New-school security awareness training company ID’s phishing, social engineering and ransomware trends as continuing to get worse in 2018
KnowBe4, Inc., the provider of the world’s most popular security awareness training and simulated phishing platform, shares an insider’s perspective of cybersecurity trends to expect in 2018. The list of six predictions are founded on the company’s deep insight into threats that organizations experience today and should expect tomorrow.
“I’d love to say that 2018 is going to be a lighter year in terms of cyberattacks and threats, but no one can afford to be that naïve,” said Stu Sjouwerman, KnowBe4 Founder and CEO. “The truth of the matter is that today’s world simply lives on digital data which means there is more and more for bad guys to try to steal. From our vantage point of watching how cybercriminals work and constantly “upgrade” their attacks, we felt it was important to share what we anticipate will happen in 2018. That allows organizations to prepare themselves and train their workforce to make smarter security decisions and create a human firewall as an effective last line of defense when all security software fails.”
KnowBe4 2018 cybersecurity predictions include:
- Exponential growth of the ransomware plague, especially the “as-a-service” strains. The massive ransomware attacks of 2017 aren’t going anywhere. Instead, they will grow exponentially and mutate to gain further traction. We’ll see a rise in ransomware attacks that also exfiltrate data, allowing cybercriminals a second way to ransom data through the threat of exposure. Additionally, ransomware-as-a service will continue to grow and will be the source of a significant percentage of attacks. Custom-made ransomware attacks will be reserved only for very high-value targets.
- Hybrid attacks will be used to distract organizations. We saw it happen in Ukraine last month when Bad Rabbit ransomware served as an obvious and intrusive attack while, simultaneously, a silent, hidden spear phishing campaign was carried out. We will see this as a new criminal modus operandi through 2018; ransomware infections will be used as a distraction, so the bad guys can accomplish their other more devious goals. Additionally, we should expect to see an increase in multi-vector social engineering attacks leveraging ‘smishing’ (text) and ‘vishing’ (voice) along with traditional phishing (email) social engineering techniques.
- Automation makes detecting attacks harder. Phishing bots and intelligent scraping of social media and the Dark Web will make automated spear phishing a very real, very hard-to-identify problem. The amount of data stolen in mega breaches over the past year—especially Equifax—makes it easy to automate mass spear phishing emails that are both highly detailed and very effective social engineering attacks.
- Extortion scams will have a long tail. It’s bad enough to have your data held hostage until you pay a ransom 48 or 72 hours later. As we move into 2018, scams are going to extend that timeline, creating long-term or lingering extortion situations that are an ongoing nightmare for organizations and individual internet users alike. An example of this would be a ransomware attack that demands nude photos of the victim as “payment”, opening the door for continued blackmail.
- Search result tampering will drive users to compromised websites. Whether you call it search “tampering” or “poisoning”, 2018 will see an increase in search results that route users to compromised sites which exploit bugs in the workstation’s software, resulting in a complete take-over of their computer. Users will have to be particularly vigilant if they work in regulated industries such as Financial Services, Insurance and Healthcare, where personal identifiable information abounds.
- Blame-ware and “False Flag” operations will increase. Due to the recent European Union’s declaration that a cyberattack is an act of war, we’ll see more cyber propaganda operations that are engineered to spark conflict between countries, undermine democracies, and destabilize trust globally, making attribution very hard to determine.
Organizations that are not yet leveraging KnowBe4 to train their workforce to make smarter security decisions and create a human firewall as an effective last line of defense can download a number of free tools at www.knowbe4.com to test their users and their network.
Live Webinar Thursday November 16th at 2pm EST
In addition, KnowBe4 is hosting a live webinar to dive further into what’s in store for 2018:
Title: “Phishing and Social Engineering in 2018: Is the Worst Yet to Come?”
Date & Time: Thursday, November 16th at 2pm EST
KnowBe4, provider of the world’s most popular integrated new-school security awareness training and simulated phishing platform, is used by more than 14,000 organizations worldwide. Founded by data- and IT-security expert Stu Sjouwerman, with backing from Elephant Partners and Goldman Sachs Growth Equity, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer-security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Thousands of organizations leverage KnowBe4 to train their workforce to make smarter security decisions and create a human firewall as an effective last line of defense.
KnowBe4 is ranked #231 on the 2017 Inc. 500 list, #70 on Deloitte’s 2017 Technology Fast 500 and #6 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in London and Amsterdam. For more info, visit http://www.knowbe4.com and follow Stu on Twitter at @StuAllard.