(by Massimiliano D'Elia) The hacker attacks of 2017 seem to have come out of an American action and espionage film. If 2017 was notable for the escalation and proliferation of cyberattacks, everyone is wondering what will happen in 2018?
The so-called WannaCry attack in May was the beginning of the fear of massive and large-scale attacks.
The idea that we could see hackers - possibly related to Russia - steal the American's National Security Agency code, publish it, and then have North Korean hackers reuse it before using it to delete a significant portion of the National Health database British service, it would seem science fiction, but it happened.
WannaCry's most credited hypothesis is that the attack was actually a money-making scheme that went wrong, spread much faster than expected, and set the scene for hackers.
It showed how ransomware - by blocking a machine - could be used as a weapon, and come to think of it, how vulnerable many parts of our society are to this type of threat.
The fear for the future is that WannaCry's example can be replicated on a large scale towards increasingly sophisticated organizations with the inevitable trade in data for criminal purposes.
After WannaCry, the other high-profile attack came the following month.
NotPetya hijacked the update service of a Ukrainian tax software company that was to be used by anyone doing business in the country, then spread through corporate networks, blocking computers with ransomware again. The goal here was to interrupt, rather than make money, since the key to decrypt the files was not even accessible.
Consequences of the real world
It soon became clear that any company with a branch or office connected to Ukraine could be hit, and the attack spread far and wide, with estimated business losses amounting to hundreds of millions of dollars.
This attack was attributed to the Russians who previously also targeted a power plant which was then taken offline.
Cybersecurity expert Sean Kanuck also points out that the US Security and Exchange Commission hacking was another big event, due to the ability to use information for insider trading and market manipulation.
Capacity proliferation
Chinese cyber intrusions against the United States declined after a deal made by the Obama administration, although an attack on technology service providers called the Cloud Hopper and linked to China was underestimated given how well it was able to take advantage of access to many other companies.
Threat monitoring intelligence agencies say they have seen an increase in activity from Iran and warn it may be the country to watch in 2018. He was blamed for a British Parliament attack this year, which had compromised off-line systems for system maintenance, and there have been concerns about even more serious destructive attacks.
Geopolitics is closely linked to cyber behavior
The worsening of tensions with North Korea could lead to more cyber activities.
“The financial sector - in particular equity markets, large corporations - and energy infrastructure will be possible targets, says Cameron Colquhoun, of Neon Century Intelligence, in a BBC article.
North Korea "hacked South Korea's cryptocurrency. The deteriorating regional situation in the Middle East and the potential end of the Iranian nuclear deal could also lead Tehran to do more, and analysts have seen Iran-related actors. exploring critical infrastructure.
FireEye says it has seen activity increase recently from two different Iranian-linked hacker groups (known as APT 33 and 34) with possible reconnaissance in the finance, energy and telecommunications sectors.
More generally, a number of countries in the Middle East, including Qatar, the United Arab Emirates and Saudi Arabia, may be more willing to engage in varying levels of cyberattack as they develop their capabilities.
The use of cyber-hacking for political interference has also undergone significant development
USA: Information was leaked at the headquarters of the Democratic Party of the United States and some Hillary Clinton officials in 2016.
Russia: as if it were a "cloud" on Trump's White House, an investigation called Rissiagate, on possible interference on the presidential elections.
France: The Macron campaign in France saw similar activity in 2017.
England: In her speech at the Mansion House in November, British Prime Minister Theresa May also warned that Russia was "trying to arm information", although so far the evidence of Russian interference in the UK is more limited and Russia has denied all allegations of interference and cyber-hacking.
And in December, Foreign Secretary Boris Johnson and his Russian counterpart Sergei Lavrov clashed in Moscow for alleged Russian cyber attacks against Western countries.
The issue of political interference also marked a change in understanding that cyber is not just about cyber.
In the case of America, information from the DNC - the Democratic Party's governing body - was hacked and then disseminated through a variety of channels and disseminated through social media.
In other words, the hacking element was only part of a larger operation.
The approach to cyber security is in limited risk of losing the extent to which Russia, in particular, has integrated it into a wider range of activities, which often fall into the category of "hybrid warfare".
This is part of a broader trend to use information as a weapon. And they are not just states.
Infrastructure at risk
Companies and non-state actors are increasingly seeking to steal data and release or model information flows to adapt them to their programs (or sometimes just to make money by shifting financial market attention).
The problem here is the manipulation of the flow of information, of which “cyber-security” is only one aspect.
The fear is that the escalation trend of destructive attacks - and a proliferation of those who are able to carry them out - could create serious security problems for entire countries and continents. In particular, there may be more targeting of critical infrastructure.
In the past, most attacks were concentrated in pre-positioning malicious code so that we could carry out an attack in the future, but now we can suffer real-time attacks on strategic centers such as telecommunications, airports and power plants.
Cyber attacks are becoming a topic of foreign and defense policy and are increasingly used in an aggressive and concrete way. With no signs of wanting to set agreed-upon norms about what is - or isn't - acceptable behavior in cyberspace, get ready for even more dramatic surprises in the year 2018.