Blockchain and the hacking of applications
Many believe that the blockchain is “unhackable”. And in the last year there has been an increase in the number of attacks against blockchain-based applications. The vulnerabilities do not arise from the blockchain itself, but rather the applications that run on the blockchain.
One example that stands out is the Bitfinex hack in August 2016, resulting in $60 million worth of bitcoin being stolen. The hack was made possible because Bitfinex which changed the method of encryption, making it easier for hackers to obtain passwords and private keys. Social engineering will be used more often to extract these private keys, which is why external development on the blockchain presents a risk, suggests Ofer Amitai, CEO and co-founder at Portnox.
>See also: Cyber security predictions for 2018
Another possible blockchain hack, which has already been proven possible, is through other blockchain technologies such as Ethereum, which is an organisation that’s committed to being open source for third-party applications. This creates a vulnerability because almost all applications have bugs can be manipulated by hackers as an attack surface.
Creating a new and more pungent form of blackmail, DDoS and ransomware are joining forces to topple enterprise progress in digital transformation, while reaping monetary benefits. These attacks are made possible by using botnets, or large groups of “zombie” devices – which often happen to be Internet of Things devices, such as webcams – to funnel traffic to a malware-infected web address that, in turn, extract data from the accessing endpoint and demand ransoms for the return of that encrypted data. One such example is the use of the Mirai botnet devices to trigger WannaCry’s dormant infections to reactivate due to their direction of traffic to the kill-switch domain.
>See also: Five cyber security trends for 2018
These attacks are often called “sinkhole” attacks because the DDoS traffic is being directed to sites that contain dangerous malware. With the wide adoption of Internet of Things devices in the enterprise, and the rise in ransomware demands, it’s likely that we’ll be seeing more of these attacks in the next year.
The trend is magnified by the popularity of cryptocurrencies, which have made an anonymous payment system easily accessible to hackers so that they are able to demand more and higher ransoms, and to prolong their ransomware extraction activities.
Mobility of the workforce
One of the clear trends for 2018 is a rise in workforce mobility. With more employees working remotely, organisations are enjoying a significant drop in their capital expenditures (many have even given up on the physical office space), while directing operational expenditures at digital transformation trends such as cloud and BYOD.
The mobility of the workforce is a good thing for companies’ balance sheets, the technology flexibility it affords results in more areas of cyber security vulnerability that could act as a gateway for hackers into the enterprise network.
Thus, companies that are set on accommodating mobile workforce trends will be investing in more endpoint, network and cloud security solutions that protect access and assets across a variety of locations and in various connected environments.
Growing regulation of IoT security
Regulations governing IoT security features are beginning to be drafted, but there is still not enough demand from the consumer side to warrant manufacturer’s investments in security features. This begs a major question in 2018 of whether governments, in similar fashion to the US and EU, will begin issuing security regulations on IoT device manufacturers that protect consumers and companies from digital (and even physical) risk.
Therefore, together with GDPR and other compliance regulations, in 2018 we are likely to see more governments and industry authorities (such as NIST) stepping up to enforce privacy, safety and security regulations on IoT manufacturers.
This also may result in an increase in the price of IoT devices, which, up until this point have been relatively low, as manufacturers struggle to carry out reverse compliance initiatives that come into effect.