IT Security Predictions For 2018

2017 was a watershed year in cyber security in the Asia-Pacific (APAC) region. Major organisations – from Singapore’s leading universities and Ministry of Defence to Australia’s national broadcaster and Malaysia’s telecoms operators – had fallen prey to cyber attacks, with personal data stolen in some cases.

While the affected organisations shore up their defences and recover from the attacks, those that were relatively unscathed should not rest on their laurels.

After all, in cyber space, where threat actors know no boundaries, any organisation is susceptible to attacks by resourceful hackers who are becoming more ambitious by the day. We take a look at the top cyber security trends that are likely to dominate the threat landscape in 2018.

  • DDoS on the rise

It is now possible for anyone to ‘rent’ a DDoS attack on the internet. For as little as US$ 5, you can actually pay someone to do the attack for you! This is just one of the reasons DDoS threats will continue to escalate in 2018, alongside the cost of dealing with them. The dangers of DDoS for smaller companies are that it will leave them unable to do business. For larger organisations, DDoS attacks can overwhelm systems. Remember that DDoS is significantly under-reported, as no-one wants to admit they have been under attack

  • Time to ditch those simple passwords

In 2018, simple passwords will be even more highlighted as an insecure ‘secure’ method of access. Once a password is compromised, then all other sites with that same user password are also vulnerable. As staff often use the same passwords for business as they use personally, businesses are left vulnerable. While complex passwords do have a superficial attraction, there are many challenges around that approach and multi-factor authentication is a vastly superior method of access.

  • Ransomware will be the most dangerous threat to businesses and organizations worldwide

Once again ransomware will represent the most dangerous threat to organizations and end-users. The number of new Ransomware families will continue to increase; authors will be more focused on mobile devices implementing new evasion techniques making these threats even more efficient and difficult to eradicate.

Security researchers expect new ransom-as-a-service platforms will be available on the dark web making very easy to wannabe crooks to arrange their ransomware campaigns.

  • Cybercriminals focus on cryptocurrencies

The rapid and sustained increase in the value of some cryptocurrencies will push crooks in intensifying the fraudulent activities against virtual currency scheme.Cyber criminals will continue to use malware to steal funds from victims’ computers or to deploy hidden mining tools on machines.

A growing number of websites will be compromised to host miner scripts used to monetize the computational capability of the visitors.In 2018, more people will mine cryptocurrencies on their computers; we will undoubtedly see more attacks designed to steal crypto coins from users.Security researchers worldwide will observe an intensification of mass Internet scanning campaigns for wallet accidentally exposed online.

  • IoT – a security time-bomb

IoT is a rapidly growing phenomenon which will accelerate in 2018, as both consumers and businesses opt for the convenience and benefits that IoT brings. However, manufacturers are not yet routinely building security into IoT devices and 2018 will see further problems generated through the use of insecure IoT. IoT is a major threat and possibly the biggest threat to businesses in the coming years. Unfortunately, it is not easy, and in some cases impossible, to bolt on security as an afterthought with IoT, and many organisations will find it challenging to deal with the consequences of such breaches.   As IoT cascades through organisations’ infrastructures, it is likely to become the ultimate Trojan horse.

  • Mobile malware on the rise

With the rising mobile penetration rates and weak cyber regulations in developing markets in the region, smartphones are becoming more attractive to hackers as opposed to PCs.Malwarebytes said countries such as the Philippines, Malaysia and Indonesia are already seeing widespread usage of mobile banking and social media through smartphones.The problem is exacerbated by the lack of regulation over third-party app stores selling malicious apps, as well as the use of counterfeit software that may come with malware.

“Outdated prevention security, use of pirated software, lack of remediation or response and poor cyber hygiene will continue to contribute to increasing levels of mobile malware in the region,” Malwarebytes said.

  • Artificial Intelligence as a double-edged sword

The way the good guys and bad guys use AI will shift. Cybersecurity is an arms race and the weaker party will resort to asymmetric means to achieve its goals. Just as organizations are adopting machine learning and AI to improve their cybersecurity posture, so are the threat actors. Attackers are using machine learning to speed up the process of finding vulnerabilities in commercial products, with the end result being that attackers will use ever more new exploits without signaling that AI was involved in their creation. AI will also increase the number of qualified cybersecurity professionals as it lowers the barriers of entry into the profession and allows less trained individuals to still be effective on the front lines of the cybersecurity battle. In addition, AI will allow existing cybersecurity professionals to move up-market by leveraging AI to find more complex attack scenarios before they do significant damage— Oliver Tavakoli, CTO, Vectra

  • GDPR – have most businesses missed the point?

The arrival of GDPR (General Data Protection Regulation) in May 2018 will, of course, be a big story. However, many organisations are missing the main point about GDPR. It is about identifying, protecting and managing PII – any information that could potentially identify a specific individual. This will become more important in 2018 and there will be considerable focus on identifying, securing and, where required, deleting PII held on networks.

  • Cloud security, a top priority for enterprises

A growing number of companies will rely on cloud storage attracting the interest of cyber criminals and state-sponsored hackers.Because of this, cloud infrastructures are a potential target of security breaches.

In response, enterprises should adopt security guidelines and strategies to mitigate the risk of exposure to cyber threats.Unfortunately, the number of enterprises that will develop data security and governance programs as a measure to prevent data breaches and data leak will be limited.



The Future of Cybersecurity Is in High-Speed Quantum Encryption

Researchers have successfully developed a high-speed quantum encryption system that could prevent hackers from penetrating computers.

The new quantum encryption system represents a new level in cryptography, which is quite ironic since the advent of quantum computing has been considered a threat to current encryption methods, but it might just hold the key to keeping the internet safe and secure.

Securing The Internet

According to the researchers’ study published this week in Science Advances, the new system can create and distribute encryption codes at a rate of megabits per second, which means it transmits quantum key distribution five to ten times faster than existing methods.

google-advanced-protectionAlso read: Enable Google’s New “Advanced Protection” If You Don’t Want to Get Hacked

The team, composed of researchers from Duke University, Ohio State University, and Oak Ridge National Laboratory, demonstrates that the technique is immune from common attacks even in a situation where the equipment itself has exhibited a flaw that could open up leaks.

“We really need to be thinking hard now of different techniques that we could use for trying to secure the internet,” said Daniel Gauthier, a physics professor at the Ohio State University.

The frequency of data breaches is no laughing matter. Just this month, there were two reported high-profile cases of hackers breaching servers: one is the massive Uber data breach last year — which Uber just recently confessed to — that had put 57 million accounts at risk. The ride-hailing company tried to guise it as a bug bounty program achievement. Then there’s the Imgur data breach, which had affected 1.7 million accounts yet went unnoticed for years.

High-Speed Quantum Encryption: How Does It Work?

In a study published in the journal Science Advances, the researchers demonstrated a system that uses quantum key distribution (QKD), creating and distributing encryption codes at megabit-per-second rates. The secret lies in putting more information on the photons — light particles used in QKD and in most of today’s quantum networks — and combining it with high-speed detectors.

The feat was achieved by adjusting the moment when photons are released, making it possible to encode two bits of information on a photon instead of just one. As a result, their system can transmit keys five to ten times faster than current methods, which only allow for between tens to hundreds of kilobits per second. Running several systems that use their new method in parallel  creates current internet speeds.

This is important, because most of today’s existing “quantum-secure encryption systems cannot support some basic daily tasks, such as hosting an encrypted telephone call or video streaming,” Nurul Taimur Islam from Duke said in a press release.


QKD requires a set of encryption keys sent separately from the encrypted message. In principle, the information becomes “hack-proof,” because tampering with the message or the encryption key would alert both the receiver and the sender. However, QKD cannot work flawlessly, because it requires equipment that is still imperfect. This makes QKD vulnerable to hacking.

iphone-5s-touch-id-img_0798-100053552-origAlso read: Why your smartphone’s fingerprint scanner isn’t as secure as you might think ?

“We wanted to identify every experimental flaw in the system, and include these flaws in the theory so that we could ensure our system is secure and there is no potential side-channel attack,” said Islam, explaining how they had to identify and incorporate the limitations of the equipment they used.

In any case, QKD is still currently the best chance we have for improving today’s cybersecurity measures, which have been proven — time and again — to be inadequate to deal with hacks and breaches. And because this new system used equipment that’s mostly commercially available, it would be easy to integrate into the current framework of the internet.