Security professionals the world over are not pleased. Cyber-criminals are winning the war, and current resources are strained to the limit, with no expectations that renewed forces will be enjoined in the battle. Yes, much of the goings on are at the corporate or banking level, but a few outliers in the crime world are continuing to prey upon a host of uninformed individuals. At this stage of the game, there is low hanging fruit in every area. The only savings grace, according to Abraham Lincoln, is that, “The best thing about the future is that it comes one day at a time.”
Last year at this time, we presented a two-part series that summarized the key fraud concerns in our industry, expressed by the ones in the know – the security professionals that must deal on the front lines with every type of scheme developed by organized crime. Here is the short list from a year ago:
#1 – Industry revenues are contracting with uncertainty looming.
#2 – The Binary Option industry is under attack for shady business practices.
#3 – Current fraud trends will continue: Ponzi, Clones, and all manner of scams.
#4 – Cyber criminals will gain more momentum in all markets.
#5 – Regulatory broadsides will reshape industry dynamics.
#6 – Moves to convert forex to regulated exchanges will gain more support.
#7 – Industry consolidation will be commonplace.
As we wrote a year ago, “The basic message was that 2017 would be filled with surprises. Many of the prevalent risk and fraud schemes would continue, morphing into new varieties as the year progressed, while new entrants provided additional twists and turns. Risk never sleeps, nor does organized crime in its pursuit of your hard-earned cash. Preparedness and prevention begin with awareness. Be wary of unwarranted solicitations of any kind from any source. Continually monitor your broker’s performance and prepare to switch if things become dicey.”
What should be fearful of in the coming year? Once again, not much has changed, year over year: “Protecting customer trading accounts will be a high priority for all brokerages in 2018, but this threat is just the tip of the iceberg. Our industry is overly complex, using cutting edge technology to deliver its value proposition. Toss in a hefty bit of innovation, accompanied by competition and financial pressure, and you have a perfect backdrop for organized crime to enter stage left. Crooks also invest heavily in technology and continually search for weaknesses in firewalls and operating systems. When change and uncertainty define the marketplace, crooks have greater latitude for plying their trades.”
What is the preliminary picture for 2018 that security professionals are painting?
As one peruses the various predictions that major security firms are publishing free of charge, the need to understand industry jargon comes to the forefront. We have all heard of Mal-Bots and Ransomware, but have you heard the term “Internet of Things” or “IoT” for short? Here is a very simplified definition: “Internet of Things (IoT) is simply the network of interconnected things/devices which are embedded with sensors, software, network connectivity and necessary electronics that enables them to collect and exchange data making them responsive.”
For example, your smart phone is just such a device, and it will quickly become the new target for hacking for gain in 2018 and beyond. Much of this infrastructure is driven or managed by clever sub-programs that utilize Artificial Intelligence (AI) to detect trends, anticipate necessary intervention tactics, and react in a proactive manner to stymie fraud at the outset. If the criminal element can re-direct these activities for their own purposes, then our protective shields can be mobilized against our best interests. This type of attack causes the folks that follow risk to lose sleep at night.
Why is it important to follow what security professionals are saying about trends in their industry? Knowledge and awareness go hand in hand and are the only way that anyone can build suitable defenses ahead of time. Much of this information is presented for free on the Internet and comprises a wealth of wisdom that may save the day, if you would only heed their warnings. The names of these firms will not be strange to you: McAfee, Symantec, IBM, Gartner, and Forrester. There are also a few heavyweights that you may not have heard of like Trend Micro, Watchguard Technologies, and Webroot, to name a few. For your benefit, we will summarize their best guesses for the year ahead:
1) An adversarial machine learning “arms race” between attackers and defenders;
2) Ransomware to evolve from traditional PC extortion to IoT, high net-worth users, and corporate disruption;
3) Server-less Apps to create attack opportunities targeting privileges, app dependencies, and data transfers;
4) Connected home devices to surrender consumer privacy to corporate marketers;
5) Consumer apps collection of children’s content to pose long-term reputation risk.
1) Blockchain Will Find Uses Outside Of Cryptocurrencies But Cyber criminals Will Focus On Coins and Exchanges;
2) Cyber Criminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) to Conduct Attacks;
3) Supply Chain Attacks Will Become Mainstream;
4) File-less and File-light Malware Will Explode;
5) Organizations Will Still Struggle With Security-as-a-Service (SaaS) Security;
6) Organizations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security — More Breaches Due to Error, Compromise & Design;
7) Financial Trojans Will Still Account for More Losses Than Ransomware;
8) Expensive Home Devices Will Be Held to Ransom;
9) IoT Devices Will Be Hijacked and Used in DDoS Attacks;
10) IoT Devices Will Provide Persistent Access to Home Networks.
1) AI Versus AI;
2) Africa Emerges as a New Area for Threat Actors and Targets;
3) Identity Crisis;
4) Ransomware Locks Up IoT Devices.
1) By yearend 2020, the bank industry will derive 1 billion dollars of business value from the use of blockchain-based cryptocurrencies.
2) Through 2022, half of all security budgets for IoT will go to fault remediation, recalls, and safety failures, rather than to protection.
3) Most organizations don’t have a budget for IoT security now, but they will need to add one.
4) IoT security incidents will make the nightly news.
5) Through 2021, AI-driven creation of “counterfeit reality,” or fake content, will outpace AI’s ability to detect it, fomenting digital distrust.
6) Worldwide enterprise security spending will rise 8 percent in 2018 to $96.3 billion.
1) Governments will no longer be the sole providers of reliable, verified identities;
2) More IoT attacks will be motivated by financial gain than chaos;
3) Cybercriminals will use ransomware to shut down point of sale systems;
4) Cybercriminals will attempt to undermine the integrity of US 2018 midterm elections;
5) Blockchain will overtake AI in VC funding and security vendor road maps;
6) Firms too aggressively hunting insider threats will face lawsuits and GDPR fines.
1) In 2018, digital extortion will be at the core of most cybercriminals’ business model and will propel them into other schemes that will get their hands on potentially hefty payouts.
2) The ransomware business model will still be a cybercrime mainstay in 2018, while other forms of digital extortion will gain more ground.
3) Cybercriminals will explore new ways to abuse IoT devices for their own gain.
4) Global losses from Business Email Compromise scams will exceed US$9 billion in 2018.
5) Cyberpropaganda campaigns will be refined using tried-and-tested techniques from past spam campaigns.
6) Threat actors will ride on machine learning and blockchain technologies to expand their evasion techniques.
7) Many companies will take definitive actions on the General Data Protection Regulation (GDPR) only when the first high-profile lawsuit is filed.
8) Enterprise applications and platforms will be at risk of manipulation and vulnerabilities.
1) Cryptocurrency Crash;
2) Wi-Fi Hacking;
3) Increased Adoption of Corporate Cyber Insurance;
4) IoT Botnets Force New Regulations;
5) Linux Attacks Will Double;
6) Multi-factor Authentication;
7) Hack Election Machines.
1) Backups will not prove enough to stop ransomware as hackers find ways to subvert this strategy.
2) Consumer fightback — 2018 will see major a major backlash (maybe class action lawsuits) from consumers, requiring more regulations around data protection especially in the U.S.
3) An increase in nation state cybersecurity breach activity as “cold war” like activity continues to escalate. Where countries and organizations (e.g., ISIS) will actually invest more into both defensive and offensive tech and skills to gain access to information that can be leveraged in numerous ways.
4) Discoveries of election meddling and social media tweaking will be an economic drag on some of the biggest tech giants in the industry — and be cause for further scrutiny on securing devices, networks, and communications channels and verifying identity.
5) State-sponsored service breach of critical infrastructure leading to loss of life and an extended timeframe to return to normal operations.
There are many smaller boutique firms that were not presented in this article, but the themes that were most repeated have to do with Ransomeware, AI, mal-bots, and attacks directed at the entire infrastructure of IoT. Blockchain technology may be the current rage, as are crypto-currencies, but wherever there is obsessive popularity, accompanied by a concentration of financial interests, you can bet that strategic planners for organized crime are salivating over the opportunities and reacting accordingly.
Simply put, 2018 will be more of the same, as in 2017, but with a greater vengeance, if you will. Our counsel is the same: Security professionals have always counseled us that fraud can never be completely eliminated. The best you can hope for is to maintain it at a low and acceptable level, but every participating component in the forex industry must work in tandem, if this goal is to be achieved. Crooks are always probing for the weak links in the chain, so to speak. Is your broker focused on the latest fraud prevention techniques? Are you aware of how easily your personal identity information can be compromised or how quickly your account balances could be depleted?
Although a few of the schemes that we have highlighted may seem distant or only designed to target someone else or some other business entity, you can be sure that quite a few enterprising crooks with criminal intent will figure out a way to modify these cyber tricks to reap fortunes from an unwitting public. Always remember that awareness is the first step toward fraud prevention. To be forewarned is to be forearmed, and to repeat another oft-quoted phrase from Abraham Lincoln, “The best way to predict your future is to create it.”
Take our advice: Be knowledgeable, stay vigilant, and do not become a victim!
Read more forex news and tips.