Cyber Security Threats for 2018 : What to Expect

Cyber-Security-Threats-for-2018-1

Last year the top cyber security threats changed dramatically. And 2018 will be no different. Except we are going to see even craftier ways for hackers to make money off of you!

Below we will predict and discuss the new threats you will encounter in 2018:

  • Money vs Mayhem

  • Browser based Crypto Currency Miners

  • Ransomware will evolve to MinerWare

  • iOT and wearables

Money versus Mayhem

Attacks today are started based on three initiatives:

  • Money
  • State Sponsored for some nationalistic gain
  • Causing General Mayhem (hacktivism)

Most companies aren’t focused on the State Sponsored attacks, they are too busy dealing with ransomware and malware that plague their systems. However, if you think you are good now that your AV detects ransomware… keep reading and I’ll explain the newest moneymaking hacktivity.

2018 is all about the $$$ or BTC, or maybe XMD

If 2018 continues to trend the way 2017 cyber security threats went, malicious code writers are going to focus on all the ways they can make money. Makes sense, right? If you’re going to put the time and effort into malware, make money from it.

Browser based Crytpo Currency Miners

This will probably be one of the biggest unreported attacks this year. It seems to be one of the most recent cyber security threats across all industries and personal security. It’s simple really, have someone go to a website where JavaScript gets loaded in the browser to mine for Monero (XMR). The most ingenious part about it is, most people will NEVER know.

An article over at bleepingcomputer.com found that malware developers are installing the coinhive JavaScript Monero Miner on typo’ed domains. Coinhive, a JavaScript Monero miner, has been popping up in various AV and HIDS logs over the past few months. You can bet it coinhive and browser based mining clones will evolve as much as possible to stay ahead of the detection game.

The game is volume not endurance

Yes, serious crypto currency miners have dedicated rigs that run 24/7. However, they have to pay up front for mining equipment and continuously for power. Most people open a browser and leave it open for hours, now imagine thousands of CPUs running their miner program, and they don’t need to pay for the computers or power. You end up paying for the equipment and the power, they get the cryptocurrency you mine for them!

Adapting Ransomware to the MinerWare

Last year we watched as ransomware evolved to auto deployment and auto exploitation of other machines. It used to be just one machine, then they integrated 0 day exploits to spread and Bam!, your whole network was encrypted with ransomware. Thus, adding Ransomware to the 2017 network cyber security threats list as well as the host based detection arena.

MinerWare, malware that runs cryptocurrency mining software, will be deployed exactly the same way as ransomware,. However, from the perspective of the malware developer Minerware will solve a few problems.

The problem with ransomware (from the malware developer’s perspective)

When most people, or companies, are infected with ransomware, there are a few hurdles from the hacker standpoint.

  • The victim has to be told they have been encrypted, thus exposing the malware.
  • The victim must find how to get Bitcoin or other crypto currency to pay the ransom.
  • If the victim has backups, they just reformat the system and restore… No BTC for you!
Cyber-Security-Threats-for-2018-2
In 2018 we need detection to find minerware as well as ransomare.

Silently Siphon CPU and Power

Now imagine when the bad guys, adapt the ransomware delivery and auto spreading capability to mine crypto currencies. The “minerware” developer avoids all of those issues. Worse yet, the system administrators probably won’t know because the minerware isn’t doing anything malicious except running the CPU hotter. It’s not altering files or stopping services; it’s just running the CPU hard.

Watch the power bill

Most System Admins don’t talk with accounting about the power bill, so it will probably be months before someone says, “Why did our power bill triple or quadruple?” This makes the Cyber Security Threats list, not because they are damaging your files or stealing you intellectual property, but they are increasing your costs!

Is it warm in here?

When minerware strikes, you’ll hear the computer fans kicking on more and your AC will use up more power trying to keep up. Don’t believe me, head to a datacenter and stand in the warm isle.

iOT: Microphones and Cameras, Oh My!

You love your Smart Watch. LOVE IT. You wear it everywhere… Same with your household personal assistant, I mean “cloud listening device.”

We are adding more and more devices with microphones and cameras to our private sanctums.

Most of these devices have been on the market for a hot minute and we trust them and the companies with our most private conversations and moments.

Check this out, I can Pay with my Watch!

Cool. All you need to do is put all of your credit and debit cards in your smart phone or wearable device. Hopefully you put locks on your device so that someone else can’t pick it up and auto log into it. Wait, you don’t have a lock on it because that’s inconvenient? Hope you don’t loose it; I am sure whoever finds it won’t go through all of your data or payment options.

Allow Video and Audio Recording

Ok, be honest, when an app asks you for “Permission to record audio” after you install it, do you just hit ok, or do you look to see if it REALLY needs it? More and more apps are recording our daily personal information and storing it in the cloud.

Additionally, in meetings where people put their phones away out of courtesy, their wearables are sitting right up on the table. Now when you have a meeting to discuss trade secrets, there is at least one camera and microphone sitting right on the table. Cyber security threats come in all shapes and sizes!

Government Life Tap? The new Wire Tap

Did you get upset when you found out NSA was recording call MetaData? How do you feel about the government being able to subpoena or serve a warrant to wire tap your life? If that device on your wrist or in your home is recording all the time, someone can listen in all the time, legally or not.

I didn’t say the cyber threat was just from hackers.

You’re IOT device doesn’t need to be hacked… Just the Cloud

Sure, some people may have their devices hacked by a bad app. It’s going to happen. What I think we will see in 2018 is a cloud service that keeps recordings, photos, and audio in the cloud, and all of that data will be exposed. If 2017 taught us anything, it’s that the big players in the cloud space are vulnerable as well. We haven’t really learned our lesson after the iCloud hack that put so many celebrities’ private photos out into the world.

Cyber-Security-Threats-for-2018-3
You’re IOT device doesn’t need to be hacked… Just the Cloud

Employees IOTs on your Business Network

Just as we saw issues when smart phones were first allowed to connect to corporate networks, users want to connect their IOT devices at work. This assumes their not doing it already. Hint. Hint. They are!

The “OK Google” or Siri Test

The next time you’re in a meeting… Try activating “OK Google” or Siri on someone else’s device by saying the catchphrase out loud. See how many “Bong Bong” sounds you get. Then use your imagination to have fun with their browser history on their device, within corporate policy of course.

Don’t Get out the Tinfoil Hat

As with all predictions of cyber security threats, don’t move off the grid just yet. These things are going to happen, we’ll deal with them and 2019 will have something new thing to deal with. With AI and robotics, most likely SkyNet will develop soon, then all of this won’t seem so bad.

The long and short of it is, keep your Antivirus, Ransomware detection and Intrusion Detection Systems Cyber Security Threat Definition sets up to date. You’ll make it through, you always do!

About Patrick Stump

The CEO and founder of Roka Com, Patrick has been a key player in both offensive cyber intrusion and security operations with multiple branches and agencies of the United States Government (USG), the military, and commercial industry.

Connect with Patrick on LinkedIn