The 2018 Cyberthreat Landscape—Predictions and Trends

As in recent years, 2017 has been marked by an increasing number of cyberattacks, and indications point to another tumultuous year as we head into 2018.

2018 Cyberthreat Predictions and Trends

With companies storing more data in the cloud and the number of Internet-connected devices rapidly increasing, the appeal and opportunity for cybercrime continues to escalate. But there is also good news. Technological advances have produced significant new products and defense mechanisms as well, and we’ll see those continuing to emerge throughout the year.

Here’s a look at the 2018 cybersecurity landscape, and what we can expect to see—from both attack and defense perspectives.

1) Cybercriminals Get More Sophisticated—Developing Multiple New Ways to Attack Their Victims

In 2018, it will be markedly easier for small organizations and individuals to wield the kind of sophisticated hacking capability that used to be limited to nation or state-level expertise and investment. As a result, we can expect to see a wide range of new attacks, new attackers, and new attack methods.

Today’s criminals use sophisticated software, bots, viruses, Trojans and phishing techniques to infiltrate networks. In 2018, we can expect to see a dramatic increase in sophistication among cybercriminals, even entry and mid-level hackers, as they leverage AI (Artificial Intelligence) and ML (Machine Learning) powered hacking kits built from tools that criminals leaked or stole from state-sponsored intelligence agencies. A recent article by CNBC summed it up well, stating “There are stockpiles of the most sophisticated cyber exploits up for sale if you want to hack, and you don’t have to be good at it.”

In particular, we can expect social engineering attacks to rise significantly. As organizations deploy extensive, in-depth security mechanisms, the weak link becomes the user. We’ll see increasingly “personalized” attacks that leverage information from social networks, professional sites, and other forms of open-source intelligence.

2) Malware Invades Hardware at Increasing Rates

With the proper skills and access, a cybercriminal can tamper with virtually anything that has non-volatile, writeable storage, and render it inoperable—or even malicious. Since most malware detection products won’t identify malware that has found its way into hardware, we expect to see hackers increasingly turn to this type of attack during 2018.

Most malware takes root in applications and operating systems. However, we’ve recently seen an increased amount of malware that attacks the firmware and memory of hardware devices like disk controllers, network and graphic cards, fingerprint sensors, and computer cameras. For example, we witnessed malicious firmware in 26 Android devices and a fake Apple firmware patch that was full of malware. In another instance, according to The Register, earlier this year at least 10 industrial plants running Siemens equipment, seven of which were in the United States, had their logic controllers infected with malware. The point here is not that it was industrial infrastructure that was targeted, but that it was the hardware in the logic controllers that was compromised, and that can happen in virtually any industry.

3) The Cyberattack Surface Expands Exponentially

For decades, the cyberworld was fairly homogenous, being heavily dominated by Microsoft Windows. That mostly uniform environment focused the majority of cyberattacks on Windows-based systems and applications. Although Microsoft’s dominance has been fading for years, it wasn’t until this year that another operating system became as widely deployed when Android surpassed Microsoft as the world’s most popular operating system—giving cybercriminals a good reason to expand their number of attack points. To the countless Microsoft and Android platforms add the strong growth of iOS-based systems and the introduction of billions of Internet-connected devices, resulting in an expanded attack surface that is so extensive it’s hard to fathom: a true hacker’s paradise.

With the limited amount of resources that most companies have with which to defend so many targets, expect the number of breaches targeting non-Windows systems to reach all-time highs.

4) Giant Leap in Adoption of Security Oriented AI & ML

Over the course of the last several years, AI and ML technologies have advanced tremendously, and their benefit to cybersecurity is obvious. Enterprises face millions of cyberthreats every day, and it’s virtually impossible for even a large staff of human security analysts to process all of the data and manually evaluate each security incident or alert. AI and ML are particularly suited to solve these problems, and organizations that have already deployed tools that incorporate them are, for the most part, reporting significant improvements in cybersecurity. They are also experiencing a dramatic reduction in the burden on human resources.

These positive reports from AI and ML early adopters of are helping to fuel the growth of these technologies, and we expect to see a significant leap in their adoption during 2018. Although AI- and ML-based tools are still evolving and are not by themselves a panacea, organizations will reap significant benefits by using these technologies to augment existing security products.

5) Security Automation Becomes a Primary Objective

With the escalating number of cyberattacks and limited resources to fight them, during 2018 we can expect to see organizations start to automate as many cybersecurity functions as possible. Organizations will use ML, AI, and outsourcing to do much of the heavy lifting. This will allow human cyber-teams to focus on those things that can’t be fully automated, such as high-risk threats, improving defenses, and adding a layer of human judgment on top of the automation.

The shortage of qualified cybersecurity professionals is ominous. CSO Online predicts that there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million positions in 2014, driving the need for security automation.

6) Cybersecurity Augments Prevention with Resiliency

Throughout 2018, we can expect to see organizations increasingly adopt the philosophy that data breaches are inevitable, and instead of focusing primarily on breach prevention, organizations will begin in earnest to invest in breach containment and rapid recovery. These tools will quickly detect breaches, isolate infected assets and network segments, and rapidly restore damaged data and systems.

This doesn’t mean that breach prevention programs will be abandoned, but it does indicate that organizations will add strong initiatives to beef up resiliency. Organizations will seek products and technologies that assist first responders with an easily understood and complete context of the situation.

An interesting example of increased resiliency is the Sheltered Harbor program adopted by the financial services industry. The technology automatically creates encrypted data vaults that organizations can use to quickly restore systems and data following a cyberattack.

Bottom Line—Cybercrime Impact Will Be Huge in 2018

According to Cybersecurity Ventures, cybercrime will rise dramatically during 2018 and will cost the world $6 trillion dollars annually by 2021. That’s a huge impact. The ever-increasing attack surface is already so large that the limited cybersecurity resources found in most organizations are unable to keep up with the onslaught.

Fortunately, the cybersecurity industry is vigorously fighting back with advances in resiliency and automation technologies like AI and ML. During 2018, organizations will increasingly use these methods to defend themselves from cyberattack.

Giovanni Vigna

Giovanni Vigna

Giovanni Vigna is one of the founders and CTO of Lastline as well as a Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include malware analysis, web security, vulnerability assessment, and mobile phone security. He also edited a book on Security and Mobile Agents and authored one on Intrusion Correlation. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy in 2011. He is known for organizing and running an inter-university Capture The Flag hacking contest, called iCTF, that every year involves dozens of institutions around the world. Giovanni Vigna received his M.S. with honors and Ph.D. from Politecnico di Milano, Italy, in 1994 and 1998, respectively. He is a member of IEEE and ACM.
Giovanni Vigna