Saturday, December 30, 2017

2018 Cyber Security Threat and Vulnerability Predictions

This report encapsulates our predictions regarding the most significant cyber threats and vulnerabilities for 2018.

Phishing. Phishing continues to be at the top of the list for delivery and exploitation. It works, and shouldn’t be expected to slow down any time soon.

Distributed Denial of Service attacks (DDoS) appears to be losing some of its appeal.  LizardSquad/DD4BC glorified DDoS but large-scale adoption of common tools and botnets appears to decreasing in popularity (Phantomsquad, Armada, etc.). We expect to see continued use of DDoS attacks from hactivism motivated actors, those wishing to create noise for effect, and between the gaming communities as an entry into DDoS and IoT DDoS botnets but other tools, like ransomware appear to be growing in popularity while DDoS appears to be shrinking.

Credential Targeting.  In almost any breach, the holy grail of targeting is a domain server, Active Directory, or another location where credentials can be stolen and used. Unfortunately, account credentials are becoming increasingly more available. Keyloggers, misconfigurations, cloud computing, and the expansion of increasingly complex interconnected heterogeneous networking has led to massive losses of credentials. As recently as December 2017, a cache of 1.4 billion credentials was made available in an underground forum. Credentials in the wrong hands can enable a host of malicious activity, from automated, "credential stuffing" and account-takeover, to targeted attacks. The reported use of personal email accounts for official business, combined with the current availability of these credentials, indicates the year 2018 will likely see additional leaks of sensitive data and correspondence.

Democratization of cyber weapons.  2017 saw the most high-profile ransomware attack to-date with the Wannacry worm. Wannacry took advantage of publicly available exploits leaked by ShadowBrokers.  If more exploit leaks are forthcoming from ShadowBrokers or other sources, then their adoption by cyber criminals or other nation states is a near certainty and should be expected to not only continue, but to grow.

2018 is the year of fighting and winning against the abuse of the Tor network.  The Tor network is shrinking due to the new-found ability of IP leak scanning with an onion scanner. The need for compromised systems for web hosting is high and will remain great. Despite the Tor network shrinking, it remains the host of choice for ransomware and scanning/enumerating. The Tor network’s continuing IP leaks, may prove to be a good way at attributing ransomware.

Macro Malware. The popularity of malicious macros for malware delivery continued strong in 2017. The later part of 2017 indicated the increased obfuscation of malicious macros to bypass email based detections. Macro malware can easily achieve low anti-virus detection and there are infinite possibilities when it comes to obfuscation. Because of the ease of development, deployment, and opportunity for success, this trend will continue into 2018 and beyond.

Geopolitical tensions. Iran and North Korea tensions continue. With Russia intensifying contacts with North Korea and Iran, it is highly likely both Iranian and North Korean APT groups will gain more access to Russian APT expertise. Cyber has become the equalizer, and countries with little diplomatic leverage and lesser military power are using cyber as a weapon of choice –both in force and influence. As well, the introduction of asynchronous warfare into election scenarios is likely the tip of the iceberg. Wapack Labs has reported several times sources of fake news. The idea of manipulation of behavior through public influence –by cyber, by advertising, by fake news will grow through 2018.

Blockchain-related cybercrime. With the establishment of Bitcoin futures and general interest to blockchain technologies, exploitation in this field grows too. Blockchain will continue to receive investment but at the same time will receive corporate metrics to determine its value. As volatility continues in emerging markets, more people will try to hedge against inflation with bitcoins. Phishing and stealing cryptocurrency is on the rise. Bitcoin exchanges will continue to be targeted. Botnets and simple JavaScript inserts are used to mine cryptocurrency. New software in smart contracts and other blockchain-related infrastructure will continue to be exploited and will grow in complexity and losses.

For questions or comments regarding this report, please contact the lab directly by at 603-606-1246, or feedback@wapacklabs.com.