Apologies in advance, but 2018 will probably be every bit as crummy as 2017. That’s the glum, but probably realistic, forecast of a report put out by McAfee Labs Wednesday morning.
In its report, the firm which was spun off by Intel (INTC) in April, expects continued risks from malware authors, phishing attackers, ransomware scams and even, perhaps, the companies selling smart home devices.
On the bright-ish side, McAfee’s report isn’t calling for a rise in attacks on newer online defenses like two-step verification or biometric unlocking for your mobile devices. Instead, we’re in store for more of the same annoyances.
Hackers aren’t the only ones that might be targeting you this year. (Image: U.S. Air Force photo/Airman 1st Class Aaron Stout)
Machine learning can make the bad guys more efficient too
McAfee’s report leads off by predicting that the same artificial-intelligence techniques used to guess what you want to read or buy will soon be pointed at you for offensive purposes.
For example, it suggests that machine learning could strengthen “social engineering” attacks that prey on people’s inclination to trust something that they think comes from a friend.
“We expect to see more advancements in the use of machine learning and analytics by attackers to accelerate and sharpen social engineering attacks — phishing, fraud, spyware, and scams — across more industry sectors than they can do today using manual reconnaissance techniques,” said McAfee Labs vice president Vincent Weafer.
But it’s not a one-sided fight. The companies trying to defend you online are using techniques to keep your data safe. Facebook (FB), for instance, already runs every login through a bunch of machine-learning algorithms to see if it falls outside your usual habits.
And there might even be an upside here. Malware authors will now have to worry about machines taking their jobs, just like everybody else.
Ransomware isn’t going away, but it may go away from you
McAfee’s researchers think that ransomware — when an attacker implants software on your device that encrypts your data and locks you out unless you pay a ransom — is becoming slightly less profitable.
“McAfee Labs saw total ransomware grow 56% over the past four quarters, but evidence from McAfee Advanced Threat Research indicates that the number of ransomware payments has declined over the last year,” the company stated in its report.
What’s next? Going where the money is. McAfee suggests we’ll see targeted actions to annoy or embarrass particular targets chosen for their bank accounts.
“We believe it more likely and more profitable for cybercriminals to place ransomware on a wealthy family’s thermostat in the dead of winter, than to set the homes of millions ablaze through their coffeemakers.”
The two biggest ransomware stories of 2017, however, involved neither demands for money nor targeting the comfortably rich. The WannaCry and Petya attacks subjected entire European countries to generalized irritation and worse as they locked up computers (many running the obsolete, insecure Windows XP) controlling everything from transit ticket-vending machines to hospital data systems.
McAfee’s researchers remain unclear who staged those attacks and for what end, but they do know this much: We’ll probably see insurance companies move into selling ransomware policies.
The continued privacy risks of “IoT” devices
The most depressing part of the report is the section — written with input from the Electronic Frontier Foundation, a digital-rights group — that warns that some of the bigger threats of 2018 may be the companies we’ve already given our data and money to. It takes particular aim at “Internet of Things” device manufacturers and the firms that provide services to those in-home gadgets.
“In 2018, connected home device manufacturers and service providers will seek to overcome thin operating margins by gathering more of our personal data — with or without our agreement — as we practically surrender the home to become a corporate virtual storefront,” the report warns.
A prediction that “a substantial number of corporations will break privacy laws, pay fines and still continue such practices, thinking they can do so profitably” is not unusual in privacy-activist circles. But I can’t remember when I last read something like that from an established, if not establishment firm like McAfee.
McAfee’s Weafer suggested that 2018 could be a pivotal year both in terms of customers waking up to that risk and in terms of governments moving to protect them. The catch: That regulation, the European Union’s sweeping General Data Protection Regulation, won’t do much for U.S. customers unless companies that have to revise products to comply with “GDPR” requirements elect to bring those changes to their U.S. customers too.
Otherwise, we’ll be stuck with the advice that appears near the end of the report, and which you may have seen so often you can recite it from memory: “Pay attention to what you buy and install, turn off unnecessary features, and change the default passwords to something much stronger!”
More from Rob: