McAfee has released its McAfee Labs 2018 Threats Predictions Report, which identifies five key security trends set to be important next year.
The five focuses are: the evolution of ransomware, the cyber security implications of serverless apps, the emergence of a machine learning innovation race between defenders and adversaries, the implications of corporations monitoring consumers in their own homes, and the long-term implications of organisations gathering children’s user-generated content.
Ransomware to experience a pivot
According to the report, ransomware is set to move from traditional extortion to new targets, technologies and objectives. McAfee said that the traditional ransomware’s profitability will decline as vendor defences, user education and industry strategies improve to counter them. Meanwhile, attackers are expected to adjust to target less traditional, more profitable targets, including high net-worth individuals, connected devices and businesses.
McAfee expects that the “pivot from the traditional” will result in ransomware technologies being applied beyond extorting individuals to cyber sabotage and the disruption of organisations. This will likely begin to drive the expansion of the cyber insurance market.
Raj Samani, chief scientist and head of McAfee Advanced Threat Research, said: “While much about the motives behind WannaCry and NotPetya are still debated, the use of pseudo ransomware is likely to continue, partly due to the ease with which as-a-service providers can make such techniques available to anybody with the means to pay.”
Serverless apps to result in more risk
McAfee said in its report that serverless apps are going to save businesses time and reduce costs, but that they will also increase attack surfaces.
These apps “enable greater granularity”, according to McAfee. For example, they can facilitate faster billing for services. However, they are more vulnerable to attacks exploiting privilege escalation and application dependencies.
They are also vulnerable to attacks on data in transit across a network, and potentially to brute force denial of service attacks. During these attacks, the serverless architecture fails to scale, resulting in service disruptions that can prove expensive for businesses.
Machine learning “arms races” to develop
McAfee explained that machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behaviour, and zero-day attacks. However, according to the firm, “adversaries” are likely to use machine learning to support their attacks. They are expected to learn from defensive responses, seek to disrupt detection models, and exploit newly discovered vulnerabilities faster than defenders can patch them.
In order to win this “arms race”, McAfee advised businesses to “effectively augment machine judgement and the speed of orchestrated responses with human strategic intellect”. It is then that organisations will be able to understand and anticipate the patterns of how attacks might play out, even if they have never experienced them before.
Connected devices gathering personal data
The Internet of Things is likely going to see controversy surrounding the collection of personal data. McAfee has predicted that connected home device manufacturers and service providers will seek to overcome thin profit margins by gathering more of our personal data – with or without our agreement. According to the report, this will result in the home turning into a corporate store front.
In order to understand the buying needs and preferences of the device owners, corporate marketers have a strong incentive to observe consumer behaviour. McAfee said that, as customers rarely read privacy agreements, corporations will increasingly be tempted to change them after devices and services are deployed in order to capture more information.
McAfee said it believes there will be regulatory consequences for corporations that do break existing laws, pay fines, and continue such practices, thinking they can do so profitably.
Collecting children’s digital content will see risks to reputation
McAfee said that, as they pursue “user app ‘stickiness’”, corporations will likely become more aggressive in gathering user-generated content from younger users. In 2018, parents are expected to become more aware of corporate abuses of digital content generated by children, and consider the potential long-term implications of these practices for their own children.
According to the company, “in a competitive app environment where ‘stickiness’ easily becomes ‘unstuck’, the most enterprising, forward-looking apps and services will recognise the brand-building value of making themselves a partner with parents in this education effort”.