This
report encapsulates our predictions regarding the most significant cyber
threats and vulnerabilities for 2018.
Phishing. Phishing continues
to be at the top of the list for delivery and exploitation. It works, and shouldn’t be expected to
slow down any time soon.
Distributed Denial of Service attacks (DDoS) appears to be losing some of its
appeal. LizardSquad/DD4BC glorified DDoS
but large-scale adoption of common tools and botnets appears to decreasing in
popularity (Phantomsquad, Armada, etc.). We expect to see continued use of DDoS
attacks from hactivism motivated actors, those wishing to create noise for effect, and between the gaming communities as
an entry into DDoS and IoT DDoS botnets but other tools, like ransomware appear
to be growing in popularity while DDoS appears to be shrinking.
Credential Targeting. In almost any breach, the holy grail of
targeting is a domain server, Active Directory, or another location where
credentials can be stolen and used. Unfortunately, account credentials are
becoming increasingly more available. Keyloggers, misconfigurations, cloud
computing, and the expansion of increasingly complex interconnected heterogeneous
networking has led to massive losses of credentials. As recently as December
2017, a cache of 1.4 billion credentials was made available in an underground
forum. Credentials in the wrong hands can enable a host of malicious activity,
from automated, "credential stuffing" and account-takeover, to
targeted attacks. The reported use of personal email accounts for official
business, combined with the current availability of these credentials, indicates
the year 2018 will likely see additional leaks of sensitive data and
correspondence.
Democratization of
cyber weapons. 2017 saw the most
high-profile ransomware attack to-date with the Wannacry worm. Wannacry took
advantage of publicly available exploits leaked by ShadowBrokers. If more exploit leaks are forthcoming from
ShadowBrokers or other sources, then their adoption by cyber criminals or other
nation states is a near certainty and should be expected to not only continue,
but to grow.
2018
is the year of fighting and winning against the abuse of the Tor network. The Tor network is shrinking due to the
new-found ability of IP leak scanning with an onion scanner. The need for
compromised systems for web hosting is high and will remain great. Despite the
Tor network shrinking, it remains the host of choice for ransomware and
scanning/enumerating. The Tor network’s continuing IP leaks, may prove to be a
good way at attributing ransomware.
Macro Malware. The popularity of
malicious macros for malware delivery continued strong in 2017. The later part
of 2017 indicated the increased obfuscation of malicious macros to bypass email
based detections. Macro malware can easily achieve low anti-virus detection and
there are infinite possibilities when it comes to obfuscation. Because of the
ease of development, deployment, and opportunity for success, this trend will
continue into 2018 and beyond.
Geopolitical tensions. Iran and North Korea
tensions continue. With Russia intensifying contacts with North Korea and Iran,
it is highly likely both Iranian and North Korean APT groups will gain more access
to Russian APT expertise. Cyber has become the equalizer, and countries with
little diplomatic leverage and lesser military power are using cyber as a
weapon of choice –both in force and influence. As well, the introduction of asynchronous
warfare into election scenarios is likely the tip of the iceberg. Wapack Labs
has reported several times sources of fake news. The idea of manipulation of
behavior through public influence –by cyber, by advertising, by fake news will grow
through 2018.
Blockchain-related cybercrime. With the
establishment of Bitcoin futures and general interest to blockchain
technologies, exploitation in this field grows too. Blockchain will continue to
receive investment but at the same time will receive corporate metrics to determine
its value. As volatility continues in emerging markets, more people will try to
hedge against inflation with bitcoins. Phishing and stealing cryptocurrency is
on the rise. Bitcoin exchanges will continue to be targeted. Botnets and simple
JavaScript inserts are used to mine cryptocurrency. New software in smart
contracts and other blockchain-related infrastructure will continue to be
exploited and will grow in complexity and losses.
For
questions or comments regarding this report, please contact the lab directly by
at 603-606-1246, or feedback@wapacklabs.com.