Security trends 2018: biometric hacking, state-sponsored attacks, daring cyber heists


There are only a couple of near-certainties for cybersecurity in 2018: that the market will continue to be buoyant and that attacks will become more sophisticated.

Gartner predicts worldwide security spending will reach $96 billion in 2018, up eight percent from this year – good news for the cyber security industrial complex.  

It’s easy to see why.

If any year can lay claim to be the one where cybersecurity problems really entered mainstream discourse, 2017 is a good candidate.

The year got started with a hangover from 2016 that suggested Russian interference in the run-up to America’s election, and possible interference in the Brexit vote from coordinated astroturfing campaigns on social media and forums.

That wheel kept turning and now ‘state sponsored’ has become something of a synonym, whether correctly or not, for ‘Russia’ – with businesses now trashing Kaspersky contracts based on allegations against the vendor.

Now, in the UK banks will have to report data breaches and incidents or risk fines, and with GDPR coming into effect on 25 May next year, the complex security landscape will be something organisations of all sizes will have to pay close attention to. 

In an increasingly connected world, where the chaos of so many different events and actors, nations, businesses, consumers and markets, legitimate or illegitimate, it’s naturally tough to chart where things might be headed without resorting to educated guesswork. So read on for just that: where we see cybersecurity going in 2018.

Rogue AI

We don’t necessarily predict that 2018 is going to be the year the kill-all-humans trope comes to life. But UK cybersecurity vendor Darktrace, which uses machine learning to proactively hunt threats, is deeply concerned that if the good guys are looking at using AI, there’s a good chance hackers will be too.

Although truly AI-augmented malware has not yet been seen in the wild, director of cyber analysis at Darktrace Andrew Tsonchev told Computerworld UK that it’s not beyond imagination to think of sophisticated phishing tools that use machine learning to better target individuals or businesses.

“This is something we are super focused on – it’s what we do – and we’re very aware of the benefits, so we are very worried about the stage when there is widespread access and adoption of AI-enabled malware and toolkits for attackers to use,” explained Tsonchev.

“That is because by and large, applications of AI unlock decision-making, and that is what human-driven attacks do. You have an attacker in a network, on a keyboard, and they can case the joint. They can see what the weak points are. They can adapt the attack path they follow to the particular environment they find themselves in, that’s why they’re hard to detect.

“We’re very worried about malware that does that: malware that uses machine learning classifiers to land and observe the network and see what it can do.”

Director of technology for Darktrace Dave Palmer adds that automation will add a new layer of complexity to ransomware, spearphishing and IoT-based attacks.

“These attacks won’t discriminate. Merely participating in a national economy now appears to be sufficient to make an organisation vulnerable,” Palmer says. “No company is out of scope for malicious intent, even if they think they have nothing worth stealing.”

McAfee, meanwhile, agrees that 2018 will see ransomware attacks augmented with AI – and that security companies and hackers will be locked in a ‘machine learning arms race’ where attackers and vendors try to outdo one another.

Attacks on critical systems, cyber warfare

Recent attacks in eastern Europe – and in particular, Ukraine – appear to have been something of a test-bed for wider attacks on critical systems and power grids. So far most cyber attacks seem to be financially motivated, but if something can be weaponised, there’s every chance that it will.

This year our sister site Techworld talked with Martin Libicki, professor, researcher and author for Atlanticist think tank the Rand Corporation. Libicki explained that although the Tallinn Manual provided a loose policy framework for stringing together the establishing of ‘norms’ in acts of cyber warfare, it’s probably more useful to examine the behaviour of the country that arguably led the way in cyber warfare – the USA.

Its coordinated attack against Iran’s nuclear centrifuges with Stuxnet showed that although a country technically takes notice of international laws on warfare, there is a lot of room for interpretation.

“Modern warfare has changed,” said Rick McElroy, security adviser for Carbon Black and an ex-Marine. “We’re really at a point from a nation-state actor perspective where we need to have a discussion. What is a cyber weapon? When does a cyber attack become a physical attack that involves life, and infrastructure, and money? What is the definition of that?

“The precursor to any modern warfare is cyber warfare,” McElroy added. “Look at anybody’s playbook: the US wrote it, everybody else has just adopted it, how much of this is intelligence gathering to do physical attacks? How much of it is intelligence gathering to get the upper hand on the other nation?”

Nationally critical infrastructure often tends to be out of date and frequently under-funded or otherwise plagued by systemic problems (old hardware, lack of talent, long-lasting design faults – see the American nuclear agency that had to FedEx around a wrench for 450 nuclear missiles).

Britain upgraded cybersecurity threats to a tier one threat this year. The upcoming NIS Directive – set to be in place by May 2018 to complement GDPR – will specifically include infrastructure organisations as liable to fines if they had not taken sufficient steps to prevent attacks.

“The fact that NIS is making organisations think about these dangers is important but these thoughts have to be matched with the right action,” says Huntsman CEO Peter Woollacott. “When connections were entirely physical, it was relatively simple to prevent and stop attacks. In the online world, this is nowhere near enough.”

Ronald Sens of A10 Networks estimates that vulnerabilities in industrial SCADA systems or in IoT-connected critical systems will “cause physical damage in 2018”.

“Vulnerabilities in IoT devices and SCADA systems will lead to physical, not just digital, damage of some type in 2018,” Sens says. “Hopefully the scale of damage will limit casualties to controller components. Unlike Stuxnet and Flame targets, IoT and SCADA devices are leveraging common open-source frameworks that are easy to fingerprint and hard to patch after installation, making them prime targets.”

Data breaches

Barely a week goes by without a high-profile victim of a data breach and we don’t expect that trend to change in 2018.

Some of this year’s biggest culprits include Uber – which admitted to covering up an enormous breach – and the record-breaking Equifax data leak that exposed 143 million customers in the US. We’ve handily rounded up the worst of them over here on Techworld.

Copyright © 2018 NETWORKFIGHTS.COM