Kaspersky Lab presents its predictions of threats in 2018: Internet criminals set back doors in external programs

In the coming year, the world is expected to witness the explosion of more secure programs by groups targeting more victims within a wider geographic range, making it difficult to observe attacks and hampering the ability of target companies to mitigate these attacks, according to Kaspersky Lab's forecast of targeted threats In 2018, which also shows an increase in other attacks that are difficult to stop, such as those that rely on sophisticated malware targeting mobile devices, as the attackers increasingly rely on new tricks to break targets are increasingly entrenched.

Company experts prepare these forecasts annually based on their research, experience and experience gained during the year. Kaspersky Lab added to its forecast for the year 2018 on threats of threats directed by the company's global research and analysis team, a set of special predictions on threats in a number of specialized industrial and technical fields.

The most important predictions of the threats in 2018
Attacks in 2017 such as Shadowpad and ExPetya, targeting major supply chains, have shown how easy it is to penetrate companies through third-party programs. This threat is expected to increase in 2018 as some of the world's most dangerous attackers adopt this approach as an alternative to placing dangers on Web sites and waiting for victims to come, or because their other attempts at penetration have failed.

"The attacks on supply chains have been able to cause nightmares as worrying as expected," said Huan Andres Guerrero-Sadie, head of security research at Kaspersky Lab's global research and analysis team. With increasing access to non-fortified software developers. Their attacks on supply chains will allow them to access several companies in the targeted sectors without being noticed by security officials or security solutions, "he said.

The most important predictions of threats are addressed in 2018
High - level malicious programs targeting mobile devices. Over the past two years, the security community has exposed sophisticated malicious programs that, when exploited in sabotage activities, have been a powerful weapon in the face of unprotected targets.
The devastating attacks will continue to increase. The attacks of Shamoon 2.0 and StoneDrill reported earlier this year, and the ExPetr / NotPetya attack in June, revealed an increased interest of attackers in data attacks.
Pre-emptive reconnaissance and classification operations to protect security capabilities of paramount importance to attackers. The attackers will spend more time in the survey and use rating equipment such as "BeEF" to determine the likelihood of resorting to low-cost waiting attacks.
Complex attacks will exploit the bridges between the operating system and firmware in the computer. UEFI is the software interface between firmware and operating system in modern computers. Kaspersky Lab expects more criminals to take advantage of the advanced capabilities of the extended firmware front end to produce malicious software that is activated before any security solutions, or even the operating system itself, are available.
More breakthroughs for Internet routers and modems. This area, known for its weakness and lack of immunization, has always been overlooked and overlooked as a tool for advanced attackers. Such devices provide an important input for attackers who are allowed to enter the network at length and without impact.
Kaspersky Lab's forecast of threats to industrial and technical companies aims to help sectors that are highly e-linked to understand and address security challenges over the next 12 months.

The most important threat forecasts for the specialized sectors in 2018
Connected vehicles are likely to face new threats due to increased complexity in supply chains, leading to a scenario in which no one party is fully familiar with all of the software codes in the vehicle, let alone controlled. This would make it easier for attackers to penetrate vehicle techniques without being detected.
Attacks aimed at penetrating the private networks of health-care providers can be targeted to target equipment and medical data, with the aim of extortion, sabotage or worse, as specialized medical equipment connected to computer networks grows.
In the financial services sector, increasing the security of online payments means that criminals will turn their attention to attacks on bank accounts. Industry estimates suggest that frauds of this type will amount to billions of dollars.
Security systems in industrial enterprises are likely to be at increased risk of targeted attacks targeting ransom. Operational technical systems are more fragile and vulnerable than corporate IT networks, and are often exposed to Internet risks.
Kaspersky Lab also expects to see targeted attacks targeting companies to install malicious miners, to steal encrypted currencies, and these attacks may become timely, profitable and rewarding in the long run more than ransom attacks..