Crime

Six cyberthreats to worry about this Year

Hackers are constantly finding new targets and refining the tools they use to break through cyber defences. The following are some significant threats to look out for this year.

  • More huge data breaches

The cyberattack on the Equifax credit reporting agency in 2017, which led to the theft of social security numbers, birth dates, and other data on almost half the United States population, was a stark reminder that hackers are thinking big when it comes to targets.

Other companies that hold lots of sensitive information, according to www.technologyreview.com, will be in their sights in 2018. Marc Goodman, a security expert and the author of Future Crimes, thinks data brokers who hold information about people’s personal Web browsing habits will be especially popular targets. “These companies are unregulated, and when one leaks, all hell will break loose,” he says.

  • Ransomware in the cloud

The past 12 months has seen a plague of ransomware attacks, with targets including Britain’s National Health Service, San Francisco’s light-rail network, and big companies such as FedEx. Ransomware is a relatively simple form of malware that breaches defences and locks down computer files using strong encryption. Hackers then demand money in exchange for digital keys to unlock the data. Victims will often pay, especially if the material encrypted hasn’t been backed up.

That has made ransomware popular with criminal hackers, who often demand payment in hard-to-trace cryptocurrencies. Some particularly vicious strains, such as WannaCry, have compromised hundreds of thousands of computers.

One big target in 2018 will be cloud computing businesses, which house mountains of data for companies. Some also run consumer services such as e-mail and photo libraries. The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.

  • The weaponisation of AI

This year will see the emergence of an AI-driven arms race. Security firms and researchers have been using machine-learning models, neural networks, and other AI technologies for a while to better anticipate attacks, and to spot the ones already under way.

It’s highly likely that hackers are adopting the same technology to strike back. “AI unfortunately gives attackers the tools to get a much greater return on their investment,” says the Chief Technology Officer at McAfee, Steve Grobman.

An example is spear phishing, which uses carefully targeted digital messages to trick people into installing malware or sharing sensitive data. Machine-learning models can now match humans at the art of crafting convincing fake messages, and they can churn out far more of them without tiring. Hackers will take advantage of this to drive more phishing attacks. They’re also likely to use the AI to help design malware that’s even better at fooling “sandboxes,” or security programs that try to spot rogue code before it is deployed in companies’ systems.

  • Cyber physical attacks

More hacks targeting electrical grids, transportation systems, and other parts of countries’ critical infrastructure are going to take place in 2018. Some will be designed to cause immediate disruption, while others will involve ransomware that hijacks vital systems and threatens to wreak havoc unless owners pay swiftly to regain control of them.

During the year, researchers and hackers are likely to uncover more chinks in the defence of older planes, trains, ships, and other modes of transport that could leave them vulnerable.

  • Mining cryptocurrencies

Hackers, including some allegedly from North Korea, have been targeting holders of Bitcoin and other digital currencies. But the theft of cryptocurrency is not the biggest threat to worry about in 2018; instead, it is the theft of computer processing power.

Mining cryptocurrencies requires vast amounts of computing capacity to solve complex mathematical problems. As my colleague Mike Orcutt has noted, that’s encouraging hackers to compromise millions of computers in order to use them for such work. Recent cases have ranged from the hacking of public Wi-Fi in a Starbucks in Argentina to a significant attack on computers at a Russian oil pipeline company.

As currency mining grows, so will hackers’ temptation to breach many more computer networks. If they target hospital chains, airports, and other sensitive locations, the potential for collateral damage is deeply worrying.

  • Hacking elections

Fake news isn’t the only threat facing any country running an election. There’s also the risk of cyberattacks on the voting process itself. It’s now clear that Russian hackers targeted voting systems in numerous American states ahead of the 2016 presidential election. With midterm elections looming in the United States in November, officials have been working hard to plug vulnerabilities. But determined attackers still have plenty of potential targets, from electronic voter rolls to voting machines and the software that’s used to collate and audit results.

As these and other risks grow in 2018, so will the penalties for companies that fail to address them effectively. On May 25, the General Data Protection Regulation will come into effect in Europe. The first big overhaul of the region’s data protection rules in more than two decades, the GDPR will require companies to report data breaches to regulators—and inform customers their data has been stolen—within 72 hours of discovering a breach. Failure to comply could lead to fines of up to €20m or four per cent of a company’s global revenues, whichever is gre

Hackers are constantly finding new targets and refining the tools they use to break through cyber defences. The following are some significant threats to look out for this year.

  • More huge data breaches

The cyberattack on the Equifax credit reporting agency in 2017, which led to the theft of social security numbers, birth dates, and other data on almost half the United States population, was a stark reminder that hackers are thinking big when it comes to targets.

Other companies that hold lots of sensitive information, according to www.technologyreview.com, will be in their sights in 2018. Marc Goodman, a security expert and the author of Future Crimes, thinks data brokers who hold information about people’s personal Web browsing habits will be especially popular targets. “These companies are unregulated, and when one leaks, all hell will break loose,” he says.

  • Ransomware in the cloud

The past 12 months has seen a plague of ransomware attacks, with targets including Britain’s National Health Service, San Francisco’s light-rail network, and big companies such as FedEx. Ransomware is a relatively simple form of malware that breaches defences and locks down computer files using strong encryption. Hackers then demand money in exchange for digital keys to unlock the data. Victims will often pay, especially if the material encrypted hasn’t been backed up.

That has made ransomware popular with criminal hackers, who often demand payment in hard-to-trace cryptocurrencies. Some particularly vicious strains, such as WannaCry, have compromised hundreds of thousands of computers.

One big target in 2018 will be cloud computing businesses, which house mountains of data for companies. Some also run consumer services such as e-mail and photo libraries. The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.

  • The weaponisation of AI

This year will see the emergence of an AI-driven arms race. Security firms and researchers have been using machine-learning models, neural networks, and other AI technologies for a while to better anticipate attacks, and to spot the ones already under way.

It’s highly likely that hackers are adopting the same technology to strike back. “AI unfortunately gives attackers the tools to get a much greater return on their investment,” says the Chief Technology Officer at McAfee, Steve Grobman.

An example is spear phishing, which uses carefully targeted digital messages to trick people into installing malware or sharing sensitive data. Machine-learning models can now match humans at the art of crafting convincing fake messages, and they can churn out far more of them without tiring. Hackers will take advantage of this to drive more phishing attacks. They’re also likely to use the AI to help design malware that’s even better at fooling “sandboxes,” or security programs that try to spot rogue code before it is deployed in companies’ systems.

  • Cyber physical attacks

More hacks targeting electrical grids, transportation systems, and other parts of countries’ critical infrastructure are going to take place in 2018. Some will be designed to cause immediate disruption, while others will involve ransomware that hijacks vital systems and threatens to wreak havoc unless owners pay swiftly to regain control of them.

During the year, researchers and hackers are likely to uncover more chinks in the defence of older planes, trains, ships, and other modes of transport that could leave them vulnerable.

  • Mining cryptocurrencies

Hackers, including some allegedly from North Korea, have been targeting holders of Bitcoin and other digital currencies. But the theft of cryptocurrency is not the biggest threat to worry about in 2018; instead, it is the theft of computer processing power.

Mining cryptocurrencies requires vast amounts of computing capacity to solve complex mathematical problems. As my colleague Mike Orcutt has noted, that’s encouraging hackers to compromise millions of computers in order to use them for such work. Recent cases have ranged from the hacking of public Wi-Fi in a Starbucks in Argentina to a significant attack on computers at a Russian oil pipeline company.

As currency mining grows, so will hackers’ temptation to breach many more computer networks. If they target hospital chains, airports, and other sensitive locations, the potential for collateral damage is deeply worrying.

  • Hacking elections

Fake news isn’t the only threat facing any country running an election. There’s also the risk of cyberattacks on the voting process itself. It’s now clear that Russian hackers targeted voting systems in numerous American states ahead of the 2016 presidential election. With midterm elections looming in the United States in November, officials have been working hard to plug vulnerabilities. But determined attackers still have plenty of potential targets, from electronic voter rolls to voting machines and the software that’s used to collate and audit results.

As these and other risks grow in 2018, so will the penalties for companies that fail to address them effectively. On May 25, the General Data Protection Regulation will come into effect in Europe. The first big overhaul of the region’s data protection rules in more than two decades, the GDPR will require companies to report data breaches to regulators—and inform customers their data has been stolen—within 72 hours of discovering a breach. Failure to comply could lead to fines of up to €20m or four per cent of a company’s global revenues, whichever is greater.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top