City-crippling ransomware, crypto hijackings, and more: our 2018 mid-year cybersecurity update
In early January, we predicted some of the biggest cyberthreats the world would encounter in 2018. Almost halfway through the year, it seemed like a good time to revisit that forecast and see how it’s playing out.
Recommended for You
Here’s what we’ve gotten right so far …
One of my predictions was that we’d see more huge data breaches, and that hypothesis was proved pretty quickly. In March, exercise- and diet-tracking app MyFitnessPal said it had suffered one of the biggest breaches in history: hackers stole the usernames, e-mail addresses, and passwords associated with some 150 million accounts.
That made the breach even larger in terms of sheer numbers than the massive Equifax hack of 2017. The only silver lining was that many of the passwords were protected by strong encryption, which seems to have limited fallout from the attack.
Then there’s the Facebook imbroglio with Cambridge Analytica, which blew up the same month. Some 87 million users of the social network had their data shared without their knowledge or consent. Strictly speaking, this wasn’t a hack. But I think it merits a (dis)honorable mention here because had the social network put tighter controls in place, it could have spotted the unauthorized use of the data faster and stopped it.
I also predicted even bolder efforts to steal computer processing power for cryptocurrency mining, and we dug into this risk in more detail later in January (see “Forget viruses or spyware—your biggest cyberthreat is greedy currency miners”).
In the past few months, we’ve seen mining-minded hackers use popular malware such as Coinhive and Crypto Miner to hijack cloud computing capacity at companies like Tesla and British insurer Aviva. And one big security company, Darktrace, says it has found rogue mining software on the systems of a thousand of its customers.
Another forecast was that hackers would be likely to target more cryptocurrency exchanges. The latest assault happened earlier this month when Coinrail, a South Korean exchange, was compromised and almost a third of the coins it held were stolen.
Maya Horowitz of security firm Check Point says it’s now seeing new cyberattacks on exchanges “every couple of weeks.” In response, security researchers and law enforcement agencies are stepping up efforts to track down the hackers (see “Sitting with the cyber-sleuths who track cryptocurrency criminals”).
… and kind of right
In January, I warned that ransomware attacks would cause even more damage. These involve malware that locks down computer files with strong encryption and decrypts them only after a ransom has been paid, typically in untraceable cryptocurrency.
I thought ransomware would cause a headache for big cloud providers like Amazon and Google, but the big story so far in 2018 has been the huge attack on the US city of Atlanta, which paralyzed a wide range of its municipal systems. The data kidnappers, who demanded $51,000 in Bitcoin, did some lasting damage, including erasing years of police video records.
Separately, I highlighted the potential risk of a significant cyberattack on physical infrastructure. I’m delighted to report that this prediction hasn’t proved correct so far, but the US Department of Homeland Security, the FBI, and Britain’s National Cyber Security Center did take the unprecedented step in April of issuing a joint warning that Russian hackers are targeting routers and other network infrastructure at power grids and military installations.
Here are the wait-and-sees
To my knowledge, there hasn’t yet been any concrete evidence of hackers weaponizing artificial intelligence, which I forecast, but plenty of cybersecurity companies are on the lookout for it. And it’s too early to tell whether there’ll be a concerted effort to hack election infrastructure, particularly in America, parts of which are still vulnerable to cyberattack. The real test will come during the US midterm elections later this year.
And here’s that embarrassing miss
No sooner had the digital ink dried on my forecast than news emerged of serious security flaws in some semiconductors made by companies like Intel and AMD. Dubbed Meltdown and Spectre, these affected billions of chips and effectively made it possible for hackers who’d already compromised computers to get access to secure portions of processors, where they could install malware or steal encryption keys.
There’s since been a massive, and ongoing, effort to address the problem through software fixes and planned hardware changes, though new variants of the flaws keep popping up. Apologies for not seeing this scenario in our crystal ball. It’s a humbling reminder that when it comes to cybersecurity, the risks don’t just lurk in code.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today