Annual review regarding vulnerabilities and attacks for 2018

The aim of this review is to highlight the general tendencies and threat evolution to help the community to enhance their protections.

In this report, Cert-IST analyzed the main events of 2018:

• Could GDPR be THE solution to the numerous data leaks?
• Spectre and Meltdown: time to apply firmware patches
• New attacks targeting banks
• Governments became the most visible actors in the threat landscape
• Attacks through the suppliers or partners
• Attackers' TTPs are evolving making attributions even more difficult.
• A year of Cryptominers mania

This document is available on Cert-IST public website:

• in English: Annual Report on Attacks and Vulnerabilities seen in 2018
• in French: Bilan Cert-IST 2018 des failles et attaques