Virtualization Technology News and Information
What We Have to Look Forward to - Cybercrime in 2018


Written by Noam Rosenfeld, SVP, Cyber Intelligence Solutions, Verint Systems, Ltd.

Most organizations may have already been the victims of cyberattacks. They just may not know it. In fact, large organizations and governments targeted by threat actors may be attacked multiple times per day, some, multiple times per hour. For enterprises and governments depending only on traditional protection tools, the "knowing" is going to get a lot harder in 2018.

Cybercriminals are increasing their use of deception tactics, including anti-analysis code and stenography and setting up command and control servers for DDOS attacks.

As with any marketing and sales process, the criminals are continuing to differentiate their offerings. It's becoming very simple and easy to find new malware and new tools to penetrate and attack organizations. The marketplaces of the Dark Web are increasingly offering DIY malware with more capabilities for sale, allowing anyone to participate in cybercrime.

Cybercriminals are keeping pace with the world's adoption of IoT. 2018 will see an increase in the number of IoT botnets, which will only get larger as more devices join the global network.

Another major change to look forward to is that cybercrime is transforming from one-time hits to gain access to a person's bank account to long-term attacks.

One area in which 2018 will be the same: phishing campaigns won't be changing much. They are still using familiar topics like invoices, shipments, and wire transfers, but in 2018, they'll be continuing to increase the use of ransomware as one of the most common malware types delivered via phishing techniques.

Attacks with political motives will continue into 2018, with Russia supposedly heavily involved in such attacks. Because its previous activities were so successful, Russia will most probably be continuing its work in the United States and expanding its focus to Western Europe.

North Korea and Iran are also actively using cyberattacks for political means. Iran is expected to continue the work of its Kitten teams, which are targeting specific NGOs and individuals who speak out against Iran.

China will be continuing its economically focused cyberespionage activities to acquire the intellectual property and technology acquisition they need to support its five-year technology growth plan.

Meanwhile, governments are still trying to find acceptable responses and ways to fight against them.

On the enterprise side, in 2018, organizations are going to increase their focus on further educating users to be more wary of attachments, social engineering, and phishing attacks. Simultaneously, they will be improving operational security practices, starting or enhancing SOCs, and expanding training to increase the skills of their response staff. Instead of increasing budgets, they will be improving implementation and effectiveness of the tools they are already using.

More mature organizations are increasingly relying on consultants to build roadmaps for their threat prevention, detection, forensics, response, and integration activities. They'll become more dependent on risk analysis, examining endpoints to ensure that current tools are still relevant. Procedures will rely less on analysts for detection and more on automation.

Automation is going to be the most important addition to the security toolset in 2018. Due to the overwhelming volume of alerts coming through the SOC, companies will be increasingly relying on adding more automation to their SOCs to filter through the false positives and identify APTs.

Automation is going to become essential as threats themselves will be taking a major step forward technologically. Instead of malware based on signatures, more attacks will be based on multiple vectors, which are much harder to detect. In response, organizations will need to add automated machine learning and AI tools that accelerate identification of pattern-based cyberthreats and their related movement through the organization.

Automated hunt and automated investigation will become critical tools in the fight against cyberattacks. Organizations will need to add thorough solutions that automatically filter through threats, eliminating false positives while creating complete pictures of the attack chains to accelerate detection, forensics, and response.

Automated hunt and automated investigation will supplement the work of the analyst, making clear conclusions based on logic, which the human analyst can use for further investigation and response.


About the Author

Noam Rosenfeld 

Noam Rosenfeld is SVP, Cyber Intelligence Solutions, Verint Systems, Ltd. and Former Head of Cyber Defense Department in the IDF. Verint Systems provides a unified platform for advanced cyber threat defense, which accelerates the path from detection to response with automated investigation. 

Published Tuesday, February 20, 2018 7:32 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2018>