NEW YORK—Don’t expect cybercrooks to make New Year’s resolutions to change how they attack next year, because a lot of what they are doing now is working well, a new report says.
That’s the theme that surfaced from the Huffington Post’s threat landscape analysis for the next 12 months. Among the predictions it is making:
- Supply chain and third-party attacks have been a common feature in 2017 and will continue to be a fruitful attack method for cybercriminals in the next year. “These tend to be highly focused operations with predetermined targets of interest, rather than cases of mass, indiscriminate targeting,” the Huffington Post said.
- Some of the biggest cyber incidents in 2017 revolved around the issue of self-replicating malware (wormable malware) that can spread between networks. WannaCry and NotPetya were examples of this, the Post said. “As well as these we’ve seen the Bad rabbit ransomware that reportedly spreads via a combination of Windows Management Instrumentation (WMI) and Server Message Block (SMB) protocol—and a wormable Trickbot banking trojan was also reported in Jul 2017.”
- The Huffington Post expects malware modified with self-replicating capabilities to continue in 2018, particularly given the disruption caused by WannaCry and NotPetya inspiring similar attacks. “Another driver for this is that many organizations around the world will be slow to mitigate against these methods, whether by applying appropriate patches and updates, restricting communication between workstations, and disabling features such as SMB to reduce the capability of malware to propagate within organization networks,” the news outlet explained.
- The Huffington Post also noted that the bar for cyber-attacks “keeps getting lower.” The availability of leaked tools from the NSA and HackingTeam, coupled with “how to” manuals, means that threat actors will have access to powerful tools that they can iterate from and leverage to aggressively accomplish their goals.
“But whatever happens in 2018 and beyond, what is clear is that cybercrime will continue to be a problem and present governments, businesses and individuals with challenges to protect their data and their intellectual property,” the Huffington Post concluded.