General security

Top 10 Cyber Security Predictions for 2018

Pierluigi Paganini
November 29, 2017 by
Pierluigi Paganini

A look at the 2017 predictions

2017 is ending, and it is time to check whether the cyber-security predictions we made last year were exact and we will try to figure out the events in the threat landscape that most of all will characterized the next 12 months.

Below the list 2017 predictions we published one year ago:

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Ransomware, one of the most dangerous cyber threats

It was easy to predict the role of ransomware in the threat landscape, the number of malware continues to increase, every week new strains of this specific threat are detected in the wild.

Ransomware such as WannaCry, NotPetya, and Bad Rabbit have demonstrated the dangers of this threat and the potential impact on almost any industry. Financial data published by major multinational firms such as the transportation giant Maersk and FedEx confirmed massive losses caused by the threat.

The transportation giant Maersk announced that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya ransomware massive attack, FedEx confirmed the cost caused by the massive NotPetya ransomware are $300m in lost business and response costs.

Other companies are counting the vast cost of attack, the consumer goods firm Reckitt Benckiser announced the attack cost it £100m ($136m), but the highest cost was announced by Saint Gobain, which expected $400 million losses.

Both WannaCry and NotPetya leverages NSA exploit to improve their ability to spread and o infect as many systems as possible; I was right when I said that "authors will implement new features to make these specific threats even more efficient and hard to detect."

Cybercriminals focus on cryptocurrencies

The number of cyber-attacks against cryptocurrencies is increased due to a rapid increase in the value of currencies such as Bitcoin and Ethereum.

Hackers targeted almost any actor involved in the business of cryptocurrencies, single users, miners and of course exchanges.

Recently cyber criminals appeared more focused on cyber-attacks against ICO (Initial Coin Offering) in the attempt to hijack funds to buy tokens. In a few months, experts observed at least 4 ICO hacks that caused millions of dollars losses. Security firms have detected several malware applications specifically designed to steal cryptocurrencies, and many websites were compromised to install script used to mine virtual coins abusing computational resources of unaware visitors.

Nation State Actors hacking and the urgency of norms of state behavior

Almost any government continues to invest in improving its cyber capabilities for both defense and offense purposes.

The number of campaigns conducted by Nation-state actors is increased as expected, at the same time the level of sophistication of many attackers is increased making hard the attribution of cyber-attacks to specific entities.

The risk of escalation and retaliation in cyberspace, the increasing number of cyber-attacks and cyber threats even more sophisticated could have a destabilizing effect on international peace and security. The risk of conflict between states caused so cyber incidents encourages all States to engage in law-abiding, norm-respecting and confidence-building behavior in their use of ICT.

I had the honor to be a member of the group that worked on the proposal for voluntary, non-binding norms of State behavior during peacetime during the G7 meeting.

I am one of the authors of the "G7 DECLARATION ON RESPONSIBLE STATES BEHAVIOR IN CYBERSPACE" signed in Lucca in July 2017 by G7 member states.

We presented 12 points aimed to propose stability and security in the cyberspace. The declaration invites all the States to collaborate with the intent to reduce risks to international peace, security, and stability.

A joint international effort to fight the cybercrime

We assisted to numerous operations conducted by law enforcement from several states. The joint international effort to fight the cybercrime allowed to dismantle criminal organizations and arrest cyber criminals worldwide.

A coordinated International operation conducted by the Europol along with FBI, US DEA and Dutch Police allowed to seize and take down two of the significant black marketplaces AlphaBay and HANSA black markets.

IoT devices, a dangerous weapon in the wrong hands

The IoT devices are under unceasing attacks; many threats were explicitly designed to target them. The lack of security by design and poor security settings are the root causes of the success of the attacks that targeted IoT devices.

We assisted to a significant diffusion of ThingBots, many of them are offered for rent to power massive DDoS attacks. According to a report recently published by the security firm Corero, the number of DDoS attacks doubled in the First Half of 2017 due to unsecured IoT.

The dramatic increase of Mobile threats

Mobile malware characterized the threat landscape, ransomware, financial malware, and remote access tools (RATs) specifically designed to target mobile devices infected millions of devices worldwide. In many cases, the malware was spread through compromised apps published on the official Google Play Store.

The rise of Artificial Intelligence

The Artificial intelligence promises miracles for solutions in the IT security industry; many security firms have implemented machine-learning systems to detect cyber threats and to assess computer systems automatically.

Many security solutions leverage IA to protect critical infrastructure against zero-day attacks; the AI-powered system can significantly assist IT personnel in monitoring, tracking and detecting anomalies efficiently.

AI can offer more firepower when it comes to cybersecurity. It can cover the lack of manpower that we see in this highly complex field.

However, many security experts believe that AI is a double-edged sword and hence it could become dangerous at an epic level if it gets into the wrong hands.

Exploit kits, the hackers' Swiss Army knife

In this case, I partially failed my prediction, exploit kits were not the privileged attack vector for both cyber-criminals and state-sponsored hackers due to the operations conducted by law enforcement agencies that dismantled organizations behind most popular Exploit kits.

The Neptune and the Terror exploit kits were the most popular attack vectors used to spread malware such as Monero miners and financial malware.

Cyberbullying … it is an emergency

Cyberbullying refers to the practice of using technology to harass, or bully, someone else. Unfortunately, this criminal practice is one of the greatest dangers of the Internet. Teenagers continue to be the most exposed to dramatically increased attacks in the last months despite the numerous initiatives of the authorities.

The number of cyber-attacks will continue to grow almost in every industry.

It was too easy to predict the increase of cyber-attacks against organizations in almost every industry. Healthcare, energy, and retail have been the sectors most targeted by cyber criminals, and SMBs have been more exposed to hacking attacks.



Ransomware, one of the most dangerous cyber threats.

Cybercriminals focus on cryptocurrencies

Nation State Actors hacking and the urgency of norms of state behavior

A joint international effort to fight the cybercrime

IoT devices, a dangerous weapon in the wrong hands

The dramatic increase of Mobile threats

The rise of Artificial Intelligence

Exploit kits, the hackers' Swiss Army knife

Cyberbullying … it is an emergency

The number of cyber-attacks will continue to grow almost in every industry.

2018 – Predictions

1. GDPR, many companies, will be not compliance with new EU regulation by the deadline

Once the GDPR legislation becomes enforceable, any personal data breach impacting European Union citizens will need to be reported within 72 hours; The regulations will provide data owners transparency into how their information is collected and used.

Companies that do not comply will face fines of up to 20 million Euros or 4 percent of global turnover, a disaster for companies that are not ready by the GDPR deadline.

As businesses enter 2018 and realize the effort to become GDPR compliant by 25 May 2018, there will be the panic. The regulation is still poorly understood; many organizations will continue to have a cautious approach to worrying repercussions.

The regulation will have a significant impact on security teams for any companies that operate in a multi-national contest.

2. Ransomware will be the most dangerous threat to businesses and organizations worldwide

Once again ransomware will represent the most dangerous threat to organizations and end-users. The number of new Ransomware families will continue to increase; authors will be more focused on mobile devices implementing new evasion techniques making these threats even more efficient and difficult to eradicate.

Security researchers expect new ransom-as-a-service platforms will be available on the dark web making very easy to wannabe crooks to arrange their ransomware campaigns.

3. Cybercriminals focus on cryptocurrencies

The rapid and sustained increase in the value of some cryptocurrencies will push crooks in intensifying the fraudulent activities against virtual currency scheme.

Cyber criminals will continue to use malware to steal funds from victims' computers or to deploy hidden mining tools on machines.

A growing number of websites will be compromised to host miner scripts used to monetize the computational capability of the visitors.

In 2018, more people will mine cryptocurrencies on their computers; we will undoubtedly see more attacks designed to steal crypto coins from users.

Security researchers worldwide will observe an intensification of mass Internet scanning campaigns for wallet accidentally exposed online.

4. APT groups from Russian and China will increase their pressure on Western organizations

State-sponsored hacker groups from both North Korea and Russia will continue to target Western entities for cyber espionage purposes.

Even if the cyber espionage campaigns of APTs is often hard to detect, security experts will collect evidence on their activities and about the intrusion of attackers in Western organizations.

5. Cloud security, a top priority for enterprises

A growing number of companies will rely on cloud storage attracting the interest of cyber criminals and state-sponsored hackers.

Because of this, cloud infrastructures are a potential target of security breaches.

In response, enterprises should adopt security guidelines and strategies to mitigate the risk of exposure to cyber threats.

Unfortunately, the number of enterprises that will develop data security and governance programs as a measure to prevent data breaches and data leak will be limited.

6. A joint international effort to fight the cybercrime

The intense and prolific collaboration between law enforcement agencies worldwide will allow the police to dismantle other cybercriminal gangs across the world.

7. IoT devices, a privileged target of hackers

The number of cyber-attacks powered by compromised IoT devices will be a great concern of IT security industry that will push to regulatory responses.

The lack of security by design and poor security settings will continue to be the principal reasons for the success of the attacks that will target IoT devices next year.

Fortunately, IoT vendors will dedicate more effort in security their devices making hard their exploitation.

Major concerns are related to the diffusion of a botnet of IoT devices that will also be offered for rent to power massive DDoS attacks.

8. The rise of Mobile threats

Security experts will continue to assist to the rise of mobile threats. Android mobile OS will be the privileged target of cyber criminals that will attempt to exploit Google Play Store to deliver malware to a broad audience.

Banking Trojan and mobile ransomware will be the primary threats to mobile systems.

Both Google and Apple will refine their systems to identify potentially harmful applications that could be deployed in their official store. Tech giants will adopt machine learning systems to prevent malicious app being download by end-users.

9. Cyber-Insurance proposal will explode

Cyber-insurance will continue to grow at a steady pace, organizations are aware of the potential effects of a cyber-attack, and for this reason, they consider the cyber-risk a prominent threat.

Due to growing awareness of cyber-attacks across the recent months, businesses' will start to consider security as a key commercial risk rather than an 'IT issue.'

Once the GDPR legislation becomes enforceable, organizations will gain a visibility of their cyber-risks and will evaluate with interest solutions to transfer the risk such as a cyber-insurance.

The Europe and Asia will have a higher penetration of cyber insurance liability policies respect the US, where the market is more mature.

Financial institutions and information technology firms will continue to be primary adopters of cyber insurance policies, followed by healthcare.

10. Cyberbullying … the emergency continues

Cyberbullying refers to the practice of using technology to harass, or bully, someone else. Teenagers are the most exposed to this practice, and the number of victims will dramatically increase despite the numerous initiatives of the authorities worldwide. States will promote new campaigns to prevent these phenomena and provide a high response to this cruel cybercrime.


Pierluigi Paganini
Pierluigi Paganini

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.