Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • Benedikt Luft
  • Connectivity

    City-crippling ransomware, crypto hijackings, and more: our 2018 mid-year cybersecurity update

    So far this year, some of our January predictions have been spot-on. But we also failed to foresee one very big, looming threat.

    In early January, we predicted some of the biggest cyberthreats the world would encounter in 2018. Almost halfway through the year, it seemed like a good time to revisit that forecast and see how it’s playing out. 

    Here’s what we’ve gotten right so far …

    One of my predictions was that we’d see more huge data breaches, and that hypothesis was proved pretty quickly. In March, exercise- and diet-tracking app MyFitnessPal said it had suffered one of the biggest breaches in history: hackers stole the usernames, e-mail addresses, and passwords associated with some 150 million accounts. 

    That made the breach even larger in terms of sheer numbers than the massive Equifax hack of 2017. The only silver lining was that many of the passwords were protected by strong encryption, which seems to have limited fallout from the attack.

    Then there’s the Facebook imbroglio with Cambridge Analytica, which blew up the same month. Some 87 million users of the social network had their data shared without their knowledge or consent. Strictly speaking, this wasn’t a hack. But I think it merits a (dis)honorable mention here because had the social network put tighter controls in place, it could have spotted the unauthorized use of the data faster and stopped it. 

    I also predicted even bolder efforts to steal computer processing power for cryptocurrency mining, and we dug into this risk in more detail later in January (see “Forget viruses or spyware—your biggest cyberthreat is greedy currency miners”).

    In the past few months, we’ve seen mining-minded hackers use popular malware such as Coinhive and Crypto Miner to hijack cloud computing capacity at companies like Tesla and British insurer Aviva. And one big security company, Darktrace, says it has found rogue mining software on the systems of a thousand of its customers. 

    Another forecast was that hackers would be likely to target more cryptocurrency exchanges. The latest assault happened earlier this month when Coinrail, a South Korean exchange, was compromised and almost a third of the coins it held were stolen.

    Maya Horowitz of security firm Check Point says it’s now seeing new cyberattacks on exchanges “every couple of weeks.” In response, security researchers and law enforcement agencies are stepping up efforts to track down the hackers (see “Sitting with the cyber-sleuths who track cryptocurrency criminals”). 

    … and kind of right

    In January, I warned that ransomware attacks would cause even more damage. These involve malware that locks down computer files with strong encryption and decrypts them only after a ransom has been paid, typically in untraceable cryptocurrency.

    I thought ransomware would cause a headache for big cloud providers like Amazon and Google, but the big story so far in 2018 has been the huge attack on the US city of Atlanta, which paralyzed a wide range of its municipal systems. The data kidnappers, who demanded $51,000 in Bitcoin, did some lasting damage, including erasing years of police video records. 

    Separately, I highlighted the potential risk of a significant cyberattack on physical infrastructure. I’m delighted to report that this prediction hasn’t proved correct so far, but the US Department of Homeland Security, the FBI, and Britain’s National Cyber Security Center did take the unprecedented step in April of issuing a joint warning that Russian hackers are targeting routers and other network infrastructure at power grids and military installations.

    Here are the wait-and-sees

    To my knowledge, there hasn’t yet been any concrete evidence of hackers weaponizing artificial intelligence, which I forecast, but plenty of cybersecurity companies are on the lookout for it. And it’s too early to tell whether there’ll be a concerted effort to hack election infrastructure, particularly in America, parts of which are still vulnerable to cyberattack. The real test will come during the US midterm elections later this year.

    And here’s that embarrassing miss

    No sooner had the digital ink dried on my forecast than news emerged of serious security flaws in some semiconductors made by companies like Intel and AMD. Dubbed Meltdown and Spectre, these affected billions of chips and effectively made it possible for hackers who’d already compromised computers to get access to secure portions of processors, where they could install malware or steal encryption keys.

    There’s since been a massive, and ongoing, effort to address the problem through software fixes and planned hardware changes, though new variants of the flaws keep popping up. Apologies for not seeing this scenario in our crystal ball. It’s a humbling reminder that when it comes to cybersecurity, the risks don’t just lurk in code.

    Couldn't get to Cambridge? We brought EmTech MIT to you!

    Watch session videos here
    More from Connectivity

    What it means to be constantly connected with each other and vast sources of information.

    Want more award-winning journalism? Subscribe and become an Insider.
    • Insider Plus {! insider.prices.plus !}* Best Value

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

      See details+

      Print + Digital Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

      Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

      10% Discount to MIT Technology Review events and MIT Press

      Ad-free website experience

    • Insider Basic {! insider.prices.basic !}*

      {! insider.display.menuOptionsLabel !}

      Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      Print Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

    • Insider Online Only {! insider.prices.online !}*

      {! insider.display.menuOptionsLabel !}

      Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

    /3
    You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.