As we do every year, we are once again publishing a forecast at the end of 2017 for the coming year, 2018. Here are the topics we expect to become most relevant or which will continue to evolve:

Ransomware will turn pro

The two ransomware waves this year, WannaCry and NotPetya, gave some idea of what these attacks can do. At the same time, there is debate about whether higher or lower ransom money demands would result in greater rewards. One thing is sure – ransomware developers will be trying to optimize their malware. In the future, it may be able to detect whether it’s running on a home or pro version of Windows. Or how many other computers are on the same network. So private users may be on the line for USD 299 in ransom money, and enterprise customers up to two hundred times that.

Smart home invasion

Digitalization is increasingly taking over our homes. Networked lighting, intelligent electricity meters, and heating systems hooked up to the internet are just some of the technical innovations that attackers are targeting. That’s because a smart home that falls victim to ransomware puts the resident in a tight spot. If it’s winter and ransomware is demanding USD 1,000 before it will heat up the house again, you need to take action straight away. That’s why we can expect to see a wave of attacks on smart homes, particularly with ransomware. And in particular, it is the traditional manufacturers of household systems that have retrofitted their long-serving systems with IT components that will have a lot of catching up to do.

Greater use of personal assistants and AI

There will be a sharp rise in the spread of personal assistants with artificial intelligence that enables human-machine interaction. There’s a new generation who have no problem talking to Siri and her colleagues, and who actually favor this mode of interaction over classic text entry. Manufacturers like Amazon have recognized this and are targeting new markets, like India, where they are currently pushing Alexa. And Amazon is looking to gain ground closer to home as well, so we can look forward to ever-present speech assistants in our day-to-day lives. In many areas, the daily interaction with these devices will completely change. Thanks to Amazon, a majority of orders are now entered by speech and only fulfilled through the internet.

Micro-transactions will present more vulnerabilities

In recent weeks, micro-transactions in video games have been the subject of justified criticism. But the option of easily activating functions on devices on a short-term or temporary basis will become a greater part of our day-to-day lives. Porsche has announced that certain services in its cars will be available as downloadable content to be dynamically activated. This activation has to happen through online channels, which would mean multiple vulnerabilities for each device. It’s a problem with dynamic networking that will soon be seen in other product lines, including devices that are already “smart”, like smartphones and smart TVs. But it will also appear in devices not previously sold in smart form, such as coffee machines and fridges.

Android will compete with iOS for the exploit crown

For years, Apple iOS was the frontrunner when it came to high quality and correspondingly expensive exploits. Last year, Google Android was nearing this top position, and we can see it overtaking in the near future. Due to the wide distribution of Android devices, the large number of critical vulnerabilities, and the undesirable fragmentation of the market, the platform is attracting the interest of exploit developers. This trend will increase and put Google under indirect pressure. Apple could seize the day and once again try to establish its ecosystem as the “more secure”.

Cyber insurance will gain traction

Many insurers already offer cyber insurance to private customers as an add-on to contents insurance. But so far, both insurers and customers have been tentative around the issue, as its complexity and unknown impact give rise to a certain degree of risk. Yet there’s no denying the usefulness of a cyber insurance policy, which is why this complementary measure is increasingly met with understanding and acceptance in risk management. Taking out policies in this area will soon become normal. Will customers deal differently with hazards? If so, to what extent? And how will insurers respond in the face of greater payouts? It’s still too soon to say.

Bitcoin irregularities will complicate payments

The hype around Bitcoin reached a new zenith in the last quarter. Its rapid climb in price has made the cryptocurrency interesting to numerous investors. At some point, they will want to get hold of their winnings and try to cash out. In particular, it is the big players (whales) with their arrangements who will trigger a sudden plunge in the price, which will prompt smaller fish to try to cash out. The trading platforms in question will not be able to cope with the rush. The ensuing outages will lead to chaotic conditions. We can assume that Bitcoin, probably the biggest bubble since the dot com boom, will burst. Before that happens, targeted attacks on Bitcoin wallets and trading platforms will increase.

About the Author

Marc Ruef has been working in information security since the late 1990s. He is well-known for his many publications and books. The last one called The Art of Penetration Testing is discussing security testing in detail. He is a lecturer at several faculties, like ETH, HWZ, HSLU and IKF. (ORCID 0000-0002-1328-6357)

Links

• https://arstechnica.com/tech-policy/2017/11/how-bitcoins-became-worth-10000/
• https://newsroom.porsche.com/de/unternehmen/porsche-digitalisierung-autonomes-fahren-functions-on-demand-konnektivitaet-innodrive-technologie-interview-lutz-meschke-14581.html
• https://www.androidauthority.com/android-fragmentation-google-fix-it-713210/
• https://www.reddit.com/r/StarWarsBattlefront/comments/7d4qft/star_wars_battlefront_ii_dice_developer_ama/
• https://www.reuters.com/article/us-cyber-nicehash/digital-currency-exchange-nicehash-says-bitcoin-worth-nearly-64-million-hacked-idUSKBN1E10AQ