Ransomware saw a downturn after peaking in 2017, but serious new threats soon replaced it. This is a review of major cybersecurity stories and issues in 2018 that created a shift in the way nations and enterprises across the world handle data, digital currency, and vulnerabilities.
Aftershocks from Meltdown and Spectre
Vulnerabilities that changed processor design
The Meltdown and Spectre vulnerabilities were described as “catastrophic” by many in the security industry, and it's obvious why, given the scope and severity of the issue. These vulnerabilities affect nearly every microprocessor manufactured in the last 20 years, and could allow for a dangerous level of unauthorized access as well as information theft. The flaw is in the features built into the chips, so solutions and fixes are difficult.
Meltdown and Spectre triggered a real change in the way chips are designed and continue to impact manufacturing companies. The industry has also become more aware of security issues from hardware, and has its guard up for any future threats.
Regulating Data Protection
Large-scale privacy incidents changed the way companies collect and store data
This year, data protection and privacy have been topics of interest and debate for governments across the world. Large-scale incidents have prompted inquiries into the data collection and storage practices employed by enterprises, from large tech companies to small businesses. This is largely due to continuous massive data breaches, and data sharing practices that have gone largely unregulated.
As more people are concerned over privacy and what happens to their personal data, we can expect the conversation to continue, and more countries to enact tougher data privacy legislation. Data is a valuable commodity and protecting it should be a priority for the enterprises that collect it and the governments who protect all aspects of their citizen’s lives.
Cashing in on Cryptocurrency
Methods of profiting from virtual currencies increased substantially
The volatile nature of cryptocurrencies means their values rise and fall steeply and quickly, but despite that, threat actors still try to take advantage of their virtual nature. The well-publicized peak of Bitcoin in late 2017 attracted get-rich-quick malware authors, causing the number of cryptocurrency mining families to rise. We also saw many threat actors trying new ways to mine cryptocurrencies in 2018 — from using malicious add-ons for media platforms to abusing internet of things devices. There were also multiple attempts to hack cryptocurrency exchanges through many different social engineering schemes — classic ways to manipulate someone into handing over access into their account. It seems that many different threat actors were quite focused on profiting from cryptocurrencies.
The desire to profit from cryptocurrencies isn't just limited to threat actors; normal individuals naturally want to do so as well. Mining in itself is not malicious, and since it went mainstream, it is largely considered a legitimate practice if done by consenting parties. There are even some websites that are experimenting with new ways to make money without ads by asking users for permission use their system resources to mine.
Since cryptocurrency mining has been adopted by both legitimate users and threat actors, it is considered malicious only if done without the user’s knowledge or permission. As regulators increase their oversight on cryptocurrency, mining rights may change as well. But for now, it is largely dependent on user consent.
Looking back at security stories from the past year may help us prepare for the threats we will be facing in 2019. Aside from hardware issues, data protection concerns, and cryptocurrency schemes, the cybersecurity landscape is riddled with other threats. To learn more about the projected security landscape in 2019, read our security predictions report, Mapping the Future: Dealing With Pervasive and Persistent Threats.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).