Cloud computing businesses will be a big target for hackers in 2018 according to the Massachusetts Institute of Technology (MIT), which also warns that there will be more huge data breaches along the lines of Equifax in the year ahead.
In an article out today (2 January) the MIT Review points out six cyber threats to worry about in 2018 – nothing like starting the year on a high – which in addition to the above also includes the weaponization of AI; cyber-physical attacks; mining cryptocurrencies; and hacking elections.
Ransomware in the cloud is identified as a serious threat and the MIT Review states: “The biggest cloud operators like Google and Amazon and IBM have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.”
When it comes to AI, the MIT Review says: “This year will see the emergence of an AI-driven arms race.” Security firms have been using machine learning and AI technologies to better anticipate attacks and spot those under way, and the article points out: “It is highly likely that hackers are adopting the same technology to strike back.”
One example is spear phishing, which uses carefully targeted digital messages to trick people into installing malware or sharing sensitive data. MIT Review says: “Machine learning models can now match humans at the art of crafting convincing fake messages, and they can churn them out without tiring.”
As far as mining cryptocurrencies is concerned, hackers have been targeting holders of Bitcoin and other digital currencies, but MIT Review says: “The theft of cryptocurrency isn’t the biggest threat to worry about in 2018; instead it’s a theft of computing processing power.”
Kaspersky Lab reported finding cryptocurrency mining tools on 1.65 million of its clients’ computers in 2017 —well above 2016’s pace. Recent cases include the hacking of public Wifi in Starbuck in Argenina and a significant attack on computers at a Russian oil pipeline company. MIT Review says: “As currency mining grows, so will hackers’ temptation to breach many more computer networks.”
While this won’t affect the day job for those of us in legal IT, hacking elections is a risk for 2018, with it now clear that Russian hackers targeted the voting systems in numerous American states ahead of the 2016 presidential election.
As all these risks above grow in 2018, so will the penalties for companies that fail to address them. On May 25, the General Data Protection Regulation will come into effect in Europe, requiring companies to report data breaches to regulators and inform their customers that their data has been stolen. “The recent revelation that Uber covered up a big cyberattack last year has sparked calls for breach disclosure rules to be toughened in America too,” says MIT Review. “All this means that lawyers as well as hackers will have a very busy 2018.”