A study in pessimism: cyberattack trends of 2017, and what’s to come in 2018

When it comes to discussion on cyberattack goings-on and what might be coming down the pipeline, you’ll often see some variation of the question will this year be any better? The short and sweet answer is no. Last year was 365 days of stunning cyberattacks aimed at victims big and small, and while 2018 might be a bit different, spoiler alert: it’s going to be bad too.


Here’s a look at three big trends from 2017, and what you can expect from 2018.

In 2017: the pros took back DDoS attacks

For a couple of years, distributed denial of service attacks seemed to be overtaken by amateurs. DDoS for hire services and their low-volume, short burst attacks were ruling the attack trends thanks to the myriad grudge-holders, angry gamers, disgruntled customers and bored troublemakers spending a few bucks to launch their little attacks and see how much trouble they could cause. That time has come, and it has gone.

In 2017 professional attackers got back in the game in a big way, blending multiple attack vectors for hard to stop assaults and even inventing a new attack method specifically intended to overwhelm appliance-first hybrid DDoS mitigation systems by using one botnet to hit one target after the other, eliminating the botnet warm-up period and immediately hitting networks with a clog-worthy 10+ Gbps. Welcome back, pros. Wonderful to see you working so hard.

In 2017: that Nigerian prince got really smart

Phishing used to be laughable, all caps attempts to get the most naïve people on the internet to throw their money away. The venerable Nigerian prince has been a punchline so many times that if he had a nickel for every bad joke someone told about him he’d never have to send an email again.

Then phishing morphed into spear phishing, which are incredibly targeted attacks that seek out specific organizations with exceedingly clever scams. Consider the case of the Canadian University scammed out of almost $12 million after someone impersonated a construction firm that had completed work on campus and asked to have their banking information changed for their next payments. The Nigerian prince isn’t so funny anymore, and not just because those jokes have been trotted out for roughly 12 years now.

In 2017: WannaCry gave itself the perfect name

Here’s a word that pretty much everyone learned in 2017: ransomware. The WannaCry attack was the first one to cause worldwide hysteria, locking up over 300,000 computers in 150 countries and holding some high-profile organizations hostage, including Britain’s National Health Service, Spain’s Telefonica, FedEx, and Nissan.

Then the Petya ransomware attack came along and pretty much did it all over again, right down to the high-profile victims: the NHS, Telefonica, FedEx and Nissan all went down again. If it ain’t broke, keep smashing the general public with ransomware.

Consulting the crystal ball

It might go without saying, but not here it won’t: those 2017 trends aren’t going to let up anytime soon, and this next year is going to be chock full of creatively devastating DDoS attacks courtesy of the people who make bank doing it, targeted spear phishing is going to keep hook-line-and-sinker-ing individuals and organizations all over the world, and each large-scale ransomware attack will be more sophisticated than the one that came before it with big names continuing to be ensnared in encryption chaos.

There’s more trouble than just continuations of 2017 trends on the horizon, however. The last year was a relatively quiet one from IoT botnets, compared to the Mirai-caused chaos of 2016, so odds are good that those million+ device IoT botnets are building up to something truly jaw-dropping in 2018. Whether it’s a new spate of record-breaking DDoS attacks that mess with our online necessities or one massive attack that causes a significant internet outage for much of the world, something wicked this way comes.

Further, cryptocurrencies have been commanding a ton of attention and becoming the hot new investment. With success comes a big fat bullseye however, so expect the various currencies to become even more targeted than they already are by hackers and DDoS attackers alike. If 2017 was the year of crypto hype, 2018 may well be the year of crypto hysteria.

Lastly, nation states (such as, say, Russia, China and North Korea) have only dipped their toes into the state-sponsored attack puddle, and since there is still no international agreement in place regarding cyberspace rules of engagement, there’s a good chance 2018 might see a few big bad actors making a huge state-sponsored cyberattack splash.

A utopian future

It would be great if what 2018 actually had in store was an investment in professional DDoS mitigation from websites and businesses the world over, thorough education on spear phishing risks, updated and patched operating systems that laugh in the face of ransomware attempts, secured IoT devices, ramped up cybersecurity and DDoS protection in the cryptocurrency industry, and a productive international discussion on what needs to be done about cyberwarfare. However, it would also be unbelievable.


Related Articles