License article

'Swarm' cyber attacks, crypto-currency stealing malware predicted for 2018

Show comments

2018 will be the year malicious software becomes smarter and cyber criminals increasingly chase crypto-currencies like bitcoin, according to predictions from computer security companies.

It will also be the year ransomware — software designed by hackers that locks up computer systems until a fee is paid — will become more targeted and prevalent among big business, where ransom demands are often much higher in dollar value due to businesses having more money to divulge than consumers, according to computer security firm Fortinet.

Derek Manky, global security strategist at Fortinet, says that although the threat magnitude of ransomware has grown by 35 times over 2017 with "ransomworms" and other types of attacks, there is more to come.

"The next big target for ransomware is likely to be cloud service providers and other commercial services with a goal of creating revenue streams," he says, pointing to one ransom that resulted in $US1 million being paid by a web hosting company in 2017.

"We predict that cybercriminals will begin to combine artificial intelligence technologies with multi-vector attack methods to scan for, detect, and exploit weaknesses in a cloud provider's environment. The impact of such attacks could create a massive payday for a criminal organisation and disrupt service for potentially hundreds or thousands of businesses and tens of thousands or even millions of their customers."

Manky also predicts that cyber criminals will replace botnets — large numbers of infected internet-connected devices controlled by hackers — with intelligent clusters of compromised devices called "hivenets" to create more effective attack vectors.


"Hivenets will leverage self-learning to effectively target vulnerable systems at an unprecedented scale," he says. "They will be capable of talking to each other and taking action based off of local intelligence that is shared."

Infected devices will also become smarter, acting on commands without the botnet herder instructing them to do so, he says. As a result, hivenets will be able to grow exponentially as swarms, widening their ability to simultaneously attack multiple victims and significantly impede mitigation and response.

In addition, Manky predicts that we'll also see the rise of what he calls next-generation morphic malware, whereby the code of malicious software is automatically altered slightly to evade detection from anti-virus but the same functionality is kept (or some new functionality is gained).

"Soon we will begin to see malware completely created by machines based on automated vulnerability detection and complex data analysis," he says. "Polymorphic malware is not new, but it is about to take on a new face by leveraging artificial intelligence to create sophisticated new code that can learn to evade detection through machine written routines."

Such attacks could also leverage new developments in the underground world, where attackers are already making use of services where they can check their malicious software against every anti-virus maker's software to see whether it is detectable. One such service, known as Fully Undetectable, is already part of several offerings, Manky says.

Meanwhile, security firm Proofpoint predicts we'll see a rise of crypto-currency stealing malware.

"In 2018, malware and phishing designed to steal crypto-currency – either directly or indirectly – will become almost as prevalent as banking Trojans in email-based campaigns, targeting wallets, credentials, cryptocurrency exchanges, and CPU cycles," Proofpoint says.

Proofpoint also predicts a rise in social media bots designed to assist hackers.

"We expect the use of social media bots will expand beyond public influence campaigns to financial gain, automatically distributing malware, linking to spam sites, phishing, and more. As these bots evolve, they will become less distinguishable from humans, increasing both their potential influence and effectiveness."

The writer travelled to France as a guest of Fortinet.