View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 3, 2018updated 07 Jul 2022 5:20am

Crybercrime in 2018: Get ready for bot battles, hack-and-leak extortion & supply chain woes

CBR grilled Dr Adrian Nish, Head of Threat Intelligence at BAE Systems, about what he thinks the cyber security landscape will look like in 2018.

By Ellie Burns

Giving us his top eight insights for 2018, Dr Nish painted a picture dominated by bots, malware…….and, of course, GDPR.

1.GDPR bites

After six years of preparation, hype and debate the General Data Protection Regulation (GDPR) will be enforced from 25th May 2019. Any organisations found to be non-compliant will face heavy fines. The spotlight will be on the early breaches and how the regulators react to them. Many firms processing EU citizens’ data from outside of the EU may not have understood that they too will be affected by the regulations.

Recent analysis suggests that few firms are ready for the new regulations, raising the likelihood of breaches and potential fines

2. Malware authors outsmarting NextGen AV /AI

In recent years, a big trend in the anti-malware market has been the use of machine learning algorithms in detection engines that rely on features extracted from known bad samples. These bad samples include metadata values, exported function names, and suspicious actions.

Malware authors get better at building techniques to outsmart them as ‘NextGen AV’ solutions become more commonplace
In recent months we have seen malware filled with legitimate code and functionality which appears to have no purpose but to outsmart machine learning algorithms

3. Market manipulation via hack or Twitter bot

To-date there have been few cases of criminals looking for ways to target and exploit the stock market system online. In theory, these could be attractive targets, as playing the market is ‘out-of-band’ from the hack itself.

We predict that, in 2018, we’ll see a repurposing of ‘fake-news’ Twitter bots to push market relevant information
This could be used in pump-and-dump style attacks, or could be targeted at algorithmic trading ‘bots’

4. The first battle of the bots

It’s inevitable that attackers will begin to incorporate machine learning and artificial intelligence at the same rate as network defence tools. We may already be at this point, with online Twitter bots able to react to emerging events and crafting messages to respond.

2018 could be the year we see the first battle of the AI bots. As cyber-criminals build systems that can ‘learn’ and adapt to defences, while detection engines also evolve using AI

Chatbots: Should your business talk to a robot?

5. Extortion through hack-and-leak

There has been a rise of ransomware over recent years, partly enabled by online criminal malware marketplaces and partly the popularity of Bitcoin and other cryptocurrencies. Businesses are a natural target for such attacks, as seen with WannaCry and Petya last year. Ransomware can be spread across a large number of networked devices for maximum impact. Business rarely pay a ransom of this nature, as they typically have backups they can revert to when needed.

A more dangerous approach we believe criminals will begin to implement is stealing information and extorting victims by threatening to leak if ransom isn’t paid
These leaks could be highly damaging: substantial fines, loss of customers, embarrassment to executives (e.g. stolen emails)

6. Supply chain woes

2017 was a huge year for supply chain attacks. We predict that this will continue in 2018 as criminals see this type of attack to be more and more viable.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
The biggest chunk of this may be software supply chain compromise, rather than third-party or hardware compromise

7. Sociotechnical approaches to risk – copy techniques from Safety Engineering

Information Assurance has been around for a long time and technology, threats and vulnerabilities have moved on. Securing information has become less about having firewalls and policies, and more about complex interactions between people and machines. Practitioners have also realized there is need to consider systems as a whole, rather than as discrete components, and have now begun to consider new approaches.

Safety Engineering is a possible new approach, which is already copied across other domains
2018 may see greater emphasis on evolving security beyond traditional approaches, incorporating sociotechnical analysis

Crybercrime in 2018: Get ready for bot battles, hack-and-leak extortion & supply chain woes

8. IDN Homograph Domain Spoofing

The Internationalised domain name (IDN) homograph technique uses similar characters in non-Latin alphabets in order to appear similar to the targeted Latin alphabet domain. The non-Latin characters are interpreted by the Latin web browsers as ‘Punycode’. As an example, the punycode of ‘xn--oogle-qmc’ resolves to ‘ɡoogle’ – note the two different types of ‘g’.

Recently we have observed this technique being employed on a larger scale, though this technique has been a proof of concept and sparingly used for a number of years – attackers can use a vast amount of subtle letter swaps using this technique
We predict this technique to increase in early 2018 if web browsers continue converting the Punycode domain into the Unicode domain, thus appearing to be the legitimate domain to the end user

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.