Member Article

Six Cybersecurity Trends Organisations Need To Watch For In 2018

Phishing, social engineering and ransomware trends will continue to get worse in 2018. Knowbe4 shares an insider’s perspective of six cybersecurity trends that organisations are already experiencing today and should expect tomorrow.

While we would love to say that 2018 is going to be a lighter year in terms of cyberattacks and threats, but no one can afford to be that naïve, “The truth of the matter is that today’s world simply lives on digital data which means there is more and more for bad guys to try to steal. Cybercriminals work constantly to “upgrade” their attacks so organisations need to prepare themselves and train their workforce to make smarter security decisions and create a human firewall as an effective last line of defence when all security software fails.

1. Exponential growth of the ransomware plague, especially the “as-a-service” strains. The massive ransomware attacks of 2017 aren’t going anywhere. Instead, they will grow exponentially and mutate to gain further traction. We’ll see a rise in ransomware attacks that also exfiltrate data, allowing cybercriminals a second way to ransom data through the threat of exposure. Additionally, ransomware-as-a service will continue to grow and will be the source of a significant percentage of attacks. Custom-made ransomware attacks will be reserved only for very high-value targets.
2. Hybrid attacks will be used to distract organisations. We saw it happen in Ukraine last month when Bad Rabbit ransomware served as an obvious and intrusive attack while, simultaneously, a silent, hidden spear-phishing campaign was carried out. We will see this as a new criminal modus operandi through 2018; ransomware infections will be used as a distraction, so the bad guys can accomplish their other more devious goals. Additionally, we should expect to see an increase in multi-vector social engineering attacks leveraging ‘smishing’ (text) and ‘vishing’ (voice) along with traditional phishing (email) social engineering techniques.
3. Automation makes detecting attacks harder. Phishing bots and intelligent scraping of social media and the Dark Web will make automated spear-phishing a very real, very hard-to-identify problem. The amount of data stolen in mega breaches over the past year—especially Equifax—makes it easy to automate mass spear-phishing emails that are both highly detailed and very effective social engineering attacks.
4. Extortion scams will have a long tail. It’s bad enough to have your data held hostage until you pay a ransom 48 or 72 hours later. As we move into 2018, scams are going to extend that timeline, creating long-term or lingering extortion situations that are an ongoing nightmare for organisations and individual internet users alike. An example of this would be a ransomware attack that demands nude photos of the victim as “payment”, opening the door for continued blackmail.
5. Search result tampering will drive users to compromised websites. Whether you call it search “tampering” or “poisoning”, 2018 will see an increase in search results that route users to compromised sites which exploit bugs in the workstation’s software, resulting in a complete take-over of their computer. Users will have to be particularly vigilant if they work in regulated industries such as Financial Services, Insurance and Healthcare, where personal identifiable information abounds.
6. Blame-ware and “False Flag” operations will increase. Due to the recent European Union’s declaration that a cyberattack is an act of war, we’ll see more cyber propaganda operations that are engineered to spark conflict between countries, undermine democracies, and destabilize trust globally, making attribution very hard to determine.

This was posted in Bdaily's Members' News section by Contributor .