In life, there are things that are almost guaranteed. Feature articles on predictions and trends at the beginning of the year certainly fall into this category and in the cyber security industry, there’s plenty. Having picked the brains of leading figures within the cyber security industry, we’ve rounded up some of the best and most interesting predictions as we go deeper into 2018…
Internet of Things
Sean Newman, director at Corero Network Security PLC (LON:CNS):
“IoT is developing rapidly, but so are the threats that come with it, making this another major concern for businesses in 2018. The availability of Internet connected devices with vulnerable operating systems are paving the way for massive botnet activity – driven by DDoS for hire services. These “zombie armies” of connected devices can then be leveraged in both large scale and everyday DDoS attack activity. As we know too well, a DDoS attack is easy to launch as it does not require in-depth understanding of programming or networking. The largest (recorded) DDoS attack to-date was in late 2016 against cybercrime researcher and journalist Brian Krebs. Investigation into this attack showed that many IoT devices were hijacked as botnets to carry out the attack.”
Javvad Malik, security advocate at AlienVault:
Speaking of IoT, it’s made my predictions list three years in a row. How can this be, you ask? Because IoT is such a broad and all-encompassing term, the goal posts keep moving.
This year, we saw the devastation caused by Mirai and similar malware, which recruited many insecure IoT devices into a botnet to launch huge DDoS attacks. And the problem of insecure IoT devices will only worsen in 2018, as more and more manufacturers connect products to the internet. While some may be relatively harmless, such as a salt shaker that tracks your daily salt intake, others, such as smartwatches designed to protect children, could have more severe consequences if left vulnerable to attack.
IoT devices lack security by design, and they also don’t offer the option to upgrade or apply patches. Additionally, many vendors choose convenience (e.g., using default credentials in their appliances) over implementing proper security measures, which is a flagrant violation of best practices in product development.
Many vendors simply aren’t willing to put in the extra effort to ensure security unless it’s required. Perhaps 2018 will be the year we see governments around the world take an active role in IoT security and put pressure on these manufacturers to do the right thing for consumers.
DDOS
Sean Newman, director at Corero Network Security:
“DDoS attacks against cryptocurrency have been a fairly common occurrence as of late, crippling the exchanges. With the growing popularity of digital currencies, the number of those attacks is likely to increase in the future. DDoS attacks against any digital currency could be utilised to manipulate the exchange market or the targeted currency. They can prevent traders from logging into accounts and making transactions, causing the value to drop. Attackers can then pause the attack efforts to buy as much as they can while the price is low – impacting the overall value of the currency.”