The end of the year is approaching fast, and now is the perfect time to review your cybersecurity practices, especially if you’ve bought any new gadgets or if you run your own business. To help you get ahead of the curve, a reputable cybersecurity firm has put together a list of the biggest cybersecurity risks for 2018.
Biggest cybersecurity risks for 2018 now include Internet of Things
The Internet of Things is really starting to take off as a growing number of people buy smart speakers like the Google Home or Amazon Echo and start connecting smart appliances and fixtures to them. Unfortunately though, those very smart devices could end up being the weak point in your cybersecurity, according to Trend Micro researchers.
They note that we’ve already had two examples of how IoT devices could be hacked and then used for nefarious purposes. They believe that the Mirai and Persirai distributed denial-of-service (DDoS) attacks were only the beginning. Already a Mirai-based IoT botnet called Reaper has taken on networks of devices from a variety of manufacturers.
The latest Robinhood Investors Conference is in the books, and some hedge funds made an appearance at the conference. In a panel on hedge funds moderated by Maverick Capital's Lee Ainslie, Ricky Sandler of Eminence Capital, Gaurav Kapadia of XN and Glen Kacher of Light Street discussed their own hedge funds and various aspects of Read More
However, Trend Micro experts believe the next step in exploiting IoT devices will be using them to set up proxies and hide the hacker’s location. They also warn that most manufacturers don’t seem ready for such exploits, so one of the biggest cybersecurity risks for 2018 is the simple fact that many smart devices “are not secure by design.” What makes this risk worse is that it’s harder to patch devices than it is to patch PCs or smartphones, they add.
Ransomware still one of the biggest cybersecurity risks for 2018
Ransomware made the news multiple times this year, like with WannaCry and Petya, and according to Trend Micro, we can expect something similar in 2018. In fact, they expect ransomware to mature with cybercriminals “going straight for the money instead of tricking users into giving up their credentials.”
The firm predicts that cybercriminals will continue to use phishing campaigns to attack their victims, sending ransomware along in the email. Trend Micro experts expect future targets to be in the Industrial Internet of Things area, possibly with a goal of disrupting operations and production via the use of ransomware.
Even the blockchain and machine learning won’t be safe
Blockchain technology has taken the world by storm this year, first as a form of payment via cryptocurrencies such as Bitcoin, and now with the possibility of other uses. Trend Micro expects even blockchain tech to be turned into a cyberweapon in 2018 as cybercriminals utilize it and machine learning to figure out new ways to attack.
They warn that machine learning “shows great potential” already considering that it’s still fairly nascent. For now, computers learn by being fed data, so they’re only as accurate as the data they are given. In considering whether malware can outsmart machine learning, they drew attention to the CERBER ransomware, which already is able to get past machine learning. It’s packaged in such a way that it doesn’t appear to be something malicious, so the machine learning lets it by. According to Trend Micro, this is particularly a problem for “software that employs pre-execution machine learning,” like the WannaCry copycat UIWIX.
They add that researchers are looking for ways to use machine learning to monitor traffic and identify potential zero-day exploits, so it’s plausible that cybercriminals are working on finding those exploits themselves. They also advise against handing total protection to machine learning, but rather, use it as another layer of protection.
The firm’s researchers will also be watching for exploitation of blockchain technology, which they point out becomes more and more complicated with each transfer that’s made. This complexity could present a vulnerability.