Preparing for 2018: Enterprise Ransomware, Software Supply Chain Attacks and Nation-State Threats

Preparing for 2018: Enterprise Ransomware, Software Supply Chain Attacks and Nation-State Threats

As we look back at 2017, one thing is certain – the hacks, breaches and exploited vulnerabilities that halted hundreds to thousands of businesses this year show that threat actors are growing more skilled, moving faster than legacy technology and finding clever ways to infiltrate organizations. With the new year approaching, we’ll see some major trends in attack types continue to grow and geopolitical motivations will strongly influence nation-state cyber activity.

Looking at the major attack types that will be prevalent in 2018, enterprise ransomware will continue to be a major trend for adversaries. In 2017, we saw these disruptive and destructive attacks come to the forefront with the WannaCry, NotPetya and BadRabbit malware outbreaks that successfully took companies offline for days and, in some cases, even weeks. While mostly destructive and not truly ransomware in nature, these attacks highlighted the potential for criminal groups to hold entire networks hostage while demanding millions of dollars in ransom from businesses who need to get their operations back up and running. These viral enterprise ransomware attacks will likely become a major trend amongst e-crime actors in 2018.

In addition to enterprise ransomware, software supply chain attacks will be the new vector for many adversaries. Recent events have demonstrated that the software supply chain is becoming an attractive way for nation-state threat actors to target organizations en-masse – take for example the CCleaner attack in September. Compromising the update channel of a popular software package can immediately give access to thousands of victims in one fell swoop. While these software supply chain attacks are not new, the frequency with which they have been taking place are a cause for concern. As evidenced by this momentum, the software supply chain will likely become a favorite threat distribution vector for criminal groups as well in 2018. In order to stay protected against these attacks, organizations must leverage anomaly-based detection and ensure comprehensive visibility to detect and stop these incidents.

Geopolitical motivations across the globe in 2018 will also continue to influence nation-state cyber activity. The potential for attacks from North Korea will continue to be a primary concern. In fact, we’ve been worrid for some time that one of the ways North Korea may try to deter a possible military attack against their nuclear or ballistic missile facilities is through asymmetric operations, which these days also include significant cyber attack capabilities. In particular, due to North Korea’s lack of dependence on global financial systems and the importance of it to U.S. and Western economies, as well as past history of intrusions into major banking institutions by DPRK, the financial sector is one that will likely suffer the brunt of these attacks.

Additionally, ongoing attacks from Iran against Saudi Arabia, and even potentially the United States, will come to the forefront in 2018. We have observed Iran invest significant resources in advancing its cyber capabilities over the last seven years. Continued tensions and proxy wars with Saudi Arabia over the conflicts in Syria, Yemen and the blockade of Qatar, have resulted in waves of cyber attacks from Iran against Saudi Arabia. These attacks are likely to continue and potentially escalate into 2018, with possible impact on Western companies working in Saudi Arabia. Additionally, if the U.S. pulls out of the JCPOA nuclear agreement and attempts to reinstate financial sanctions against Iran, they may expand those attacks to include the U.S. financial and energy sectors.

This past year was marked by adversaries finding more interesting and effective ways to cause harms to organizations – whether by halting operations or by exposing used data. And, with 2018 quickly approaching, it will be critical for organizations to focus on the growing threat vectors and nation-state developments affecting their industries.

About the Author

Dmitri Alperovitch is the co-founder and CTO of Crowdstrike.

Featured

  • Security Today Announces The Govies Government Security Award Winners for 2025

    Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.