Technology’s evolution brings not only additional opportunities in society’s development but also new ways for cybercriminals to earn money. A few years ago, cybersecurity experts were preparing the world for new trends in cyberattacks, the description of which sounded like chapters from fantastic cyber-punk novels. Nowadays, not many people are surprised much by:
– targeted attacks by cybercriminal groups (Advanced Persistent Threads, APT) using multistep logic;
– infection of a huge number of user devices through trusted channels – web resources of large and medium-sized media, software updates;
– attacks on e-commerce projects;
– large-scale epidemics of ransomware;
– information leaks and breaches through employees’ devices (Bring Your Own Device, BYOD) and due to their use of non-corporate IT tools (Bring Your Own Technology, BYOT, e.g. cloud storage – Dropbox, Google Drive, etc.).
Across industries, average spending on cybersecurity is 5% to 8% of the overall technology budget, according to research firm Gartner Inc., before they become victims of cybercriminals. Because this figure is negligibly small, we decided to discuss the TOP 10 potential cyber threats of not-so-distant-future in more detail.
Blockchain. The technology, which the only a couple of years ago was a toy of the underground culture – cypherpunks and crypto-anarchists, proudly and loudly walks across the planet. Now everyone and their grandma heard about cryptocurrencies, and “mining Bitcoins or Ethereum on a home farm” doesn’t sound like a delirium of a feverish person anymore. The capitalization of cryptocurrencies reaches hundreds of billions of real, not virtual, dollars, which attracts the attention of those who like to profit at someone else’s expense. Hacks of cryptocurrency exchanges and wallets have already resulted in hundreds of millions of dollars in losses. Simple social engineering techniques allow attackers to lure crypto coins from their owners without much of a difficulty. The increased interest in this industry attracts more and more people who are not IT professionals and can become easy targets for cybercriminals. The technology itself allows creating reliable decentralized storages, including those for financial data, but blind faith in the absolute security of the blockchain may result in missing new, still unknown types of vulnerabilities.
Internet of Things (IoT). A joke “The S in the Internet of Things stands for Security” has been popular for many years among cybersecurity experts. There is too much bitter truth in this joke – the approach of developers to IoT security is lax at best. The vast majority of IoT devices are completely unprotected from hackers. If hacking of adult toys with wireless interfaces usually provokes curious responses and smiles, thought that somebody can hack into a heart pacemaker and get full control over it remotely raises a reasonable concern in hundreds of thousands of their owners. The hijacking of drones worth several thousand dollars is already a reality. Millions of hacked IoT devices would allow arranging large-scale DDOS attacks on various web resources. And all these attacks are very real. The Mirai botnet formed of hacked video cameras has already damaged tens of millions of users by attacking a DNS service provider in the U.S., as well as popular Internet resources like Twitter, Etsy, Github, Soundcloud, Spotify, Heroku, and others. At this moment, another botnet is being actively created. The researchers have called it Reaper, and it is already larger than the previous ones.
Smart buildings. Many detectors, sensors, and other IoT devices that automate and simplify the maintenance of buildings (commercial and private properties): lighting control, lawn irrigation, warehouses, elevators management, video surveillance remote control, fire and security alarms, etc. The negligence of the creators of these IoT devices jeopardizes not only privacy of others (for example, through remote hacking of video surveillance systems) but also movement freedom or life (for example, through hacking control systems of elevators, air conditioning, life support, etc.) The amount of damage is limited only by the hackers’ skills and imagination.
Smart cities. Let’s add the above various control systems – smart traffic lights and other elements of the smart transportation system (e.g. railway crossings, drawbridges, etc.), automated public utility systems. Let’s also add some imagination – amounts of potential damages become enormous.
Smart transport. Dreams come true – we have self-driving cars. Now you won’t need to look at another car’s dull rear end when you’re stuck in a traffic jam – you can do something much more interesting or useful when you’re just a passenger. And compared to using a taxi driver for this comfort you pay only once when buying a personal autopilot car. Diminishing the human factor during long and exhausting trips, increase in speed and decrease in the cost of cargo and air transportation, reduction of the number of accidents and traffic violations. It would seem that there are only benefits until security experts will start to use risk-management approaches, in particular calculations of cyber-risk. Getting unauthorized remote access to autopilot control sure does not look like a positive aspect of smart transport. Besides, hackers already can demonstrate remote control of modern car features, including brake systems.
Machine training (neural networks). More and more industries and areas of human life rely on neural networks. It is difficult to call these systems of machine learning full-fledged artificial intelligence. At the same time, entire sectors of the economy, if not human lives, will soon depend on their decisions. And imagine that these decisions can be influenced by hackers.
Virtual personal assistants. “Okay, Google,” “Hello, Siri,” “Alexa!” – these phrases, said to a smartphone or speaker, no longer indicate mental illness. Controlling a smartphone or even a smart house with voice commands to a personal virtual assistant has become not only trendy but also very convenient. So convenient that sharing your secrets with a virtual assistants, giving them access to various personal data (social networks, financial data, daily routine, movements, etc.) and rights to manage various IoT devices will become a common practice. What if cybercriminals force your virtual assistant to reveal all of your information?
Autonomous robots. Three Laws of Robotics may be an old sci-fi concept, but robots themselves are still thought to be our future. Robot courier, robot guard, robotic consultant, sex robot – that’s already a reality. In October 2017, the first robot (android Sofia) became a citizen of Saudi Arabia. The dream of many generals is an army of humanoid, tireless, and impartial robots, which can be sent into battle without sacrificing human lives. The close interaction of robots with humans, as well as their immense power, poses real threats to human health and life when their control systems are accidentally or purposefully disrupted.
Robotic surgeons. Robots performing surgical operations should get a special mention. Perfect assistants – tireless, accurate. Free from error, or until at least hackers will intentionally cause an error. And in this case, the price of such an error is human health and life. Do you still want to be treated by a robot?
Quantum computers. A new type of computer that uses quantum logic to calculate. Implementation of quantum computers is still at the early stage, but the researchers work day and night and it won’t be long until they produce a popery working prototype. In theory, the tremendous speed of decomposition of any number into prime numbers will revolutionize modern cryptography. Private keys that now can take hundreds or thousands of years to break could be found within hours or days. A quantum cryptographic revolution is coming, and let’s hope that with the threat of our current cryptography become obsolete quickly, we will have new algorithms that will eliminate this threat or make it much difficult to implement.
The threats are getting more serious, more sophisticated, and more widespread year to year. Reducing the potential damage from new types of cyberattacks is only possible through a systematic approach. It requires a professional approach to the security of developed products, but also a responsible attitude and safe use of these products by consumers.
The article is based on the latest study of the Institute of Software Development at Carnegie Melon University “2017 Emerging Technology Domains Risk Survey”.