While the internet has undoubtedly brought many benefits, it has also created new problems as cybercriminals seek to exploit our seemingly ever-increasing dependence on information systems. From phishing emails, malware and ransomware, to stealing your bank details, passwords and other personal information, the internet has indeed provided malicious hackers with new ways to make money and cause disruption.
Just look, for example, at how critical infrastructure, schools and hospitals have been hit by cyberattacks. And while we haven’t yet fully secured networks against today’s threats, technology is still advancing, bringing new threats that we must prepare for in one way or another.
Quantum computing: cracking and mining cryptocurrencies
One of the biggest technological breakthroughs to come is quantum computing. The latter promises to be able to quickly solve complex problems that have failed conventional computers. While this breakthrough will bring benefits to scientific research and society, it will also create new challenges.
In particular, the power of quantum computing could quickly crack the encryption algorithms we’ve used for decades to secure a range of areas, including online banking, secure communications and digital signatures.
Currently, quantum computing is expensive and the expertise needed to develop it is reserved for large tech companies, research institutes and governments. But, like any innovative technology, it will eventually become more commercially available and easier to access. Cybercriminals will therefore seek to take advantage of this.
Major threat
“Quantum computing will be able to break current encryption algorithms,” predicts Martin Lee, Technical Manager of Security Research at Cisco Talos. “What was a perfectly adequate encryption key length 20 years ago is no longer so. The US Cybersecurity Agency (CISA) has previously warned that action must be taken now to help protect networks from cyberattacks powered by quantum computing.
But if cyberattacks fueled by quantum computing pose a major threat, quantum computers themselves could be a lucrative target. Take the example of cryptominers, the malware installed to secretly use a victim’s computing power to mine cryptocurrencies.
If cybercriminals managed to install cryptominers on quantum computers, they could become very rich very quickly. The complex mathematical problems faced by miners of cryptocurrencies, such as bitcoin, would be relatively trivial for a network of quantum computers. “Infecting a quantum computer would allow the calculation of very complex algorithms,” says David Sancho, senior antivirus researcher at Trend Micro.
Leverage artificial intelligence and machine learning
Quantum computing isn’t the only emerging technology that cybercriminals will be looking to take advantage of. We can expect them to leverage developments in artificial intelligence (AI) and machine learning as well. Like quantum computing, these new technologies are expected to enable innovation in many areas, including robotics and self-driving cars, voice recognition and healthcare.
Once AI-related technologies become more widely available, it will only be a matter of time before cybercriminals use it for their cyberattacks. “We will start to see fully automated malware campaigns, ransomware operations and phishing campaigns. It hasn’t been done yet, but it won’t be very difficult to achieve,” warns Mikko Hyppönen, director of research at WithSecure.
AI to the rescue of grazers
For example, one way to exploit this technology would be to program a text generation algorithm to handle spam campaigns. Cybercriminals could rely on an algorithm that can analyze responses that are most likely to fall for the trap, rather than responding to targets that send bogus messages back to the spammer. This reality means that in the future, you could be scammed by a robot.
It’s also possible that cybercriminals are using advances in machine learning to develop intelligent, self-programmed malware that, instead of needing a developer to back it up, could update itself by automatically reacting to cyber defenses they meet to have the chances of being the most effective.
“One could imagine that self-programming programs would become more efficient than at present”, explains Mikko Hyppönen. This technology applied to ransomware could lead to “undetectable versions”. “It’s all technically feasible, we just haven’t seen it yet, but I think we will,” he warns.
Deepfakes
This misuse of artificial intelligence is already a reality with deepfakes, these fake videos. These deep fakes have already been used in disinformation campaigns. But they are also used in malicious campaigns, for example in audio form, to convince employees to make large financial transfers. “We are entering a new world, that of fake videos that will be used to commit crimes,” said Theresa Payton, CEO of Fortalice Solutions and former director of information systems for the White House.
Take the example of leaders who are in contact with the public. They appear on television, they give speeches and there are videos of them online. It is therefore relatively easy to find recordings of their voices. A scammer may already be attempting to use these resources to impersonate their voice in a deepfake. After all, if an employee gets a call from their boss asking them to do something, chances are they will do it. The cybercriminals behind these attacks know this well.
“I already know of three cases where deepfake audio was used to convince someone to make a fraudulent transfer,” says Theresa Payton. And as deepfake technology improves, that means it’s going to get harder and harder to tell right from wrong. “I am increasingly concerned about our powerlessness to end these manipulation campaigns,” she adds.
The Internet of Things
Similarly, the Internet of Things is particularly worrying in this respect. These devices are becoming an increasingly important part of our lives, with a variety of sensors, devices, and other connected products being used in homes, offices, factories, and more. This increases the attack surface that cybercriminals can attempt to exploit.
“When you add connectivity to everyday devices, they become hackable,” says Mikko Hyppönen. From your television to your toothbrush, everything could now be connected to the internet. But for appliance manufacturers, the Internet of Things is relatively new. And many of these industrialists never really needed to think about cybersecurity threats.
Some vendors may not even include this thinking in their design process. If IoT security should (hopefully) improve over time, there is another issue to consider. There are already millions upon millions of devices that are insecure and may not even get security updates.
The update problem
Think of how many smartphones don’t get security updates after just a few years. What will happen with appliances that are not replaced regularly, such as a refrigerator or a car, and which are used for decades? “No software vendor would support software written 20 years ago,” says Mikko Hyppönen, who suggests that manufacturers should open up the source code of their devices to make it easier to manage these updates.
Connected devices are already becoming ubiquitous in society, and there is no sign of this trend slowing down. If hackers attack your coffee machine or your aquarium, it may seem harmless. But this medium can then be used to attack larger devices and sensitive data.
The smart city will also become the norm. But without cybersecurity, the consequences could be dramatic. “You will have attacks happening on a scale and at a speed you’ve never seen before, it’s incredibly worrying,” warns Theresa Payton, who thinks it’s only a matter of time before ransomware attack hijacks a smart city.
An arms race
Despite these potential threats looming, Theresa Payton is optimistic about the future of the internet. If cybercriminals will use new technologies to improve their attacks, defense will also deploy these same technologies to help prevent these attacks. “I’m very excited about our ability to model malicious behavior and then use artificial intelligence, big data and machine learning algorithms to counter it,” she says.
Admittedly, she recalls, “cybercriminals always adapt. But I’m very optimistic that we can block more basic or medium-intensity threats.” This optimism is shared by Mikko Hyppönen. He believes that cybersecurity is improving, and while new technologies are on the horizon, that doesn’t mean cybercriminals and other malicious hackers will have it easy.
“Computer security has never been in better shape than it is today. It’s a controversial comment – the general public would most likely think that data security has never been worse, because all they see is failures and headlines about yet another hack,” he says. “But if you compare the security of our computers today to that of 10 years ago, it’s day and night. We’re getting a lot better at security, and it’s a lot harder for attackers to break through. »
Let’s hope it stays that way, because the future stability of the internet depends on it.
Source: ZDNet.com