Contributed By


Norman Guadagno

Chief Evangelist at Carbonite

View Profile

3 Ways Cyber-attacks Are Set to Evolve in 2018

February 26, 2018

In the year ahead, companies and IT professionals need to adapt their defenses and better understand innovations in endpoint security.

The IT security landscape is evolving at breakneck speed. With new threats and vulnerabilities appearing everyday it’s easy to get stuck in firefighting mode—and that’s a problem. Now more than ever companies need to be proactive when it comes to evaluating and making strategic changes to their security. If you’re not evolving at the same pace as the threats, your risk goes up exponentially.

To help IT leaders make more strategic, forward-thinking decisions about their security, the team at Barkly identified three key trends that explain how malware is evolving. These trends highlight several important shifts in attack techniques that every organization needs to be ready for in 2018.

1. Fewer attacks rely on user mistakes

Ask any IT professional what their company’s most persistent liability is, and the answer will be “end users.” Long described as “the weakest link in security,” end users are constant targets of malware campaigns designed to trick them into downloading malicious email attachments or visiting compromised websites.

Organizations know this and have strengthened their email security accordingly. Many have also increased investment in security awareness training to reduce the likelihood of mistakes. When you look at infection trends across 2017, however, it becomes clear that many attacks—including WannaCry and NotPetya, two of the year’s largest outbreaks—didn’t rely on tricking end users. They took a more direct approach to compromising organizations by exploiting shared access points like Microsoft’s Server Message Block (SMB) and Remote Desktop Protocol (RDP) that had been left open and exposed.

In 2018, we expect attackers will continue to target unsecured RDP and SMB ports and leverage other “clickless” ways of infecting organizations. That's why IT professionals should make every effort to identify and secure open ports.

2. Attackers use organizations’ tools against them

One of the most troubling trends we saw in 2017 was an increase in attackers who abuse otherwise legitimate system tools and processes already present within IT systems. Often referred to as “living off the land,” hijacking these tools makes attacks extremely difficult for antivirus solutions to detect.

NotPetya was a high-profile example of an attack that leveraged this tactic. While the initial infection was triggered when users installed an update for Ukrainian accounting software, it spread using PSExec and Windows Management Instrumentation (WMI)—two legitimate Windows tools widely used by system administrators. The virus spread quickly across victims' networks because these tools do not typically raise red flags.

Other examples of legitimate system tools that are being increasingly hijacked by attackers include PowerShell, Windows Credentials Editor, and Group Policy Objects, just to name a few. While these administration tools are very useful for managing large networks, they also pose a very real security risk.

IT professionals can mitigate that risk by disabling or restricting unused tools. It’s also critical for them to use endpoint security that isn’t completely reliant on file scanning or whitelisting since these fileless attack techniques can easily bypass such defenses.

3. Attacks are designed to spread automatically

Last year, we also saw a resurgence in attacks leveraging worm components to transform single infections into network-crippling events. The WannaCry ransomware outbreak was the most prominent example, spreading to an estimated 400,000 computers in more than 150 countries. That success has since inspired other malware authors to add worm components, and unfortunately there are now plug-and-play options that make carrying out attacks easier than ever.

This development demands a shift in how IT professionals view attacks. It’s no longer about the risk of a single employee infecting a single machine. One infected machine can now be a catalyst for a larger outbreak that takes down internal and external networks.

To help reduce the risk of worms, IT professionals need to prioritize blocking these kinds of attacks at the outset, before infections have the chance to spread.

Advice for 2018: Evolve your security

In the year ahead, hackers will find new ways to leverage these three trends in even more powerful attacks. To fight back, companies need to adapt their defenses. In addition to having a reliable backup and recovery strategy, IT professionals need to take advantage of innovations in endpoint security that allows new solutions to actively learn and adapt the protection they provide on a nightly basis as new malware is discovered.

As we gear up for another year filled with new threats and new challenges, we know attackers won’t be adhering to the status quo. Organizations need to be ready to adapt on the fly and make changes to their security stacks accordingly.

This article originally appeared on Carbonite.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up


Join the Discussion

300 Characters Left

To Comment either Register or Login:


To view the rules of engagement for commenting on Comcast Community click here


Resource Center

Why Comcast
Comcast Business delivers fast, reliable networking solutions built for business performance and growth

Current Offers
Take advantage of our limited time offers with a customized plan built to give your business an edge over competitors

Community Forums
Find solutions, share knowledge and get answers from customers and experts

Help & Support
Get help and support from Comcast experts

Resource Library
Find out how Comcast has helped clients like you meet their needs with informative White Papers, Case Studies and more

Internet Speed Test
Try the Comcast Business Internet Speed Test to see how your business stacks up

Social Media
Connect with Comcast and join the conversation on LinkedIn, Twitter, and Facebook

Take your business beyond

Fast is the nation's largest Gig-speed network. Beyond Fast is technology that helps business boom.
Learn more about Comcast Business solutions that can help your business perform better.