, legal/privacy trends and even political climates.

This year, NopSec did just that with our 2018 Top Cybersecurity Threats White paper, and we predict that the biggest cyber threats will be massive data breaches, ransomware, opportunistic crypto-mining attacks and IoT hacking. Here’s a sneak peek of what we have in store:

Massive Data Breaches

Some of the largest and most unique data breaches ever were seen in 2017. In September, Equifax announced that it lost data belonging to 143 million people — more than half the adults currently living in the United States. Unlike most other breaches, this wasn’t just names, email addresses and credit card numbers. The credit reports kept on file by credit bureaus like Equifax contain much more information. In October, Equifax announced an additional 2.5 million records were exposed as well.

Ransomware

Ransomware dominated the news cycles in 2017 and we don’t expect that to change in 2018. New trends, like Ransomware-as-a-Service (RaaS) will increase the volume and impact of ransomware.

Ransomware has progressively become more powerful and destructive over the past few years. This arms race peaked with the state-sponsored WannaCry (attributed to North Korea) and NotPetya (attributed to Russia), which weren’t really ransomware at all. Ransomware-as-a-Service is a currently evolving market with SatanPhiladelphia and the less creatively-named MacRansom spotted for sale.

Cryptocurrency Hacks — Cryptojacking

Cryptocurrency has been a game changer for the criminal world. The availability of anonymous currency with no geo-political ties has allowed criminals to cut down on the number of steps necessary to get paid and cuts down on risk.

While most mainstream cryptocurrency is well designed and secure on its own, the wallets, markets and exchanges used to buy, sell and manage these coins have not been as secure. We’ve seen a wealth of issues (literally) that often result in direct theft of funds from exchanges and individuals’ wallets. Funds have been stolen from several initial coin offerings: $7.4 million from Coindash’s ICO, for example. A vulnerability in the Parity Multisig Wallet allowed $32 million to be stolen from the ICOs of Edgeless, Casino, Swarm City and aeternity blockchain.

IoT

The technology market is in full swing with IoT. Slick, Internet-connected devices hit the market daily, closely followed by less expensive (and often less secure) variants. While most experts, buyers and consumers agree that IoT devices must have security built-in, not all do.

The Mirai botnet responsible for some of the largest DDoS attacks ever seen has left a legacy in its wake. The Satori and Reaper IoT botnets have competed fiercely for access to devices. They often attempted to steal directly from other botnets, then shutting down external access to prevent reprisals. While these IoT botnets have been largely comprised of enterprise-level devices (IP cameras have been a popular target), future botnets could target consumer devices as well.

Conclusion

Technology is advancing quickly and it’s not all about robotics, space exploration and whatever else graces the cover of Popular Mechanics magazine these days. As these new technologies emerge, use them and understand them. Then think about ways to abuse them. This thought process makes it possible to mitigate a portion of threats before they become threats.

Accurately predicting the next attack is a lot like playing chess — consider what’s possible, try to think like your opponent, consider worst-case scenarios and try to plan several moves ahead. Considering most vulnerabilities are exploited before public awareness or immediately after, it is important to include prediction exercises when planning and developing security strategy.

To learn more, download the 2018 Top Cybersecurity Threats white paper.

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.