Protect 2018: A World Of Danger For Cybersecurity

Via Wikimedia Commons.

Booz Allen Hamilton were in Greater Manila this week for the Protect 2018 conference. This year’s installment of the annual security event featured two days of discussions about strategic issues that pose serious risks to business and government. According to Sam Goh, the lead technologist for Booz Allen Hamilton’s ASEAN operations, the firm’s Foresights 2018 report is essential reading because it offers a broad forecast on the dangers ahead.

The 16 page report, which is available as a free download, enumerates nine trends in cybersecurity that can either harm businesses, civil society, or governments. Each trend is accompanied by a short essay explaining the magnitude of the threat posed. The outlook isn’t pretty and as 2018 continues to unfold, hackers and security professionals alike must be on the alert. More than ever before, the consequences of cyber attacks today are undeniably devastating. Here’s what to watch out for.

Supply Chains Can Bring Down Tech Giants

The authors of Foresights 2018 believe that software providers–often the small and medium-sized companies that sell their products to larger organizations–are particularly vulnerable because hackers might latch onto their updates. This can be done by either compromising servers or imitating update prompts, which could spread viruses across whole industries. Recent examples are found in Ukraine, where a popular tax software was used to spread a destructive malware, and an elaborate Chinese cyber espionage campaign aimed at Fortune 500 companies.

Ransomware For Industrial Control Systems

Foresights 2018 believes manufacturers and utilities are at particular risk from highly skilled hackers, who may or may not be state sponsored, looking to extort money by compromising industrial control systems (ICS). What makes these ransomware ops so worrisome is the willingness of companies, who will no doubt risk seeing their equipment damaged, to pay the amounts demanded. But ICS attacks are elaborate and labor intensive for the attackers, so their frequency can’t be predicted.

Dev Tools Will Ruin The Fun

As app markets continue to thrive, the very tools for making them could threaten the data of millions. Foresights 2018 doesn’t name any particular incident or news story to prove this trend but they do highlight how user friendliness and the growing ease in acquiring software development skills might be irresistible for malicious actors.

“Most developers will likely continue to place functionality over security when choosing a platform or service,” Foresight 2018 warns. “…[it] will result in more security breaches and increased attention to exploitable vulnerabilities.”

Cryptocurrencies Are The New Economy

With cryptocurrencies now mainstream, Foresights 2018 expects countries suffering under sanctions to try and find ways to circumvent these by exploiting the blockchain. This isn’t far-fetched and even the US military is aware that China, Russia, and Venezuela are readying cryptocurrencies to foster trade outside the global financial system.

But Foresights 2018 doesn’t expect cryptocurrencies to nourish whole economies. It’s more like an exotic revenue stream for rogue states. “Revenues from such an operation, which can be managed by a small number of individuals, may exceed several million dollars per year.” Foresight 2018 considers this “a significant amount of money for embargoed and cash-strapped nations.” Like Cuba and North Korea?

Democratic Elections Are At Risk

Hands down the scariest insight from the report is the possibility of hijacking election outcomes. “A torrent of new research in 2017 indicated that voting machine security is generally consistent with other IoT devices,” Foresights 2018 reveals. “In other words–not good.”

There’s a whole host of problems enabling this, from procurement inefficiencies to unforeseen backdoors in the vote counting machines themselves . “Everyone from top-tier espionage groups, local political parties, and political hacktivists would be motivated to take advantage of the woeful state of voting infrastructure,” Foresight 2018 warns.

The conclusion is just as chilling. “Consequently, 2018 will likely see the first confirmed example of an election being manipulated through electronic means.”

Belligerent Countries Will Weaponize Ransomware

No other country fares as badly as Ukraine does in Foresights 2018 as it reeled from the WannaCry virus and the fallout from NotPetya that harmed government agencies in the same year. As ransomware’s popularity becomes universal it’s inevitable for it to be weaponized for strategic advantage.

According to Foresights 2018, “the most likely scenario is that a threat actor, either nation-state or cybercriminal, will succeed in infecting a major government network with a previously unseen ransomware family or variant in a high-profile attack.”

So which countries are being targeted? “Western governments” are given a pass, but Ukraine, South America and South Asia, and even South Korea are mentioned as potential hotspots.

Hacker Mercenaries Are A Thing

If Ukraine gets a bad rap in Foresights 2018, the Middle East earned its own miserable forecast. As a result of the near complete fracturing of the GCC and the showdown between Iran and Saudi Arabia, there’s a strong possibility hackers from both sides of the Persian Gulf will be skirmishing throughout the year.

“Thanks to oil-and-gas revenue, many countries overflowing coffers could leapfrog the years needed to develop homegrown talent,” Foresight 2018 explains. “Using foreign contractors to augment internal surveillance and law enforcement has been a standard practice in the Gulf for years.”

Foresight 2018 believes this will only get worse. “Some states reportedly dangle mouthwatering salaries and benefits to assemble all-star teams of hacking experts from around the world,” it reveals.

Fake News Is Getting Worse

One of the more nuanced trends in Foresights 2018 is the harm fake news will inflict on “traditional” news. Without mentioning any specific country or culprit, the authors behind the report are convinced proper attribution–the best method to report facts–is disappearing and with it the ability to verify facts.

Here’s a painful revelation: “Public education about cyberthreats is nascent, at best…even highly intelligent and well-informed people are not likely to stay abreast of the ever changing security landscape sufficiently to make independent judgements when the cyber realm intersects with issues of politics, and even war and peace.”

This isn’t just a cybersecurity issue anymore. Being unable to process and accept the truth is a dangerous behavior that empowers hostile acts in cyberspace.

And Journalists Are Targets

Another offshoot of the ransomware epidemic bodes very ill for the press. Foresights 2018 expects journalists, as well as their news organizations, who report controversial subject matter to be under threat from hackers working at the behest of powerful institutions. The goal is to infiltrate and hijack either their data or human sources with the goal of suppressing these and harming the companies that publish news.

Foresights 2018 offers little relief for anyone who cares about cyberspace–a target rich environment that’s now a battleground among hostile countries. At the very least, a few old-fashioned measures can save potential victims from the worst malicious actors can do. Don’t open suspicious links. Have strong passwords. Protect sensitive data. It’s the best anyone can do.