Cyber Security Threats in 2018
Cyber security threats aren’t going away. In fact, they may be getting worse. With a severe shortage of cyber security professionals to combat increasingly sophisticated attackers coupled with a growing dependence on technology, the threats loom large in 2018. Here are just a few of the many cyber threats predicted to cause harm in the year ahead.
- Connected Cars and Semi-Autonomous Trucks – While the driverless car is close, but not yet here, the connected car is. A connected car utilizes onboard sensors to optimize its own operation and the comfort of passengers. This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent, accounting for half of all vehicles sold in 2015, according to a GSMA study. The same study predicts that by 2025 every new car sold will be connected. For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data and/or harm drivers.
In 2015, Charlie Miller and Chris Valasek, now famed car hackers, successfully exploited a Jeep Cherokee, disabling the car remotely via the entertainment system. As Wired wrote, “Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes and transmission, all from a laptop that may be across the country.”
In addition to safety concerns, connected cars pose serious privacy concerns.
“When you get down to it, your car knows a lot about you: where you go, when you go, how long you are there, the route you took to get there, the way you drove to get there, the temperature of the cabin, what entertainment you engaged in, and how long you were chatting on the phone (if you use Bluetooth). If you’re using it, quite a detailed record of your life is being collected and potentially transmitted somewhere,” wrote Security Week.
As manufacturers rush to market with high-tech automobiles, 2018 will likely see an increase in not only the number of connected cars but in the number and severity of system vulnerabilities detected.
Similarly, autonomous trucks took to the freeways in 2017 with the startup Embark putting its first test vehicles on highways from Texas to California. And last year the American Trucking Association issued its “first autonomous vehicle policy, calling for uniform federal laws that could help developers and researchers make automated and connected vehicles safer than humans,” according to Wired.
But security experts are concerned. For one, GPS spoofing could be used to misdirect trucks just as it has been used to successfully misdirect aircraft and boats. Plus, trucks are particularly attractive targets for hackers because they all follow a common protocol. “There’s a common communications standard in trucks called J1939 that makes it possible to craft one attack that fits all,” Monique Lance of Argus Cyber Security told Trucks.com. “An attack that accesses one truck will potentially access most trucks.
- State-Sponsored Attacks –Beyond hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. Cyber crime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. As we move into 2018, state-sponsored attacks are expected to increase, with attacks on critical infrastructure of particular concern.
- IoT Attacks – The Internet of Things is becoming more ubiquitous by the day. The bad news is that as the IoT grows, it’s becoming easier for hackers to compromise the growing number of connected devices. Using a botnet kit, hackers can quickly access any device. The top three botnet kits are responsible for infecting over one million devices per month according to CSO.
“Millions of unsecure, Internet-enabled devices provide new threat vectors. Given the rapid proliferation of Internet of Things devices in advance of IoT-oriented security standards and configuration practices, expect these devices to be increasingly used as weapons for DDoS and other attacks,” predicted Adam Isles, Principal at The Chertoff Group, a global advisory firm that provides security risk management, business strategy and merchant banking advisory services.
- Cryptocurrency Mining – With the rise of bitcoin and other cryptocurrencies, came hackers looking to mine these digital currencies for profit. “Mining is a computationally intensive process that computers comprising a cryptocurrency network complete to verify the transaction record, called the blockchain, and receive digital coins in return,” explained the MIT Technology Review. In 2018, the threat won’t just be the mining but the theft of computer processing power. For example, in September 2017 it was made evident that Showtime’s website had been hacked and was being used to secretly hijack visitors’ computers to mine a digital currency (Monero). This trend is expected to accelerate with experts like IBM’s X-Force witnessing cryptocurrency mining attacks jumping six-fold between January and August of 2017.
- Smart Medical Devices and Electronic Medical Records (EMRs) – The healthcare industry is going through a major evolution as patient medical records go online and medical professionals realize the benefits of advancements in smart medical devices. However, as the healthcare industry adapts to digital, there are a number of concerns around privacy, safety and cyber security threats.
As the Software Engineering Institute of Carnegie Mellon University wrote in its 2016 Emerging Technology Domains Risk Survey, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient, or disable vital sign monitoring.”
Carnegie Mellon further stated, “Many of the devices in this field have little to no security, and the increased scrutiny required by the Food and Drug Administration (FDA) makes the patch cycle extremely long.”
Similarly, patient medical records, which are now all online, are a prime target for hackers due to the breadth of sensitive information they contain. According to a poll by Health IT News and HIMSS, 75% of hospitals surveyed have been hit by a ransomware attack over the past year. With hospitals and medical facilities still adapting to the recent digitalization of patient medical records, hackers are capitalizing and exploiting the many vulnerabilities in these organizations’ security layers. Breaches within the healthcare industry will likely continue into 2018 until the industry is able to get a better grasp on the mass amount of digital patient data now under its control.
- Third Parties (Vendors, Contractors, Partners) – Third parties such as vendors and contractors pose a huge risk to corporations, the majority of which have no secure system or dedicated team in place to manage these third-party employees. According to a Ponemon Institute Research Report, “there is no clear accountability for the correct handling of the third-party risk management program.” With 21 percent of survey respondents saying there is no one person/department who is accountable and the remaining respondents giving a myriad of answers ranging from head of procurement to the CIO.
As cyber criminals become increasingly sophisticated and cyber security threats continue to rise, organizations are becoming more and more aware of the risk third parties pose. A 2017 Ponemon Report on Data Risk in the Third-Party Ecosystem found that 56% of businesses reported experiencing a third-party data breach in the last year. Hyatt Hotels Corp. was recently hacked when a third party inserted malicious software code onto hotel IT systems.
Ethical hacker Jamie Woodruff said in a V3 article, “As more technology comes out we’re ever more reliant on third-party vendors. Look at how APIs work, and how we feed them into third parties. That’s a potential way into the corporate network.”
In 2018, third-party attacks will continue. Yet corporations will also begin to recognize the need for a more secure third-party management system.
Cyber security threats today are coming from all around the globe and attacks are becoming more sophisticated. One of the major obstacles to combating these cyber security threats is the lack of cyber security professionals with the level of knowledge required to mitigate attacks. That’s why the University of San Diego offers two master’s degree programs focused specifically on the major issues facing cyber security professionals today. To learn more about the 100% online Master of Science in Cyber Security Operations and Leadership, or the fully on-campus Master of Science in Cyber Security Engineering, consider speaking with a USD admissions advisor.