Cyber-criminals will use Artificial Intelligence (AI) and Machine Learning (ML) to explore victims’ networks in 2018, global cyber security leader Symantec said on Thursday.
Furthermore, the Internet of Things (IoT) devices will be hijacked and used in Distributed Denial of Service (DDoS) attacks, warned Tarun Kaura, Director, Product Management, APJ, Symantec.
“2018 is the first year where we will see AI versus AI in a cybersecurity context. Cyber criminals will use AI to attack and explore victims’ networks, which is typically the most labour-intensive part of compromise after an incursion,” Kaura said in a statement.
In 2017, we saw massive DDoS attacks using hundreds of thousands of compromised IoT devices in people’s homes and workplaces to generate traffic.
“This is not expected to change with cyber-criminals looking to exploit the poor security settings and management of home IoT devices,” Kaura added.
The inputs and sensors of these IoT devices will also be hijacked, with attackers feeding audio, visual or other faked inputs to make these devices do what they want rather than what users expect them to do.
Beyond DDoS attacks and ransomware, home IoT devices will be compromised by cyber criminals to provide persistent access to a victim’s network.
“Home users generally do not consider the cyber security implications of their home IoT devices, leaving default settings and not vigilantly updating them like they do with their computers,” Kaura said.
Persistent access means that no matter how many times a victim cleans their machine or protects their computer, the attacker will always have a backdoor into victims’ network and the systems that they connect to.
When it comes to Blockchain technology, instead of attacking Blockchain technology itself, cyber criminals will focus on compromising coin-exchanges and users’ coin-wallets since these are the easiest targets, and provide high returns.
Supply chain attacks have been a mainstay of the classical espionage and signals-intelligence operators, compromising upstream contractors/systems/companies and suppliers.
“They are proven to have a high-level of effectiveness, with nation-state actors using a mix of human intelligence to compromise the weakest link in the chain,” Symantec said.