Massive cyber attacks slated for 2018 will make Petya WannaCry
Ransomware and malware
Ransomware has been a cash cow for criminals, as well as a disguise for more destructive purposes. For example, Petya looked like ransomware but inflicted damage by locking up data.
Hadjizenonos said all types of users – from consumers to corporations – have fallen prey to ransomware, causing reasonable suspicion that it will continue to grow.
“We can also expect to see criminals getting creative in their extortion tactics, for example if you infect two contacts, we’ll give you your data back at a lower cost.”
Utilisation of server-less computing and data storage in the cloud is becoming more widely adopted in business, he said.
“However, it’s worth remembering that cloud technology and the infrastructure that supports it is relatively new and evolving, and that there are still serious security concerns that provide a backdoor for hackers to access enterprise systems and spread rapidly across networks.”
He said the growing adoption of SaaS-based email such as Office 365 and Google’s G-Suite makes for attractive cybercrime targets, and we expect cyber criminals to ramp up their cloud attacks during 2018.
Mobile devices are part of the business IT fabric everywhere, yet they continue to be rarely, if ever, secured appropriately. Hadjizenonos said as a result they presented a vulnerability risk.
“We’ll continue to discover flaws in mobile operating systems that highlight the need for organisations to take a more serious approach to the protection of their mobile infrastructure and end-point devices against malware, spyware, and other cyber attacks.”
The majority of critical infrastructure networks were designed and built before the threat of cyber attacks, he explained.
“Whether the target involves telephone/mobile phone networks, electrical grids, power plants, or water treatment plants, it speaks to our good luck that there hasn’t been a large-scale, successful attack on critical infrastructure that impacts millions of people… yet.”
The DDoS attack against domain directory service DynDNS in 2016, which caused an internet outage affecting users of large web businesses such as Netflix and Amazon, provides a glimpse of what is possible in critical infrastructure cyber attack, Hadjizenonos said.
“An attack of this type and scale will happen, and it would not be surprising to see it happen in the next 12 months.”