New technology means new playground for hackers. Various cybersecurity companies have released their predictions for 2019 after an eventful 2018 that saw high-profile data breaches and millions of compromised user information.
Artificial intelligence and the full adoption of the Internet of Things (IoT) are expected to draw cybercriminals into hatching sophisticated attacks and exploit the vulnerabilities brought about by emerging technologies.
Kaspersky, Palo Alto Networks, Sophos, and Symantec see the threats that IoT will bring what with the amount of data this will generate. Every connected device not just in homes but also in industrial locations will produce data where hackers can steal and sell in the dark web.
Sophos 2019 Threat Report detailed how criminals are now “staking out” victims, moving laterally throughout the network, manipulating internal controls to reach their objectives with stealth.
According to Ross McKerchar, chief information security officer at Sophos, companies that used to focus on firewalls and endpoints but “nowadays infrastructure is defined by code and breaches are increasingly caused by weak applications so automation is essential for under-staffed teams. This is changing the skillset required by security professionals. We now also need to have a deep understanding of applications and an ability to build automation into our tools and processes.”
Symantec predicts that attackers will exploit AI systems and use it to aid assaults. It said that the fragility of some AI technologies will become a growing concern in 2019. In fact, it will not only be the AI systems that will capture attackers’ attention but also the AI techniques that they would be able to use in their own criminal activities. Perhaps, a company’s worst fear would be cybercriminals using AI to spread disinformation such as, according to Symantec, “a fake AI-created, realistic video of a company CEO announcing a large financial loss, a major security breach, or other major news. Widespread release of such a fake video could have a significant impact on the company before the true facts are understood.”
The availability, as well as the affordability, of attack toolkits, is one of the reasons Symantec why AI will be a threat target next year.
Malware is not going anywhere yet, predicts Sophos as it sees a continued threat of mobile and IoT malware. The security firm attributes the increase in “illegal Android apps” as one of the contributors. It explained how criminals might be devising new ways to hijack connected devices in homes and businesses. It noted that in 2018, “VPNFilter demonstrated the destructive power of weaponized malware that affects embedded systems and networked devices that have no obvious user interface.”
Kaspersky sees botnets growing at an unstoppable pace. It warns that this may happen not only in 2019 but also in the coming years and “should never be underestimated.” While IoT botnets grow in numbers, it will also become more powerful.”
Surprisingly, only Kaspersky included the rise in of attacks on cryptocurrency in spite of its popularity in the past year that some criminals decided to focus on devising different types of attacks on this, which also gave birth to crypto mining phenomenon. It noted how crypto mining overtakes ransomware this year. The “industry” felt a slow down in the latter part of the year because of the price drop. The company said the public will further lose interest in cryptocurrency and that “there will be no return to 2017’s sky-high exchange rates.”
Advanced persistent threat (APT) used to dominate the security landscape. However, Kaspersky said there will be no more big APTs
in 2019. It cites one of the reasons as threat actors are likely to go underground to evade any publicity that might lead to “being found out. With enough resources, they will be able to diversify toolkits and practices, making detection and attribution extremely difficult.”
It also sees that attackers may employ a new approach that will lead to the deployment of tools specialized for targeting victims at their very core — compromising networking hardware. “The new strategy will allow threat actors to focus their activities on discreet botnet-style compromise or to perform more sneaky attacks on the selected targets.”
Kaspersky said that by veering away from more sophisticated campaigns, attackers will be looking at specifically targeting infrastructure and companies where victims are such as ISPs. “Sometimes this can be accomplished through regulation, without the need for malware.”
Palo Alto Networks says that “supply chain will be a company’s weakest link.” Even if a company has its own strict security measures in place, it doesn’t have control over the other companies that it needs for its various types of services. They now have to work with cloud services and networks vendors, data centers, and yes, cybersecurity firms. It shares data with these companies and that is where the vulnerability lies.
“Pinpointing and avoiding cybersecurity risks will soon be nearly impossible as the global supply chain becomes increasingly complex,” says Palo Alto in its 2019 Cybersecurity Predictions. “Perhaps it is time for organizations in other sectors to start asking, ‘Do we know who or which individuals, organizations and other third parties have been connecting to our networks? Do you know which systems and services your organization is dependent on?’”
Sophos McKerchar said that organizations will up their focus on software supply chains.
“Everyone relies a huge amount nowadays on open-source libraries that are often maintained very informally by loose-knit communities that are easy to infiltrate,” he said. “This used to be the domain of nation-states but the criminals are getting in on the action.”
Kaspersky further affirms this saying that “supply chain attacks are here to stay.” It adds that this is one of the most worrying attack vectors which has been successfully exploited during the last two years. “It made everyone think about the number of providers they work with and how secure they are. In 2019, this will continue to be an effective infection vector.”
Symantec adds that attacks that exploit the supply chain will grow in frequency and impact. The software supply chain will be the attackers’ common target by implanting malware into otherwise legitimate software packages at its usual distribution location. This attack may happen even during the production at the software vendor or at a third-party supplier.
“The typical attack scenario involves the attacker replacing a legitimate software update with a malicious version in order to distribute it quickly and surreptitiously to intended targets. Any user receiving the software update will automatically have their computer infected, giving the attacker a foothold in their environment.”
Companies and even government institutions are urged to digitalize their systems for easy and quick transactions. Almost everything is stored in a cloud, which is prone to attacks. While security firms are continuously on the lookout for new types of attacks, they are also anticipating a bigger and more sophisticated strategies cybercriminals may employ. What they advise customers is to be constantly on guard and choose the best security vendor for their types of services.
Image by Gerald Altman/Pixabay