Not just a one-hit wonder, ransomware will once again represent the most dangerous threat to organizations and end-users. There were several large scale ransomware attacks that made headlines in 2017, leaving damaged reputations and massive legal costs in their wake. 2018 will undoubtedly bring new ransomware families and an increased focus on mobile devices, an area many see a ripe for exploitation. Security experts also predict more sophisticated ransomware-as-a-service platforms to be made available on the dark web, giving further ammunition to even the least experienced would-be cyber criminals.
Socially Engineered Threats
Social engineering is simultaneously the oldest and fastest growing area in cyber crime. Human beings are typically the weakest link in otherwise robust security and hackers know this all too well. From Q2 to Q3 2017, there was a 74% increase in phishing attacks, with almost all attacks being attributed to unpatched software and social engineering. Trend Micro, based on data from the Federal Bureau of Investigation, is predicting that business email fraud will hit $9 billion in 2018.
Growth in the Cloud
Many companies are shifting to the cloud for data storage, peaking the interest of cyber criminals and state-sponsored hackers, and making cloud infrastructures a prospective breach target. With this shift needs to come further awareness that traditional firewalls no longer get the job done. Today’s threat landscape requires a much more strategic hybrid security approach to truly mitigate risk.
Cryptocurrencies like Bitcoin and Ethereum have had a rapid increase in value and hackers have noticed. In 2018, malware is expected to continue as a major cyber criminal weapon of choice, but will take new focus on stealing funds directly from victims’ computers.
Industry Specific Attacks
Healthcare and Finance will continue to see increasing amounts of attacks. Cyber criminals want the biggest payouts for their efforts and will continue their focus on obtaining financial data and personally identifiable information (PII) like social security numbers. This doesn’t mean SMB’s are off the hook, however. Smaller companies often find that malware is indiscriminate and will need to continue finding ways to stay vigilant.