Skip to main content

Cyber Security predictions 2018 by FireEye

    The year of 2017 has been tough for enterprise security teams. Attacks like Petya and Wannacry suggest that the impact scale is increasing dramatically. The recent leak of government-developed malware and hoarded vulnerabilities has given cybercriminals greater capabilities. IT is struggling to keep pace with the flow of important security software patches and updates, and the continued adoption of new technologies like the internet of things (IoT) creates new vulnerabilities to contend with.

Finally, 2017 going to end. So, get ready to face 2018 cyber Attacks with FireEye Lab's Cyber Security predictions 2018.

What cloud trends do you expect to see as we move into 2018?

This past year was something of a turning point for public cloud adoption – not just with regard to traditional public cloud providers such as Amazon and Azure, but also with software as a service. This means people are really starting to put critical data into the cloud. We saw that some of the largest companies are starting some really major cloud initiatives where they may have one or two absolutely critical applications that they’ve successfully migrated. 

What does that mean for attackers?

That means attackers are going to follow that data into the cloud, regardless of what the data is – be it credit cards or medical records or something else. Attackers won’t say, “Well, I'm not really interested in doing cloud stuff. I'm going to stick with on-prem.” They'll certainly move to trying to get to the IP that’s in the cloud. 

Making sure that you have full visibility into all the actions that are occurring starts to move some of the traditional defenses from things like exploits into a little bit more of the business logic layer. Still, vulnerable is vulnerable, so ensure everything running in the cloud is secure.

Targeting Inherent Trustin the Software Supply Chain 

Malware authors are increasingly taking advantage of inherent trust between users and software providers. Users inherently trust software developers to provide updates for their products that would add new functionalities or fix security bugs, and they don’t expect the updates to be tainted with malicious code. In supply chain attacks, cyber threat groups target the build servers, update servers and other parts of the development environment. The hackers can then inject malware into software updates and software releases, thus potentially infecting users through trusted official software distribution channels.

What Will happen?

IN 2018, we may see an increase in ransom and extortion attacks relating to GDPR (and perhaps other regulations) as attackers seek to capitalize on a potential fear of large fines. An example of this would be an attacker compromising an organization – or even tricking the organization into believing they have been compromised – and promising to keep the breach from going public for the right price.

dramatically in the past few years, and recent attacks leveraging major vulnerabilities show that attackers are still finding success with the file and system locking malware. We expect to see continued use of ransomware in 2018, especially as administrators are slow to patch and update their systems. Additionally, ransomware will continue to be prolific as long as the ransomware authors continue to find the business lucrative.

Increase in Cloud-based Attacks and Evasion Techniques In recent years, we have seen an uptick in security technologies and infrastructure using cloud services such as Amazon Web Services (AWS), Azure, and more. We have also seen attackers leveraging these cloud services for various purposes, including to host URLs for phishing and to distribute malware. Hosting on known file-sharing services and leveraging cloud service providers is useful for attackers because it helps them bypass the initial domain reputation checks performed by most security engines. Additionally, with cloud offerings becoming more prominent every day, we expect attackers will become more aware of cloud environments and, thus, adapt their behaviors accordingly (traditionally, we have seen malware binaries detecting virtual environments). For defenders, this means either restricting downloads from cloud service provider IP addresses or limiting downloads.

2018 Major Attacks
  • Increase in the Internet of Things Attacks by Exploiting Vulnerabilities.
  • Multi-vector Phishing Attacks Involving a Variety of Evasion Techniques
  • Increase in Cloud-based Attacks
  •  Malware Attacks to Targeting Cryptocurrencies

The Battle Ahead

From innovative attacks and malware to incoming laws and regulations, to changes in nation-state activity, it’s evident that 2018 has the potential to be another event-filled year in cybersecurity. But while there are many new things to look forward to in the next 12 months, and many different ways to stay prepared, we also cannot sleep on the timeless fundamentals that continue to keep us secure.

Finally, it’s important to simply keep a positive attitude in this industry. Some people think it’s all fear, uncertainty and doubt, and that there are no answers, but this is exactly the type of thinking that hampers innovation and ultimately lets the bad guys gain an edge. Remain optimistic – we’re going to manage our way through all the uncertainty in the industry. Security is in our DNA, and we are going to fix the problems, or at least treat them in ways where all the promise of our increasingly connected world is going to become a reality

FireEye Security Predictions 2018 - Click Here to Download


Popular posts from this blog

My Life as Information security engineer Chapter 1: Tools

  Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP  Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: CURL and WGET curl   is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget   using to download files directly instead of opening and surfing the brow

AquaSec Container Security Solution ( DevSecOps ) - A quickView

  What is AquaSec?      The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed.    Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail  Sign In | Aqua (   How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub  Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The

What is IP Obfuscation ? How it's working ? how to use Cuteit tool ?

  What is IP  Obfuscation?     Which is a method to hide or convert a doted format IP address  (e.g.   into an Integer or Hexadecimal value or Octal form by using some mathematical formula. It’s a kind of method to spoof the human eyes and web security services. dot format to Decimal Conversion 👉  [] to translate (172 x256 3 )+(67×256 2 )+(129×256 1 )+(3×256 0 ) =  2890105091 Now you can use  https://2890105091  to access This is one of the ways to do IP  Obfuscation.  The tool  ‘ Cuteit ‘ is  A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command-line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. HOW TO USE CUTEIT ? Download & Install Cuteit from the below link git :   git clone Direct link: usage: Cu