That the coming year going to bring?
What to expect in 2018?
Positive Technologies specialists told us what can happen in the new year
The international company Positive Technologies, specializing in the development of software in the field of information security, reminded us the most memorable events of 2017 and presented its own forecast for 2018. Over the past 12 months, the company's experts have investigated many cyber security cases related to their immediate field of activity, and the data collected by them was used as the basis for the annual review.
Events and trends, which were most memorable in the outgoing year 2017 according to Positive Technologies:
- The emergence of extortionists viruses, which caused big problems to banks, schools, energy companies, telecommunications companies, etc. In addition, vulnerabilities in defense systems led to the halt of Honda and Nissan factories in Japan and Renault factory in France.
- Adoption of the federal law of July 26, 2017 No. 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation". The document doesn't just recommend - it strictly obliges state and commercial companies to protect information and introduces mechanisms of monitoring the effectiveness of protective measures.
- Attackers began to take advantage of telecom vulnerabilities. They started to intercept the codes for two-factor authentication with the help of vulnerabilities of SS7 signaling protocol began. The first to suffer were O2-Telefonica subscribers.
- "Scalable" attacks on ATMs began. Cybercriminals have established a system for connecting to the bank local network, which gave them the ability to remotely control a lot of ATMs.
- In the spring of 2017, Positive Technologies experts found hundreds of computers in large companies that have cleared the crypto currency for unknown attackers. Miner used the same vulnerability as WannaCry, and protected the captured PCs from encryptor.
- No sooner had the noise worsened around the safety of IoT due to botnets and DDoS attacks, as the criminals started to use the unprotected "smart" coffee machines to stop petrochemical plants, and smart aquariums for the casino attacks.
- By the end of the year, bitcoin outstripped the Russian ruble by capitalization, and hackers focused on block-start-ups. The simplest attack scheme was in searching’ for vulnerabilities on the ICO site with the subsequent substitution of the investments collection purse address after it. Israeli CoinDash lost $7.5 million that way.
- In 2017, the world was swept by a real epidemic of targeted attacks. The number of companies that faced APT attacks increased almost twice this year. In addition, not only their quantity grows, but also the quality. And it doesn’t look like this trend is going to weaken.
- Continuing the topic of increasing number of cyber attacks, the company's analysts predicted a growing interest in the construction of security monitoring centers (SOC). And if in the end of 2017 only about 10 companies started to create their own SOC in one form or another, in 2018 this number will grow at least three times.
- In 2017, Positive Technologies and Solar Security took over the creation of turnkey centers - the president Vladimir Putin instructed the FSB of Russia to create a system for detecting, preventing and eliminating the consequences of computer attacks on IT resources as early as 2013, and finally the system starts its operation. The developers do not claim that hacking it will be completely impossible, but its launch will cut off 90% of primitive attacks, which will allow experts to concentrate on high-level ones.
- The number and quality of logical attacks on ATMs will continue to grow. And if for the first half of 2017 the total amount of attacks of this type in Europe has increased by 500%, in 2018 this figure may increase several times more. Proceeding from this, banks will begin to take an active interest in means of protection against threats threatening large financial losses.
Mobile networks will remain very vulnerable, and unfortunately, this can lead to terrible consequences. For example, self-governing cars exchange data on the speed, location of cars on the road and the like by using mobile networks. And DDoS-attack can leave such a car completely "blind." Similarly, you can intervene in the work of smart traffic lights connected to mobile networks. Positive Technologies company reported about the rejection of the Diameter protocol in next-generation 5G networks due to its insecurity, and the search for an alternative option.
- There are hacker attacks on electronic wallets. This way of storing money is very convenient, and therefore it gets more and more fans. However, it still remains unsafe. Therefore, attempts at hacking are involved. In addition, in their forecasts Positive Technologies noted the increase in the number of hacking Web applications blocking projects through phishing.
- Well, finally, the "Renaissance" of hardware attacks, such as the use of vulnerabilities in the Intel Management Engine, is expected. If the attackers manage to use it, the targeted attacks will come to another level, as well as cryptolocers attacks, when not only the data is blocked, but the motherboard breaks down as well.