Preparing for 2018: Enterprise Ransomware, Software Supply Chain Attacks and Nation-State Threats

Preparing for 2018: Enterprise Ransomware, Software Supply Chain Attacks and Nation-State Threats

As we look back at 2017, one thing is certain – the hacks, breaches and exploited vulnerabilities that halted hundreds to thousands of businesses this year show that threat actors are growing more skilled, moving faster than legacy technology and finding clever ways to infiltrate organizations. With the new year approaching, we’ll see some major trends in attack types continue to grow and geopolitical motivations will strongly influence nation-state cyber activity.

Looking at the major attack types that will be prevalent in 2018, enterprise ransomware will continue to be a major trend for adversaries. In 2017, we saw these disruptive and destructive attacks come to the forefront with the WannaCry, NotPetya and BadRabbit malware outbreaks that successfully took companies offline for days and, in some cases, even weeks. While mostly destructive and not truly ransomware in nature, these attacks highlighted the potential for criminal groups to hold entire networks hostage while demanding millions of dollars in ransom from businesses who need to get their operations back up and running. These viral enterprise ransomware attacks will likely become a major trend amongst e-crime actors in 2018.

In addition to enterprise ransomware, software supply chain attacks will be the new vector for many adversaries. Recent events have demonstrated that the software supply chain is becoming an attractive way for nation-state threat actors to target organizations en-masse – take for example the CCleaner attack in September. Compromising the update channel of a popular software package can immediately give access to thousands of victims in one fell swoop. While these software supply chain attacks are not new, the frequency with which they have been taking place are a cause for concern. As evidenced by this momentum, the software supply chain will likely become a favorite threat distribution vector for criminal groups as well in 2018. In order to stay protected against these attacks, organizations must leverage anomaly-based detection and ensure comprehensive visibility to detect and stop these incidents.

Geopolitical motivations across the globe in 2018 will also continue to influence nation-state cyber activity. The potential for attacks from North Korea will continue to be a primary concern. In fact, we’ve been worrid for some time that one of the ways North Korea may try to deter a possible military attack against their nuclear or ballistic missile facilities is through asymmetric operations, which these days also include significant cyber attack capabilities. In particular, due to North Korea’s lack of dependence on global financial systems and the importance of it to U.S. and Western economies, as well as past history of intrusions into major banking institutions by DPRK, the financial sector is one that will likely suffer the brunt of these attacks.

Additionally, ongoing attacks from Iran against Saudi Arabia, and even potentially the United States, will come to the forefront in 2018. We have observed Iran invest significant resources in advancing its cyber capabilities over the last seven years. Continued tensions and proxy wars with Saudi Arabia over the conflicts in Syria, Yemen and the blockade of Qatar, have resulted in waves of cyber attacks from Iran against Saudi Arabia. These attacks are likely to continue and potentially escalate into 2018, with possible impact on Western companies working in Saudi Arabia. Additionally, if the U.S. pulls out of the JCPOA nuclear agreement and attempts to reinstate financial sanctions against Iran, they may expand those attacks to include the U.S. financial and energy sectors.

This past year was marked by adversaries finding more interesting and effective ways to cause harms to organizations – whether by halting operations or by exposing used data. And, with 2018 quickly approaching, it will be critical for organizations to focus on the growing threat vectors and nation-state developments affecting their industries.

About the Author

Dmitri Alperovitch is the co-founder and CTO of Crowdstrike.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.