Kaspersky Lab’s recently published their threat predictions for 2018, this report is complied using research and information from their anti-virus software. And with 2017 have seen threats such as WannaCry and NotPetya, 2018 might have a lot in store for it.
Supply Chain Attacks
A supply chain attack is a method used by attackers to breach the security of a companies without directly attacking their target. This means that the find a software vendor or other form os supplier and attack them. Once breach they have the ability to deploy an infected update through the compromised companies to their target.
During 2017 Kaspersky highlights Shadowpad, CCleaner and ExPtr/NotPetya. Kaspersky predicts that the number of supply chain attacks to not only be detected but also at the point of attack to increase. While they have not published any statistics they have been able to analyze this method of attack and belive it will be a popular attack vector in 2018.
High-End Mobile Malware
Over the past decade smart phone usage has become part of every day life, and due to this attackers have moved away from the conventual platforms to deliver malware. Kasperky predicts that their will an increase in hard to detect and remove malware on mobile device. An example of this would be the Shedun Trojan that in many cases took reinstalling the devices operating system to remove.
They also go on to point out that due to iOS being locked down and not allowing users the ability to scan the system, that users of Android are in a better position due to the being anti-virus solutions available on android. Although this could be due to their Android product, it gives food for thought that 2018 might have a lot in store for iOS in regard to security.
BeEF-like compromises with web profiling
The report also highlights that due to improvements in security and a great level of awareness, operating systems are getting much harder to find vulnerabilities in. The price of a zero-day exploits can be anywhere up to $1,500,000 for a remote iOS jailbreak with persistence attacks. With prices like this there is a hight chance that 2018 will see teams of both security researcher and also hacker hunting for these zero-day exploits.
UEFI and Bios Attacks
They have also predicted that 2018 will see a lot more UEFI-based malware. This attack vector can be rather dangerous as UEFI can allow for executables to be installed before the operating system has even booted. This can result in malware being deployed and installed before the systems anti-virus has been installed. As a result they are under the impress than there will be much more of this style of malware detected in 2018.
According to the report there will be a greater amount of destructive attacks detected. The malware or wipers can remain dormant and infect numerous systems just as a normal worm would. But when activated the virus will then erase all of the data on the system. It is an effective and devastating method of cyber warfare resulting in their prediction of a raise in 2018.
Subversion of Cryptography
In todays age staying anonymous online is in the back of many people’s minds, after Snowden leaked documents highlighting mass surveillance. Kasbersky reports that a number of backdoor’s have been found in VPN networks. It also notes that the NSA appears to be behind these backdoor’s after paying companies to put them in. While in a lot of case this might not seem all that worrying, but their prediction of 2018 seeing more vulnerabilities of this nature is rather worrying.
Router And Modem Hacks
During 2017 there was a massive vulnerability found in a large number of routers, the report also highlights how they belive we will see a lot more of these styles of attacks through 2018. They go on to explain that in some large-scale operations the router and modems will remain unpatched and un-watched for a long period of time opening them up all sorts of attacks.
Kaspersky Lab’s have published one of the earliest 2018 threat predicitions, and we will have to see how some of the other big security vendor think 2018 is going to go in terms of cyber security.