Ransomware, malware attacks to continue in 2018 as hackers advance to machine learning, analytics

01/12/2017 07:10

It's been a pretty scary year where cybercrime is concerned, with words like ransomware, malware and spyware becoming a part of our daily lexicon. Over 27,000 cyber security incidents were reported in the first half of the year alone-at least one cybercrime reported every 10 minutes-according to the Indian Computer Emergency Response Team. We hate to be the harbingers of gloom and doom, but 2018 is likely to be just as bad according to the recently-released McAfee Labs 2018 Threats Predictions Report.

"The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders," said Steve Grobman, Chief Technology Officer for McAfee, one of the world's leading standalone cybersecurity companies. So if WannaCry made you want to weep, know that it was just a taste of things to come as hackers develop new strategies.

 

In the coming year, the company not only expects continued risks from ransomware attacks and malware authors but, perhaps, also from companies selling smart home devices. Here are four key trends to watch out for:

Machine learning is making the bad guys smarter, too

Agreed that machine learning can process massive quantities of data and perform vast operations to not only detect but also correct known vulnerabilities, suspicious behaviour and zero-day attacks. But, according to McAfee, the bad guys will seek to leverage machine learning too, to support their attacks, learn from defensive responses and disrupt detection models. "We expect to see more advancements in the use of machine learning and analytics by attackers to accelerate and sharpen social engineering attacks-phishing, fraud, spyware, and scams-across more industry sectors than they can do today using manual reconnaissance techniques," says McAfee Labs vice president Vincent Weafer in the report, according to Yahoo Finance.

In order words, adversaries will try their hardest to exploit newly discovered vulnerabilities faster than defenders can patch them. "Human intelligence amplified by technology will be the winning factor in the 'arms race' between attackers and defenders," adds Grobman.

Ransomware will turn to more profitable targets

"McAfee Labs saw total ransomware grow 56% over the past four quarters, but evidence from McAfee Advanced Threat Research indicates that the number of ransomware payments has declined over the last year," states the report. 
As ransomware profitability dives in the face of vendor defences and user education, attackers will turn their focus to more profitable targets, including high net-worth individuals, connected devices, and businesses. This change will likely also introduce new kinds of attacks involving disruption of organisations and cyber sabotage. The report predicts an expansion of the cyber insurance market in the bargain.

The risk from serverless apps

The report highlights that while serverless apps save time and reduce costs, they will also increase attack surfaces for organizations implementing them. Not only are they vulnerable to attacks on data in transit, but also potentially to brute-force denial of service attacks, in which the serverless architecture fails to scale and incurs expensive service disruptions.

The threat from IoT (Internet of Things) device manufacturers

"Connected home device manufacturers and service providers will seek to overcome thin profit margins by gathering more of our personal data-with or without our agreement-turning the home into a corporate store front," warns the report. Of course, privacy risks from smart devices is nothing new, especially in the developed nations, but it's a problem that India is slowly waking up to. The report adds that large-scale gathering of personal information and user-generated content opens consumers up to the risk of data misuse, abuse, and even compromise.

Read more