Supply Chain Management

Supply Chain Management (SCM) Software, Supply Chain Optimisation, Supply Chain Execution, hardware transport, supply-chain, distribution software, freight software and load planning in manufacturing and supply chain applications.

Supply chain nightmare: Kaspersky Lab’s Threat Predictions for 2018

16-Nov-2017
Supply chain nightmare: Kaspersky Lab’s Threat Predictions for 2018
In the coming year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate, according to Kaspersky Lab’s Targeted Threat Predictions for 2018. Other hard-to-block attacks, such as those involving high-end mobile malware are also set to rise as attackers resort to new tricks to breach increasingly well protected targets.

The annual predictions are prepared by the company’s experts, drawing on the research and experience gained over the course of the year. For 2018, Kaspersky Lab has complemented the targeted threat predictions prepared by the Global Research and Analysis Team with a series of industry and technology threat predictions.

Top advanced targeted threat predictions for 2018
In 2017, supply chain attacks such as Shadowpad and ExPetya showed how easily third party software could be used to gain entry into enterprises. This threat is expected to increase in 2018 as some of the world’s most dangerous threat actors start adopting the approach as an alternative to watering hole techniques or because other attempts to break in have failed.

“Supply chain attacks have proven every bit as nightmarish as we had previously theorised. As advanced threat actors continue to gain access to vulnerable development companies, back-dooring of popular or regionally popular software will become an increasingly desirable attack vector. Supply chain attacks will allow attackers to successfully gain access to multiple enterprises in target sectors while flying under the radar of system administrators and security solutions alike,” said Juan Andrés Guerrero-Saade, Principal Security Researcher, Global Research and Analysis Team.

Other targeted threat predictions for 2018 include:
  • More high-end mobile malware. Over the last couple of years, the security community has uncovered advanced mobile malware which, when combined with exploits constitute a powerful weapon against which there is little protection. 
  • Destructive attacks will continue to rise. The Shamoon 2.0 and StoneDrill attacks reported in early 2017 and the June ExPetr/NotPetya attack revealed a growing enthusiasm for destructive wiper attacks. 
  • More attacks will lead with reconnaissance and profiling to protect attackers’ most precious exploits. Attackers will spend more time on reconnaissance and using profiling toolkits such as ‘BeEF’ to determine if a less-costly, non-zero day exploit will do. 
  • Sophisticated attacks will be found exploiting the bridge between the OS and firmware. The Unified Extensible Firmware Interface (UEFI) is the software interface between the firmware and the OS on modern PCs. Kaspersky Lab expects more threat actors will make use of UEFI’s highly advanced capabilities to create malware that can be launched before any anti-malware solution, or even the OS itself, has had a chance to start. 
  • More router and modem hacks. This well-known area of vulnerability has been largely ignored as a tool for advanced targeted attackers. They sit at a critical juncture for an attacker intent on gaining persistent and stealthy access to a network, and could even allow an attacker to hide their trail. 

Alongside these advanced threat predictions, Kaspersky Lab’s industry and technology threat predictions aim to help some of the most connected sectors understand and prepare for the security challenges they could face over the coming 12 months.

Top industry threat predictions for 2018 include
  • Connected vehicles are likely to face new threats as a result of growing supply chain complexity leading to a scenario where no one player has visibility of, let alone control over, all of a vehicle’s source code. This could make it easier for attackers to break in and bypass detection. 
  • In healthcare, attacks breaching private networks to target medical equipment and data with the aim of extortion, malicious disruption or worse, could rise as the volume of specialist medical equipment connected to computer networks grows. 
  • In financial services, the increased security of online payments means that fraudsters will turn their attention to account takeover attacks. Industry estimates suggest fraud of this type will run into billions of dollars. 
  • Industrial security systems are likely to be at increased risk of targeted ransomware attacks. Operational technology systems are more vulnerable than corporate IT networks, and are often exposed to the Internet. 
  • Kaspersky Lab also expects to see targeted attacks on companies for the purpose of installing cryptocurrency miners – and in time this could become a more lucrative, long term business proposition than ransomware.


The full Kaspersky Lab Threat Predictions for 2018 are available on Securelist.

SAP Drives IoT Adoption with Global Partner Network
8 hours ago
Gartner Says Global IT Spending to Reach $3.7 Trillion in 2018
1 day ago
Digital supply chains mean better planning for large-scale projects
1 day ago
Transportation Insight Entrenches Position as Top Green Supply Chain Solutions Provider
2 days ago
Chemical Suppliers Recognize Financial Rewards of Digitization Efforts with Trading Partners
6 days ago
Apex to showcase a full range of self-serve automation solutions at IntralogisteX 2018
1 week ago
Iptor teams up with IBM to deliver services and cloud offerings
1 week ago
AEB and Dow Jones Risk & Compliance join forces for more efficient compliance screening
1 week ago
Gartner Says Worldwide Semiconductor Revenue Grew 22.2 Per Cent in 2017; Samsung Takes Over No. 1 Position
1 week ago
Infor Provides Cloud-Based Services for Office Depot, Inc. Supply Chain Network
4 weeks ago
Infor Included in LinkedIn Learning Solution’s LMS Integration Partner Program
1 month ago
SAP Wins Record Five Glassdoor Employee’s Choice Awards
1 month ago
The future of global trade and logistics is agile: AEB releases new study
1 month ago
Supply Chain Visibility from Infor’s GT Nexus Commerce Network drives digital SC transformation at Octal
1 month ago
Softil’s IP Communications Game Changers for 2018
1 month ago
Christmas Comes Early for Khaos Control Cloud Users with Impressive Feature Updates
1 month ago
Tweakker Releases MVNO Outlook 2018
1 month ago
Microsoft and SAP Join Forces to Give Customers a Trusted Path to Digital Transformation in the Cloud
1 month ago
AX4 introduces two new Analytics Tools
1 month ago
World’s Largest Salmon Producer Nets Business Benefits with Infor
1 month ago
TECSYS Reports Financial Results for Second Quarter of Fiscal 2018
1 month ago
Kingspan Turns Up the Heat with Infor
1 month ago
Elemica’s Steve Daigle Honored by AgGateway With Leadership Award & Selection as Allied Provider Chairperson
1 month ago
SmartSurvey wins 3-Year Contract with General Medical Council (GMC)
1 month ago
Neogrid Listed by Gartner in IT Market Clock for Supply Chain Planning and End-to-End Technology
1 month ago
Infor Named a Leader in 2017 Magic Quadrant for Enterprise Asset Management Software
1 month ago
Elemica’s Steve Daigle Honored by AgGateway With Leadership Award & Selection
1 month ago
Infor to Highlight Coleman AI Capabilities, Utilizing Amazon Lex, at AWS re:Invent 2017 in Las Vegas
1 month ago
ALE positioned as a Visionary in the Gartner Magic Quadrant for Wired and Wireless LAN Access Infrastructure
2 months ago
Infor Continues to Innovate and Invest in Asset Management, Material Management, and Procurement Solutions
2 months ago
Data Interchange is ready for the 2018 HMRC changes
2 months ago
International Multichannel Software company become 2017 Award Winners
2 months ago
Softil Extends Functionality of Its Portfolio of Developer Tools
2 months ago
Better Information Flow for Stronger Supply Chains
2 months ago
Gateway to Supply Chain Data Sanity
2 months ago
Investitions bank Berlin implements Beta Systems' identity management software
2 months ago
Alcatel-Lucent Enterprise UC Cloud Services Wins Frost & Sullivan Industry Innovation and Leadership Award
2 months ago
Jinfa Labi chooses Lectra Fashion PLM 4.0
2 months ago
Elemica Delivers Predictive Visibility to Global Industrial Supply Chains
2 months ago
Fenix Outdoor Accelerates International Omnichannel Expansion with Manhattan Associates
2 months ago
GateHouse Telecom Appoints Svend Sørensen as Product Manager
2 months ago
GateHouse Telecom in Trailblazing Cyber Hardening Initiative
2 months ago
Dematic announces Brand Consolidation plan for Egemin and NDC into single global Dematic brand
2 months ago
Beijing Data Online Targets Continued Triple Digit Growth with Manhattan Associates Solutions
2 months ago
Trioliet selects Infor LN to Further Elevate its Business
2 months ago
BADA Simplifies Customs Clearance Complexities for Members with Descartes
2 months ago
Class Fundraising Raises Game with Opera 3
2 months ago
OrderWise Director Named Business Person of the Year
2 months ago
SAP Leonardo Machine Learning Portfolio is First Enterprise Offering to Use NVIDIA’s Volta AI Platform
2 months ago