With the same punctuality of the most renowned “horoscopes” that go crazy on TV, radio and newspapers in these last days of the year, even in the field of cybersecurity, after pulling the files of the year just passedwe move on to present what the coming year might hold for us. We saw in yesterday’s contribution how Kaspersky and its experts presented a scenario, that of 2017, rather bleak and agonizing. Unfortunately, 2018 won’t suddenly be an “all pink and all flowers,” but there will still be purging to be done…☹

We closed the year with some news, among them the attacks on software vendors to perpetrate then in the systems of large companies (CCleaner case): according to Kaspersky Lab researchers, this type of attacks will be increasingly numerous as it has been shown that successfully affecting one program can, as a result, put many users at risk. Attention then to ATMs, also targeted by hackers in October 2017: so far hackers have moved through rather rudimentary methods that have quickly lost effectiveness, nevertheless it is expected that this flop will certainly not discourage cybercriminals who will develop new hacking methods, probably remotely.

Then, in 2018 we can expect more and more targeted attacks in different ways. First of all, the vector of attacks is shifting from traditional PCs to new devices such as smartphones and everything that falls under IoT and therefore has an Internet connection. Cybercriminals are trying to work at the operating system level to avoid detection by security methods. The target is also carefully identified and based on it cyber criminals decide the timing of the attack: we have already experienced this with Petya or ExPetr that encrypted files a few days before a tax refund with the aim of forcing the company to pay without blinking an eye.

It is not hard to predict that scams involving cryptocurrencies and attacks on virtual blockchain values will continue in 2018. A phenomenon that in recent months has proven to be much more profitable than attacks on traditional banking systems and online banking tools. There are many ways to practice covert mining, if we add to this the almost daily creation of new cryptocurrency values, it goes without saying that what is predicted about the continuation of these scams is very very likely.

The scenario ahead doesn’t look any better at all to what we’ve experienced this year. However, there remains a glimmer of hope represented by another important event/argument that marked -more in theory than in practice- 2017. We’re talking about GDPR, the new European regulation on user privacy, which will begin to take effect as of next May 25. By that date, companies will have to have reviewed their internal processes by making user privacy one of their priorities: this means that companies will only process data that is truly indispensable to the performance of their business and access to such data will be limited only to those who have to actually process it. There are many innovations associated with this regulation which, if on the one hand protects consumers, on the other allows companies to operate in greater security and awareness.

Sara Avanzi