BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

Cyberthreats To Watch In 2018: Attacks Designed By Machines And Code That Targets Chips

CenturyLink

Weak passwords and social engineering may be a problem as long as humans interact with computers. Threats related to these vulnerabilities will inevitably grow and evolve.

In the year ahead, threats will grow not only from organized crime, which has long been interested in exploiting cyberspace, but also from nation-states. News reports of government-sponsored attacks on businesses and the infrastructure of other nations will spread. A growing number of exploits — attacks against an undocumented or unpatched security weakness — already come from toolkits developed by the government, including the U.S. National Security Agency.

The stakes could get even higher as attacks become more self-directed and intelligent, meaning machines will automatically attack other machines. Organized attackers are investing in artificial intelligence and algorithms that will seek out targets and design new exploits, all without human intervention: They are expected to steal data and extort ransoms on their own.

Here’s a look at other developments we expect for the year ahead.

Ransomware Stays Front And Center

Two branches of sophisticated cryptography have fueled the growth of ransomware, which in the wake of the WannaCry attack, has become a routine and necessary part of planning for businesses in most industries.

No longer only a concern for businesses in niche industries, ransomware attacks often perform deep, difficult-to-reverse encryption on crucial files. Cryptography-based blockchain payment systems such as bitcoin make it easier for attackers to communicate with victims and anonymously collect ransoms from them. Because of the growing dependence on digital systems, ransomware attackers have more targets than ever from which to choose.

Personal Identity Breaches Redefine Trust

Passwords, credentials and personal information have been leaking for years into the hands of illicit data brokers. But it wasn’t until the Equifax database breach last year that it became clear that most Americans are compromised — if not irreparably, then certainly with no obvious or immediate fix. The same personally identifiable information contained in the Equifax database often used as a tool to positively establish identity is now available to a variety of bad actors. Instead of papering over security problems with solutions such as two-factor authentication, cybersecurity strategists will have to focus on establishing an entirely new framework for trusted ID.

Insecure CPU Vulnerabilities Loom Large

Infrastructure is always a concern. Last year, there was a lot of hand wringing about insufficient security surrounding internet of things (IoT) devices. The concern was operating systems that would not be maintained or patched against new threats, making them ripe targets for subversion. If turned into bots, they could become malicious sensors and controls that could form botnets of their own, ones that would be extraordinarily difficult to detect and root out from networks. And it wasn’t just IoT infrastructure under fire. Cloud storage security was a real concern, and no one knew when the next Heartbleed-like exploit might compromise significant data.

But the greatest vulnerability of all is buried deep in our digital infrastructure, looming over conventional computers and smartphones that we once believed were secure. The Meltdown and Spectre exploits have revealed a massive security flaw at the heart of both x86-64 and ARM architecture chips. Although the vulnerabilities vary by core and manufacturer, they still represent the bulk of processors used in desktops, servers and mobile devices today. They can force a processor to reveal memory from one application to another. A malicious piece of website code can be used to steal information from another browser tab, or from any other program running.

And there may be more to worry about. Intel has conceded that the Minix kernel, which runs the Management Engine inside its CPUs, has significant security flaws as well. Meltdown and Spectre can largely be patched, albeit at a sometimes severe performance penalty. Minix is much more difficult to remedy because it is part of the internal architecture of the chip and not meant to be patched in the field.

Virtually every computer and smartphone is at risk from one or more of these flaws. Most of their users have been the victim of a personal data breach.

Vigilance by everyone everywhere, at every moment, has never been more important.

So, what’s the best defense against cybersecurity threats? You need a solid cybersecurity strategy with experts to help you deploy an efficient and effective plan. For more information about protecting your business against cybersecurity threats, talk to a CenturyLink cybersecurity expert today.