by Bharat Mistry
It’s that time of year again. As we bid farewell to 2017 and look forward to the next 12 months, it’s only right that we share our predictions for 2018 to help IT security bosses prepare for the inevitable cyber-assault on their systems. Our report, Paradigm Shifts: Security Predictions for 2018, features a range of trends to watch out for during the coming year, including: a continued growth in cyber-propaganda; BEC losses to exceed $9m; new IoT threats; and an uptick in digital extortion campaigns.
But to pull back a little and look at the bigger picture, one trend in particular will dominate: known vulnerabilities are set to cause havoc in 2018 as the primary cause of most of the year’s biggest attacks. The good news is that mitigating this risk should not require a major additional investment of time and resources — but it needs to start now.
The problem with vulnerabilities
Anyone with an eye on the past 12 months will understand why known software flaws could be so disruptive in 2018. After all, they caused the biggest security events of the past year. Exhibit A is undoubtedly WannaCry: the infamous ransomware-worm attack which spread around the world in just hours, infecting hundreds of thousands of computers. In this case those behind it used alleged NSA exploit information leaked by the Shadow Brokers group, which it is claimed is backed by the Russian state.
It’s proof if any were needed that even nation states can’t keep research on offensive cyber-tools a secret. Eventually they will find their way onto the cybercrime underground, putting innocent consumers and organisations around the world in danger. In the case of WannaCry it was the NSA’s EternalBlue Windows SMB exploit that was used to make the threat so prolific. It had been patched months earlier by Microsoft, but still managed to spread to a huge range of unprotected endpoints, highlighting organisations’ continued negligence when it comes to security best practices.
There are many potential repercussions. We can expect nation state groups like Pawn Storm to continue their exploitation of known vulnerabilities — as well as more sophisticated zero days — to infiltrate targets. Data theft is usually the outcome in these instances, while among financially motivated cybercrime gangs we can expect software flaws to be exploited in ransomware attacks as well as info-stealing raids.
Who knows what vulnerabilities may be exposed and used over the coming 12 months. All we know is that once flaws become public knowledge, the clock starts ticking: from then it’s just a matter of “when” not “if” it will hit users. The signs aren’t looking good: Trend Micro’s Zero Day Initiative uncovered 382 new vulnerabilities in the first half of 2017 alone, according to our Midyear Security Roundup.
The bottom line is that if you have known and unpatched vulnerabilities in your IT environment, they will be targeted — it’s just a matter of time. Yet many IT leaders managing legacy systems either can’t patch — because none are available — or are reluctant to apply fixes in case they break mission critical installations. But there are solutions:
- Consider reducing the attack surface by minimising the number of unpatched flaws in your environment. Virtual patching is a great way of keeping even legacy and “end-of-life” systems secure
- Revisit patch management policies and invest in automated tools to ease the burden
- Be prepared for a worst-case scenario. Ensure you have a comprehensive and thoroughly tested incident response plan in place. This should ideally include key stakeholders from all over the organisation (HR, Legal, IT etc). The quicker you get on top of an incident, the better your chances of minimising the financial and reputational fall-out.
Read our full list of predictions for 2018 in the report. Have any predictions of your own for 2018? Share them with us on Twitter @TrendMicroUK.