Major Hacks in 2017 and what enterprises can expect from the threat landscape in 2018

Sunshine Pune

Major Hacksin 2017 and what enterprises can expect from the threat landscape in

2018

By Zakir Hussain – Director, BD soft, Country Partner of Bitdefender
Each December , security researchers make predictions for the following year, and they
always seems, to sound the same: attacks will increase, malware will be more
sophisticated because hackers are upping their game, so IT executives must secure their
infrastructure or else. So what can enterprises expect from the threat landscape in 2018?
No doubt 2017 was a really bad year, full of sophisticated security incidents. Let’s do a
short recap of some of the massive exploits and data breaches this past year:
WannaCry, a massive ransomware attack that affected millions of computers around the
world.
Petya/NonPetya/Golden Eye a sophisticated ransomware campaign that leveraged the
EternalBlue exploit used by WannaCry, targeting data destruction.
The NSA was breached by hacker group The Shadow Brokers, leaking 100GB of condential
information and hacking tools.
WikiLeaks Vault 7 leak, exposing top secret documentation and user guides for hacking
tools used by the CIA.
198 million US voter records kept on an unsecured Amazon server were mistakenly leaked
by Republican data analytics rm Deep Root Analytics.
Due to a vulnerability, Cloudare unwittingly leaked customer data from Uber, OKCupid
and 1Password.
Equifax hack that leaked personal information of 143 million client s, mostly from the US,
but also the UK and Canada.
Uber hid a data breach that aected personal information of 57 million users.
Bell Canada was threatened by hackers with the leak of 1.9 million customer records.
When the company refused to pay,some of the information was published online.
Other hacks include universities and organizations aliated with the US government,
Deloitte and Virgin America.
As we enter a new age of data breaches, cyber attacks will get even more costly for
enterprises. 2 018 will be all about investing in data protection, especially in view of EU’s
GDPR legislation, creating backups to reduce damage and, best case scenario, employee

training sessions on best practices to prevent malware infections and reduce insider
threat s.
On the dark side, hackers will actively invest in improving their game and aggressively go
after enterprises. According to Bitdefender researchers, besides a signicant escalation of
zero -day exploits, 2018 will see an important increase in advanced po lymorphic malware.
Due to its ability to change once disseminated, polymorphic malware can in certain cases
bypass AV detection. Bitdefender experts also expect major changes in the PaaS
(polymorphism as a service) market, a vertical that will consolidate throughout 2018.
Advanced polymorphic engines running in the cloud are already used by cyber -criminals to
ood the market with unique variants of known malware and the advantages they oer
cyber-criminals are extraordinary. Licensing access to these cust om engines will likely
generate good business for these actors.
Proven fairly protable, ransomware is an example of polymorphic malware that will be
prevalent in the upcoming year, alongside banker Trojans and cryptocurrency miners.
Following major breac hes of companies that ended up paying ransom, hackers understood
enterprises would pay dearly in bitcoin to regain access to condential information.
Although organizations are aware of the risks, they repeatedly fail at taking adequate
security measure s to protect critical data. Hackers will also take advantage of weak
authentication methods, as two -factor authentication is hardly used.
2018 will be an important year for the Internet of Things. The number of threats is
forecast to increase, as hackers w ill exploit documented but unpatched vulnerabilities in
IoT devices, taking advantage of the manufacturers’ lack of interest in building in
security.