Known Vulnerabilities will Plague 2018 as Attack Surface Widens

This year, cyberattacks continued to plague business leaders, with major breaches occurring due to known vulnerabilities. Trend Micro predicts this trend will continue in 2018 as corporate attack surfaces expand and expose more security holes.

As information technology and operational technology (IT/OT) continue to converge, enterprise applications and platforms will be at risk of manipulation and vulnerabilities, according to the firm’s  2018 predictions report. Additionally, Trend Micro predicts an increase in internet of things (IoT) vulnerabilities as more devices are manufactured without security regulations or industry standards. Overall, the increased connectivity and enlarged attack surface present new opportunities for cyber-criminals to leverage known issues to penetrate a corporate network.

“We at Trend Micro are constantly scouting out future threats that will have the greatest impact for businesses, and we predict which vulnerabilities will make the biggest waves in the coming year,” said Rik Ferguson, VP of security research for Trend Micro. “Many devastating cyberattacks in 2017 leveraged known vulnerabilities that could have been prevented had they been patched beforehand. This trend will continue next year as corporate attack surfaces expand and expose more security holes.”

While this remains a challenge for enterprises, executives should prioritize vulnerability management as they make 2018 cybersecurity plans, particularly in the looming shadow of GDPR implementation, he added.

Ransomware meanwhile will continue to be a mainstay due to its proven success, the firm continued. There will be an increase in targeted ransomware attacks, in which the criminals go after a single organization to disrupt operations and force a larger ransom payout. Whaling/impersonation/business email compromise (BEC) attacks will also continue to gain popularity with attackers, as the return on investment for successful attacks is quite high.

“We foresee that the ransomware business model will still be a cybercrime mainstay in 2018, while other forms of digital extortion will gain more ground,” said Nilesh Jain, country manager, India & SAARC, Trend Micro. “The ransomware attack will manifest itself in a more specialized and targeted manner, unlike the earlier approach.”

With respect to India, he said he expected more attacks targeted at the ATMs, especially malware attacks, and a rise in security incidents across public cloud platforms.

Threat actors will also leverage growing technologies, like blockchain and machine learning, to enhance obfuscation against traditional cybersecurity protections, Trend Micro predicts.

“The private sector continues to be under siege from a variety of cyber threats,” said Edwin Martinez, CISO for CEC Entertainment. “Institutions must continue to share critical information, so we can better prevent and respond to these cyber-threats, limiting exposure to sensitive data.”

What’s Hot on Infosecurity Magazine?