This article was first published as a part of the cover story in the February 2018 issue of Digit magazine. To read Digit’s articles first, subscribe here. You could also buy Digit’s previous issues here.
Cybersecurity is like fighting the Lernaean Hydra, every time you chop off a head, two new ones grow in its place. Cybercriminals are constantly evolving and refining their tactics. At the same time, new devices continue to invade the market, and existing devices are getting smarter, increasing the opportunities for attacks. Botnets, which can be used for everything from cryptocurrency mining to DDoS attacks stand to become much more powerful. Online privacy has been all but proven to be a myth. In the remaining months of 2018, expect some of the biggest cybercrime trends of 2017 to continue, including ransomware and smartphone malware. Cybercriminals will also find new and innovative ways to leverage distributed ledger technologies, machine learning algorithms, neural networks, and cloud computing. Expect a laser focus on targeted attacks, whether on individuals or organisations. With many kinds of cybercrime being sold on darknet marketplaces, it will be possible for relative novices to compromise devices without even knowing how to hack.
Which is where this series comes in. We will be going through all the things in technology that you should be scared of, or rather, aware of, in 2018. We start off with hackers
How hackers are coming to get you
This could very well be the umbrella header for almost the entire series. After all, any attempt at accessing restricted information and systems can be classified as hacking. So apart from what you already know, what could be new in hacking?
For starters, their targets have shifted. Instead of typical desktops or laptops, hackers will now be focussing more on smartphones. The fact that breaking into a smartphone gives them access to pretty much all about the user and his or her banking details. The smartphone has emerged as the most popular personal computing device around the world, and a single device
incorporates what was previously a camera, a personal media player, a gaming console, a personal digital assistant, as well as a mobile phone. There are multiple new techniques to compromise smartphones, and more are being developed. It was only recently that Lebanese group, Dark Caracal used Android spyware to steal hundreds of gigabytes of sensitive data from more than 21 countries. Types of stolen data included audio recordings, text messages, call records, documents, photos, contact information, secure messaging client content, account data and enterprise intellectual property. It was all done via modified APKs of popular secure messaging apps such as Signal and WhatsApp. Expect more such attacks in 2018.
Interestingly, such an attack could compromise your fingerprint – which can be quite easily replicated and then used to authorise other actions on your behalf. For instance, obtaining a new sim card or opening a new bank account.
Researchers have demonstrated an interesting attack vector to compromise gene sequencers and compromise the underlying computing systems. The malware is actually embedded in the DNA sequence itself and corrupts the sequencer when the DNA is analysed. This was just a proof of concept attack though and is not a practical vector of attack, at least now, when DNA sequences are not so common.
We’ve seen the power of IoT botnets with Mirai, a botnet that used a host of compromised IoT devices. Since then, we’ve added many more IoT devices come onto the internet, be it in the form of smart speakers, connected headphones, wearables or the regular smartphones, laptops and more. Being able to control a large number of these devices at once is also not difficult. Unknown to most of us, since Mirai surfaced, quite a few variants have shown up – some cast a much wider and/or deeper net. These variants can be built in ways that fulfil purposes – mine/hack cryptocurrencies or carry out DDoS attacks. The scale of the attacks is unprecedented, with major content delivery networks and dedicated DDoS prevention tools being unable to keep up with the intense firepower of Mirai based DDoS attacks.
Apart from the obvious negative implications of such malicious usage, there’s also the fact that such operations can be really taxing on the hacked devices and can cause temporary to permanent physical damage. Check out the all-encompassing malware Loapi that can subscribe users to paid services, send SMS messages to any number, generate traffic and make money from showing advertisements, use the computing power of a device to mine cryptocurrencies, as well as perform a variety of actions on the internet on behalf of the user/device. It causes infected devices to show visible signs of stress damage within a couple of days, to the point where the battery expands enough to deform the device. Cryptocurrency miners can put enough load on smartphones and IoT devices, to the extent of physically damaging them.
As more parts of our lives are getting connected, there are more loopholes for hackers to exploit since not all companies or users are incentivised or motivated to secure their systems. A recent hack at a major Las Vegas casino was traced to a connected fish tank on the premises. Hackers in 2018 are not as focussed on innovating as they are on scaling up. So, it’s more likely than ever before that you will be targeted as a part of a large-scale attack on any of the several connected fronts in your life. As long as we adopt the major security protocols that we are actually supposed to follow in the first place, and are careful about the sources we install our applications from, we should be secure from most hacking threats in 2018.