As you must be aware, 2017 has been a cyber security nightmare. With constant and diverging cyber attacks, rare are those who can claim to have not fallen victim to black hat hackers this past year. Ransomware attacks such as WannaCry, NotPetya and Locky had the greatest effect on those who live and work in the cyberspace, but things are not so abstract as you might think. Aside from targeting vast amounts of money, cyber attacks have also come so far as to endanger people’s lives by targeting hospitals and medical equipment that keep countless people alive.
Having that kind of reach over our lives is anything but innocent, so we have come up with a comprehensive list of cyber threats to prepare for in 2018.
Growth of the cybercriminal “underground” network
People are used to criminals they can see, ones who touch them in real life and can harm them physically – gun wielding thugs who can jump you in a dark alley or shoot in a crowded mall. They perceive cyber threats as invisible and therefore fear them less, if at all. In a world where the Mafia has been all but wiped out from cities and countries – even if that is only what we are meant to think – it would be foolish not to believe that the criminals too haven’t adapted!
We no longer see them with oily hair and machine guns coming into our establishments and asking for protection money.
At the dawn of the 21st century, cyber criminals steal our money and endanger our businesses by taking over entire computer systems.
Why, you ask?
Because it’s become frighteningly easy to be a cyber criminal – you don’t even have to possess excessive technical knowledge, just to have access to the right tools!
People with such access coupled with bad intentions can cause a lot of damage. Moreover, the more the success of cybercrimes is publicized, the more likely criminals are to take notice and for it to become too profitable to ignore. And to make matters worse, the educated cybercriminals will make their attacks more destructive and harder to prevent in order to establish dominance in a saturated criminal market. Therefore, we can certainly expect the ransomware profits to exceed $1 billion in 2018 as cyber attacks become more frequent and elaborative.
Huge data breaches
2017 has seen many data breaches where the bad guy got a hold of a lot of sensitive information and we can expect even more of those in the starting year.
Data breaches have varied in both size and execution style, but have nonetheless had grave consequences:
- Computer theft at the Radiation Control Bureau in New Mexico (2003) – Data was lost from 8 state-owned computers after the facility was broken into and 8 computers were stolen. Without adequate data backup and data archives, this agency would have had serious trouble getting back up and running.
- Yahoo accounts data breach (2013) – Over 1 billion user accounts were compromised by hackers who used forged cookies. According to the company’s statement, payment card data were not endangered, but users’ names, email addresses, phone numbers, birthdates, passwords and security questions were offered up for sale on the black market. Not only had Yahoo neglected the protection of user data, but it took them 3 years to notice the attack or, at least, disclose it.
- North Carolina surgeons group privacy data breach (2017) – Patients’ old phone records were being transported by a truck when it shed some of its load. The data sheets included details such as their addresses, home phone numbers, medical issues and prescription information.
- The Equifax credit reporting agency (2017) – Data such as Social Security numbers, birth dates, etc on 143 million US citizens was stolen. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada, too.
As you can see, cyber criminals don’t so much care about the size of the target as they do about that of the spoils. They are interested in what they can do with the data they collect – the further mayhem it can cause as well as personal and financial damage it can inflict. However, the more access we give them in the future, the more chances they have of taking advantage of it.
Healthcare and education attacks
Similarly to the previous point, cyber attackers tend to target the vulnerable that lack the resources to defend their endpoints. Therefore, it is only to be expected for cyber attacks on industry verticals such as education and healthcare to go up in 2018.
Data rich targets such as schools – containing personally identifiable information on a large number of people (staff, students and parents) – often lack in proper security measures to defend themselves against cyber attacks.
By the same token, healthcare institutions should share the concern of being targeted simply because the more we rely on IT equipment to advance patient care, the more personal health data is at risk.
And not only that, but people’s lives get endangered in the process. Hospitals from all over the world went dark in a cyber attack at the beginning of 2017. Moreover, the stolen information from the United States National Security Agency was used to shut down life-saving equipment causing surgeries to stop and people to die right there on the operating table.
In the era of connected devices (IoT), the healthcare industry needs to make patient security a top priority by increasing security protocols. To combat this, both schools and hospitals should look to third-party security providers to encrypt these devices and regularly and appropriately backup sensitive data.
Seeing as cryptocurrencies have exploded in popularity in 2017, cyber criminals have thought of a way to cash in on this golden goose by secretly using your computers and phones.
How they do it, you wonder?
Due to mining by visitors to a web property in disclosed cryptojacking activity, this technique could be used to replace advertising on their websites to create a new means of revenue. However, the most likely scenario for cryptojacking is that legitimate websites will be compromised due to cyber criminals mining for cryptocurrencies.
However, the theft of cryptocurrency is not the most worrying thing here – it is the theft of computer processing power. Mining cryptocurrencies requires a vast amount of computing power in order to solve complex mathematical problems. Therefore, black hat hacker are now finding themselves encouraged to compromise millions of computers for such work. Recent cases have ranged from the hacking of public Wi-Fi in a Starbucks in Argentina to a significant attack on computers at a Russian oil pipeline company.
As currency mining grows, so will hackers’ temptation to breach many more computer networks. If they target hospital chains, airports, and other sensitive locations, potential collateral damage is should be a growing concern in 2018.
2018 will see the emergence of an AI-driven arms race. In order to better anticipate attacks, as well as spot the ongoing ones, security firms and researchers have been using machine-learning models, neural networks, and other AI technologies for a while. Thus, it’s highly likely that black hat hackers are adopting the same technology to strike back.
Take the example of spear phishing, which uses carefully targeted digital messages to trick people into installing malware or sharing sensitive data. Machine-learning models can now match humans at the art of crafting convincing fake messages, and they can churn out far more of them without tiring. Hackers will take advantage of this to drive more phishing attacks. They’re also likely to use AI to help design malware that’s even better at fooling “sandboxes,” or security programs that try to spot rogue code before it is deployed in companies’ systems.
From purely technical point of view, cyber criminals are likely to launch more malware worms in 2018 as it has proven an effective tactic. As shown by WannaCry and the Trickbot banking trojan, this cyber warfare method is quite faster in compromising networks than most others.
The reason for this?
Worms spread ransomware and other malware from one vulnerable computer to another, making it seem like they are traveling lightning fast!
Worm functionalities can bypass the need to get past firewall and phishing controls, easily accessing the soft underbelly of the enterprise network. To avoid another attack like WannaCry, enterprises will continue to work on getting out in front of worm progression.
Aside from fake news, hacking national elections is now a reality as it was confirmed in 2017 that Russian hackers had indeed launched an attack on voting systems in numerous American states ahead of the 2016 presidential election.
By doing so, they have endangered one of the fundamentals of democracy – the voting process itself.
Now, in preparation for the midterm elections in the US, the officials are hard at work to remove remaining system vulnerabilities. However, there is still much work to be done with many more potential cyber attack targets, such as electronic voter rolls, voting machines and the software used to collate and audit results.
Criminals of any kind are smart, but this new kind – the one that operates in cyberspace – takes the crown! They are fast thinking, patient and quickly adaptable to our good intentions and precautions taken to protect ourselves.
Regardless of whether you have been targeted deliberately or as a part of the widest possible number of websites that have a certain weak spot, by the time the problem is detected, the damage had already been done.
That is why it’s good to get ahead of the problem and approach your WordPress website’s security seriously and act proactively to fend off potential cyber attacks:
- Back up regularly
- Install updates as they are released
- Monitor website for changes
- Get the Secure Socket Layer (SSL) certificate
- Secure your login page
- Trust Awontis to do all this for you
We have over 275 clients who are more than satisfied with our services. On more than 1500 websites we actively monitor, nearly 55,000 security threats were successfully prevented using our solution. Not only do we perform full WordPress security scans on the platform itself, we examine and secure all plugins in order to make sure there are no security threats. The websites under our protection are watched 24/7 for threats and updates, allowing the businesses they represent to thrive. Finally, the already compromised websites are fixed by being thoroughly cleaned of malicious content and protected from future threats.
Since no security threat can be removed permanently on the Internet, we will keep your defense line firm and evolving with security practices to keep you safe.
Call us today and never worry about WordPress security again!