In his article, The Top 18 Security Predictions for 2018, Dan Lohrmann’s roundup outlined the cybersecurity industry’s top predictions from some of the major industry vendors, including TrendMicro, McAfee, Symantec, Check Point, and others.

As with any prediction, there are always those who either agree, agree in part or totally disagree. I would place myself in the second category of agree in part, although there are a few salient points that I believe should be included.

Additionally, I am going to add a bit of fidelity to their predictions based on my market visibility and experiences. You will see some similarities and some differences in view but remember, they are based on my exposure to the industry, GuidePoint Security’s customer base, independent research I’ve performed, and input I have received from other valued Digital Forensics and Incident Response (DFIR) professionals.

Without further delay, here are my thoughts on the Top Security Predictions for 2018.

1) IoT devices will be the key victims for Ransomware

a. A lot of IoT device manufactures have implemented minimal security safeguards and these connected devices are low hanging fruit for attackers.
b. Moreover, these devices are relatively easy to target, have a highly visible public impact, and ransomware continues to provide a nice profit margin for attackers. I expect the combination of these factors to lead to a significant uptick in successful Ransomware attacks against IoT devices in 2018.

2) Most companies will take definitive action on the General Data Protection Regulation (GDPR) but only after the first set of high-profile fines or lawsuits are filed.

a. GDPR is the latest set of requirements that has companies scrambling to meet the compliance deadline, but few companies have invested the time and resources required to be properly prepared by May.
b. Also, with the EU wielding such power, European assets of American companies can be seized.

3) Malspam will increase and will focus on account compromises for Outlook Web Access (OWA) and Office 365 (O365) email/account access. Additionally, unsecured AWS and Azure environments could lead to large-scale compromises.

a. A large amount of companies are moving their email and Office environments into OWA and O365 as well as their workloads into Azure and AWS. As is often the case, security requirements are not included in these migrations in the haste to move to the new environment. (Remember, in 2017 we have already seen an uptick in the number of discovered publically accessible S3 buckets and there’s nothing to suggest that this will not continue well into 2018.)
b. Overall, malspam attacks are easy to execute and only requires gullible end-users to be successful.
c. Malspam success is based on the Human Element (HE) and you can never remove HE from cybersecurity, hence it will remain the weakest link in the chain

4) Companies in the cryptocurrency business will see the most attacks in 2018, with one or more declaring bankruptcy from the losses suffered in the attacks.

a. 2017 was a banner year for hacking the cryptocurrency businesses with at least one crypto currency dealer being hacked twice then filing for bankruptcy (e.g., Youbit[1]).

5) Non-malware and File-less malware attacks will dominate the tech industry.

a. These types of attacks were dominant and profitable in 2017 and I see them gaining strength in 2018. Many companies are ill-prepared to deal with these types of attacks, and the attackers are well aware of this weakness.

6) The Corporate Cyber Insurance industry will suffer large financial losses in 2018. This will not be a record for that industry but their claims will reach record levels.

a. I think the Cyber Insurance industry has a significant amount of maturing and change to accomplish in 2018.
b. The Cyber Insurance market will continue to explode. However, the common underwriting framework and process to measure the risk of the policies has lagged behind the policy writing.
c. I also believe the current cryptocurrency businesses are improperly designed and are too high of a risk for the cyber insurance market.

7) New POS malware variants will emerge in 2018 that will focus on EMV / Chip and PIN technologies with an increase of Ransomware targeting POS devices.

a. This is a bit of a reach for me but I refuse to believe the crime syndicates are not testing or trying to target Chip and PIN.
b. Ransomware on a POS device is simple, easy, cheap and effective and we will see it deployed effectively against retailers in 2018.

8) Online gaming agents will be used as bots in an DDoS attack. It is only a matter of time before this “innocent” avenue will be exploited and with the wide distribution of online gaming, these bots will be a force to reckon with in 2018.

a. This attack vector isn’t new but is often overlooked. I have been waiting for the past five years for this to happen and I think we are at that point in cyber-history to witness this type of massive distributed-global attack.

9) Increase in malware that targets PLC type devices. Much like we saw with the Trisis malware, the PLC device manufactures are unaware of how exposed they are to exploit and this type of targeting, especially for a Ransomware attack, can be extremely profitable.

a. With PLC devices connecting to the internet and/or to internal networks, most are not protected and large industrial corporations with deep pockets utilize the PLC devices. Therefore, with a well-planned Ransomware attack the payout could be massive.

10) NIST 800-171/ DFARS standard violations will outpace the US Government’s ability to contract and waivers will be provided to lessen the impact.

a. Many of the companies that claim compliance to 800-171 have scrambled to get a basic compliance program in place to meet the assessment criteria.
b. The DoD will need to make contracting adjustments to its FAR in order to keep up with DoD contracting demands.

Well, I guess it is a matter of record now, so we will have to revisit my prognostications in 2019 and see how close I was with each one.

Happy New Year everyone!


Image credit:


Bill Corbitt, National Practice Director for Digital Forensics Incident Response & Forensic Intelligence at GuidePoint Security, is a seasoned, results-oriented leader with extensive corporate, federal, and international experience, dealing with cybersecurity, forensic, and Incident Response dilemmas. In addition to his demonstrated success in aligning security results with business requirements, Bill is recognized for his abilities in implementing accurate cyber-countermeasures to protect intellectual property, reduce cybersecurity risk, and protect intellectual property on a global scale. A respected strategist within the forensic and incident response communities, Bill holds a Bachelor of Science degree in Criminal Justice from Valdosta State University.