Kaspersky Lab 2018 Threat Predictions

Kaspersky Lab’s recently published their threat predictions for 2018, this report is complied using research and information from their anti-virus software. And with 2017 have seen threats such as WannaCry and NotPetya, 2018 might have a lot in store for it.

Supply Chain Attacks

A supply chain attack is a method used by attackers to breach the security of a companies without directly attacking their target. This means that the find a software vendor or other form os supplier and attack them. Once breach they have the ability to deploy an infected update through the compromised companies to their target.

During 2017 Kaspersky highlights Shadowpad, CCleaner and ExPtr/NotPetya. Kaspersky predicts that the number of supply chain attacks to not only be detected but also at the point of attack to increase. While they have not published any statistics they have been able to analyze this method of attack and belive it will be a popular attack vector in 2018.

High-End Mobile Malware

Over the past decade smart phone usage has become part of every day life, and due to this attackers have moved away from the conventual platforms to deliver malware. Kasperky predicts that their will an increase in hard to detect and remove malware on mobile device. An example of this would be the Shedun Trojan that in many cases took reinstalling the devices operating system to remove.

They also go on to point out that due to iOS being locked down and not allowing users the ability to scan the system, that users of Android are in a better position due to the being anti-virus solutions available on android. Although this could be due to their Android product, it gives food for thought that 2018 might have a lot in store for iOS in regard to security.

BeEF-like compromises with web profiling

The report also highlights that due to improvements in security and a great level of awareness, operating systems are getting much harder to find vulnerabilities in. The price of a zero-day exploits can be anywhere up to $1,500,000 for a remote iOS jailbreak with persistence attacks. With prices like this there is a hight chance that 2018 will see teams of both security researcher and also hacker hunting for these zero-day exploits.

UEFI and Bios Attacks

They have also predicted that 2018 will see a lot more UEFI-based malware. This attack vector can be rather dangerous as UEFI can allow for executables to be installed before the operating system has even booted. This can result in malware being deployed and installed before the systems anti-virus has been installed. As a result they are under the impress than there will be much more of this style of malware detected in 2018.

Destructive Attacks

According to the report there will be a greater amount of destructive attacks detected. The malware or wipers can remain dormant and infect numerous systems just as a normal worm would. But when activated the virus will then erase all of the data on the system. It is an effective and devastating method of cyber warfare resulting in their prediction of a raise in 2018.

Subversion of Cryptography

In todays age staying anonymous online is in the back of many people’s minds, after Snowden leaked documents highlighting mass surveillance. Kasbersky reports that a number of backdoor’s have been found in VPN networks. It also notes that the NSA appears to be behind these backdoor’s after paying companies to put them in. While in a lot of case this might not seem all that worrying, but their prediction of 2018 seeing more vulnerabilities  of this nature is rather worrying.

Router And Modem Hacks

During 2017 there was a massive vulnerability found in a large number of routers, the report also highlights how they belive we will see a lot more of these styles of attacks through 2018. They go on to explain that in some large-scale operations the router and modems will remain unpatched and un-watched for a long period of time opening them up all sorts of attacks.

 

Kaspersky Lab’s have published one of the earliest 2018 threat predicitions, and we will have to see how some of the other big security vendor think 2018 is going to go in terms of cyber security.

Passwords – Good Practise

Recently I have started to use a new password manager and got asked why I did not just use the same password across all of my accounts online. And this lead to me thinking that people as a rule don’t know effective and secure practice to follow when using online accounts and passwords.

Firstly you should always use a different password for each of your online accounts, this could be having one password with many variations such as different letters or symbols within it. This is necessary these days as it only takes one of the platforms you use to get hacked and you could potentially lose access to all of your accounts.

So Here Are Some Good Password Practice

Password Practise
The steps above are a fairly comprehensive guide to develop a highly secure password, by memorizing a sentence you have written, the arduous task of having to remember your new or complex password is reduces. you can also incorporate information about the account you are logging into meaning each accounts password will be a lot easier to remember.

unnamed
TrueKey is a password manager utility from Intel, and not only does it store information for online accounts you can also put in information like your social security number. This turns out to be very useful when paired with the mobile app. TrueKey also offers a feature that will generate a password for each account, and then log you straight in from the application. Meaning once you have secured all of your accounts you will only ever need 1 password to gain access to them.

6a00d8341cc8d453ef01157025645b970c
This final method is a touch old school I know. But in my opinion nothing can beat a trusty notebook (Granted I am probably one of a few that still like handwritten notes.) But the beauty of using a notebook is that you never have to worry about getting hacked and they can be carried on you at all times. Ok, so this option might not be the best if you tend to lose things but other than that its a sure fire way to manage multiple account details offline.
 

And hopefully if you follow some of the steps listed above you should be able to maximize your online security. As it is commonly known that the weakest point in most security systems is the human element. And that is because a lot of people have poor security knowledge or training. And this can be down to a number of thing such as age or use case.

But again hopefully this helps and you can share it with your friends and colleague to again increase everyone online safety.

RFID Wallets: Are They Worth It?

The title may lead you to believe this is going to almost be a tinfoil hat sort of post, but there are a lot of reasons why RFID protected wallets make sense. Sometime last year the photo below circulated the internet, because it showed someone on a train with a contactless card reader. contactless

Now I’m not sure if I know anyone these days that doesn’t have a contactless card, when they first came out i declined one due to the possible security threats that came along with them. But last year when I opened a new account my bank sent me one, so began the hunt for an RFID protected wallet.

So naturally the first place I turned to was amazon, as it is usually the place to go for items of that type. But after looking through about 4 or 5 pages i just was not happy with the style and quality of the wallets that they had. The images below are some example of the wallets that Amazon had to offer, not that any of them are bad. But I’m personally not a fan of either a hard shell or a tri-fold wallet. I’m a bit of a snob when it comes to wallets, as its like a good pair of shoes if you pay a little bit more they tend to be of a better quality and last longer.

So I held of for a while as i was skeptical of how well these wallets would last, and then I found what is in my opinion the perfect wallet. It was a nice black leather Michael Kors one. I did not at the time realize designer companies were incorporating RFID into there

RFIDWallet4.png

It was a fairly costly investment for a wallet but i felt the combination of the style and technology was worth the cost, personally i feel it blows all of the others on amazon out of the water, but the curious part was that if i had not stumbled upon it in a department store i would have had no idea. It was not overly well advertised on the packaging either other than a little paper tag sticking out of the top mentions the RFID protect. So for anyone out there looking for a nice stylish wallet with the added comfort of RFID protection should defiantly have a look at Michael Kors.