ZeroFox’s 2018 Predictions: InfoSec, Marketing and the C-Suite

CISOs and Information Security Teams

Zack Allen, Director of Threat Research & Phill Tully, Principal Data Scientist

Entry-level employees will become a bigger target for attackers in 2018, especially via social media attacks.

We’ve seen many celebrities, government officials and other high-profile individuals fall victim to social media attacks in 2017. In 2018, we can expect more adversaries to set their sights on entry-level employees that have privileged access to sensitive company data, such as researchers, admins and IT employees. Adversaries are increasingly leveraging automation and AI, and going after lower-hanging fruit at scale will become trivial. As long as the attack methods are proving successful, they will leverage those tactics en masse to target vulnerable, unsecured, down-market accounts. Attacks will continue to plague well-known targets, but adversaries will increase their focus on low-profile individuals that have access to valuable data.

Social media account impersonations will take a backseat to actual account takeovers in 2018.

We’re expecting this to be the biggest trend in 2018. Social media allows any individual to blast out unfiltered messages, giving them a global platform that’s already reaching 330 million monthly active users. As politicians and other high-profile individuals increasingly use social media as a platform to push their agenda to the masses, they are putting themselves directly in line for malicious actors to conduct an account takeover. For instance, if President Trump’s account falls into the wrong hands, malicious actors could send out a fake tweet that impacts the stock market, threatens national security or possibly prompts foreign military action. The new 280-character Tweet limit gives hackers even more space to get their message across.

Artificial intelligence will become a bigger asset in hackers’ toolboxes.

AI and machine learning technologies will diversify hackers’ arsenal so that they can create more sophisticated attacks. As seen in several attacks this year, notably WannaCry, attackers can leverage publicly available tools to programmatically spread attacks at scale. Social media, as an open platform, is the ideal channel to launch automated, viral attacks. Hackers no longer need years of extensive experience to launch sophisticated AI/machine learning attacks. It’s becoming significantly cheaper to assemble the necessary tools to develop these models, and given the quick, inexpensive nature of orchestrating these malicious campaigns on social media, hackers will be more drawn to this channel than ever before.

Two-factor authentication will no longer cut it when it comes to protection.

Even with 2FA enabled, several well-known organizations fell victim to attacks in 2017 (notably hundreds of account were compromised earlier in 2017 via TwitterCounter, a third party app). Many cybersecurity firms have been touting 2FA as the end-all-be-all for basic security, but adversaries are finding a way around this protection method through the incorporation of artificial intelligence, machine learning and more. It’s time to start thinking beyond this layer and start considering what’s next for safeguarding our systems. Organizations will begin adopting automated tools to analyze their social media presence for threats and suspicious behavior, just as they do now on their own network. Moreover, the traditional method of employee training will become even more crucial for organizations. When every employee has a half-dozen different social media accounts (read: endpoint for social engineering and spear phishing), organizations will fall back on this age-old tactic to keep their employees from getting attacked on social media.

CMOs, Marketing and Brand Protection Teams

Sara Ayoub, Senior Director of Marketing

The CMO and CISO will forge a unique alliance in 2018.

Departments within the modern enterprise can no longer work in silos when it comes to dealing with cybersecurity issues. Cybersecurity must be addressed holistically, considering it’s no longer a matter of “if” a company will be breached, but rather "when." While it’s up to the CISO to be employing a company-wide defense plan, the CMO is responsible for developing an outward-facing response in the event that their organization is breached. When a cyberattack occurs, brand reputation incurs one of the biggest fallouts. The CMO and CISO must work collaboratively in 2018 to both protect the company and prepare for inevitable social media protection issues.

Brand impersonations will run rampant in 2018.

As marketers work tirelessly to build up a coveted audience of loyal followers and customers on social media, adversaries are tracking this activity and targeting these successful organizations to conduct impersonation attempts. Brand impersonation accounts are easy to create and attackers can immediately select targets from the list of users who follow or engage with the account. From fake coupons to money-flipping scams to fraudulent technical support offers, account fraud will become an even more common issue in 2018, and marketers, working to protect their brand's reputation, must identify, report and remediate these fraudsters.

Programmatic access to social networks will make scammers & cybercriminals jobs even easier in 2018.

Programmatic access to social networks has been a boon for marketers. However, scammers and cybercriminals have also begun to leverage this automations in the past to attack valuable customers at scale. In 2018, automation will expand to be a key tool in the scammer’s arsenal for attacking brands and their customers at scale.

C-Suite and Board of Directors

James C. Foster, CEO and Founder

2018 will be the year that the CFO finally feels the pressure of internal cybersecurity discussions and issues.

Typically, it’s been the CISOs and CIOs who are taking the blame for inadequate risk management practices, but we’re starting to see how severely underfunded these departments really are. If CFOs aren’t willing to take the responsibility and reprioritize company funds, they may find themselves looking for new jobs by the end of the year.

Social media will be the number one vehicle for ransomware distribution in 2018.

Currently, there are nearly one million social media accounts compromised every day, and that number will continue to rise thanks to the plethora or easily identifiable targets. With new channels comes new costs: the average cost of a ransomware ticket will go up 50 percent next year. These actors see that organizations are willing to pay the ransom, so they’ve upped their asking price. And while organizations may be paying a higher ransom, the cost of these attacks are going down due to artificial intelligence tools making these campaigns infinitely easier to carry out.

More targeted social media attacks will occur against public sector organizations leading up to mid-term elections this year.

Social media has increasingly become a channel for public organizations to connect with their constituents, making it a prime target - particularly for bot attacks. Bots are being used by actors to create discord, distribute cybercrime at scale, and disseminate political messaging. The 2016 elections are over, but we’re aren’t out of the woods.

Snapchat will become a threat vector in 2018.

Snapchat has made huge investments in advertising this year, which also means they’ve taken huge steps to put themselves in the line of fire for cyberattacks. Where there’s money changing hands, there are cybercriminals trying to and exploit it. Even though enterprises are still in the early stages of adopting Snapchat, they need to prepare for this rise in Snapchat targeted attacks.

CEOs will held accountable for security budgeting.

CEOs need to understand and be held more accountable for how security is funded within a company. Today, they are leaving that responsibility largely in the hands of their CISO and CIO, but that’s resulting in a lopsided approach to holistic security. CEOs need to expand their knowledge of cybersecurity services and funding so they can align the C-Suite on priorities. Additionally, CEOs need to examine their competitors who’ve been hit with cybersecurity attacks and recognize if they share the same vulnerabilities.