At the beginning of each new year there is no shortage of information security predictions and warnings. As we move further into 2018, Corey Nachreiner, CTO at WatchGuard Technologies takes stock and identifies five key issues to look out for.
1. IoT botnets will force governments to regulate
In 2016, the Mirai botnet showed the world just how powerful an army of IoT devices can be, launching successful, record-breaking DDoS attacks against popular websites like Twitter, Reddit and Netflix. Attackers continue to target these devices due to their weak or non-existent security, both in development and deployment.
“Attackers have already started improving on the Mirai source code, which will mean larger and stronger botnets in 2018. For example, the Reaper botnet actively exploits common vulnerabilities in IoT devices to gain access to the devices instead of relying on a hard-coded credential list,” said Corey Nachreiner.
“As attacks continue to grow in effectiveness, the damage they cause will grow until the IoT manufacturing industry is incentivized or forced to add stronger security to their products by government regulation to address IoT security.”
Potential IoT device regulation will most likely affect manufacturers of consumer-grade IoT devices first and will likely mirror similar liability-oriented regulations in other industries, where the manufacturer is held at least partially accountable for flaws in their products.
2. Expect Linux-targeted attacks to double
In WatchGuard’s Q1 2017 Internet Security Report, Linux malware represented 36% of the top malware and the volume of network software exploits targeting Linux systems increased throughout the year. Research from WatchGuard’s Threat Lab’s honeynet also discovered many telnet and SSH attacks targeting Linux-based systems, similar to the Mirai IoT botnet.
This suggests we will see a further dramatic increase in attacks targeting Linux systems in 2018, driven by the desire to target inexpensive IoT devices using embedded Linux and released with highly insecure defaults.
3. Increased adoption of corporate cyber extortion insurance will fuel ransomware
Cyber insurance helps cover the costs and sometimes the lawsuits that result from breaches, and more recently, insurers have promoted optional extortion insurance packages that cover the costs of ransomware and other cyber extortion. In some cases, the insurers even pay the ransom to help the victim recover their information.
“We find it concerning that insurers sometimes pay ransoms to recover their customers’ data, as this will actually encourage ransomware attacks. We understand the business decision. Short term, the cost of ransom may seem much smaller than the cost of recovery for victims that have no backups. However, insurers have no long-term actuarial data for cyber incidents and ransomware. Does paying ransom encourage this criminal business model? Will paying ransomware eventually increase the number of incidents insurers have to handle, or the price of ransom? It’s hard to say without more data,” said Nachreiner.
As the amount of victim’s that pay ransom drops, smart ransomware authors will target insurers to identify organisations with extortion insurance, and then attack them directly.
“We expect SMEs to continue to adopt extortion insurance but cyber insurance should not replace security controls and best practices,” says Nachreiner. “We predict that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite. When combined with other layers of security, cyber insurance is a great addition to your cyber security strategy.”
4. Thanks to commoditisation of wireless attack tools, wireless hacking will move to Zigbee, Bluetooth and Sigfox
In the same way that the commoditisation of Wi-Fi attack tools helped drive Wi-Fi hacking, the commoditisation of new wireless tools, like Software Defined Radio (SDR), will allow attackers to focus their attention on intercepting and decoding traffic from other wireless protocols such as Zigbee, Sigfox, Bluetooth, RFID, and LoRa.
“Wi-Fi attack tools with simple user interfaces such as the Wi-Fi Pineapple by Hack5 made it possible for amateurs to perform advanced Wi-Fi attacks and there are now some 3 million ‘how to’ videos online for performing man-in-the-middle attacks on 802.11 networks,” said Nachreiner.
“In 2018, the affordability and availability of SDRs which allow a device to talk and listen to a very broad range of wireless frequencies, will help drive new attacks focused on other wireless protocols.”
You can already find SDR-based attack tools, such as HackRF One on the market and with more equipment vendors incorporating wireless connectivity into their products, this creates many interesting new targets for wireless hacking.
5. A major vulnerability will topple a popular cryptocurrency
When most people think of cryptocurrency and blockchain, the first thing that comes to mind is Bitcoin. But while Bitcoin was the first cryptocurrency and remains the most popular, there are many different crypto coins such as Ethereum, Litecoin and Monero, which all maintain total market capital over $1 billion.
Each new cryptocurrency brings new innovations to their respective blockchains. Ethereum’s blockchain for example, acts as a fully decentralised computer capable of running applications.
Bug bounty programs and public code reviews have become a major part of blockchain development, but attacks have continued, including one that targeted a popular Ethereum multi-signature code wallet and made between $100 and $500 million in Ethereum permanently inaccessible.
“As the value of these cryptocurrencies grows, they will become much more appealing targets for cyber criminals looking to make millions,” said Nachreiner. “I would not be surprised if hackers find a vulnerability severe enough to completely wipe out a popular cryptocurrency by destroying public confidence in its security in 2018.”
This article originally appeared on Information Age.