Cybercriminals to ramp up use of known flaws

Cybercriminals will continue the trend of exploiting known vulnerabilities in major attacks in 2018, Trend Micro has predicted.

The security company’s 2018 predictions report states that cybercriminals are expected to focus on vulnerabilities that have been known for a while but have yet to be patched in corporate networks.

“Many devastating cyber attacks in 2017 leveraged known vulnerabilities that could have been prevented had they been patched beforehand. This trend will continue into 2018 as corporate attack surfaces expand and expose more security holes,” Trend Micro Director and Data Scientist Dr Jon Oliver said.

“While this remains a challenge for enterprises, executives should prioritise vulnerability management as they make 2018 cybersecurity plans. This is particularly relevant with the Notifiable Data Breaches scheme coming into effect in Australia on 22 February 2018.”

He said both this scheme and the General Data Protection Regulation coming into force in the EU next year will have an impact on how Australian businesses and organisations view and report breaches.

“These laws will lead to greater transparency and accountability among Australian enterprises, which will help minimise the impact on customers and reduce the value of the stolen data, thereby acting as a deterrent to cybercriminals.”

Trend Micro also predicts that ransomware will continue to be a popular tool in the cybercrime arsenal, and that there will be an increase in targeted ransomware attacks aimed at a single organisation to force larger ransom payouts.

Likewise, business email compromise attacks, also known as CEO fraud, will continue to gain popularity with attackers due to the high return on investment from successful attacks. Trend Micro predicts that such attacks will lead to up to US$9 billion ($11.9 billion) in global losses next year.

Another attack vector predicted to grow in popularity is Internet of Things (IoT) vulnerabilities, with devices such as biometric trackers, drones, speakers and voice assistants expected to be hijacked to track data, reroute deliveries and hack into home networks.

In the same vein, attackers are expected to continue to circumvent and abuse emerging technologies such as machine learning and blockchain, the report has predicted.

Image credit: ©stock.adobe.com/au/Leo Lintang

Follow us and share on Twitter and Facebook