2019 CyberSecurity Trends

2018 has been an eye-opening year for the cybersecurity industry. Big corporations such as Panera Bread, Facebook, Under Armour and more recently, Marriott, have had millions of customer records stolen, each of which has caused significant harm to the company’s brand. It is not only big corporations that are targeted by cybercriminals though. In fact, 43% of the attacks are targeted at small businesses [17].

It is expected that cybercrime will cost the world $6 Trillion by 2021 [18]. To protect customer data and proprietary information, corporations are spending more and more on security products and tools each year. In 2019, worldwide spending on information security products and services is expected to grow by 8.7% in 2019 to $124 billion [18]. Let’s look at some of the cybersecurity trends that seem poised to significantly alter the landscape in the upcoming year:

Attacks powered by AI

For a long time, attackers have used evasive techniques to bypass security measures and avoid detection. Recently, however, an entire underground economy consisting of products, tools, and dedicated services has emerged to assist attackers. Considering the ease with which attackers can outsource key components of the attacks, it is predicted that evasion techniques will become more agile due to artificial intelligence in 2019. Malware evasive techniques to bypass machine learning engines have increased in recent years. Bypassing artificial intelligence engines has already been on criminal’s to-do-list for a while. In the coming year though, it is projected that criminals will also be able to implement artificial intelligence in their malicious software to automate target selection and check infected devices before deploying next stage malware and anti-detection technologies.

Data Exfiltration Attacks to Target the Cloud

In recent years, enterprises have widely moved their data to the cloud using Infrastructure and Platform-as-a-Service cloud models such as AWS and Azure. With a significant amount of corporate data in the cloud, attacks on cloud platforms are bound to increase. With the adoption of Office365, there has been a surge of attacks on Office365 services, especially attempts to compromise email. Last few years have also seen many high-profile data breaches attributed to misconfigured Amazon S3 buckets. The problem is that many of these buckets are owned by vendors in their supply chains rather than by the target enterprises. These open buckets and credentials allow bad actors to easily attack S3 buckets.

Cryptojacking will continue to be in the headlines

Cryptocurrency mining has increased both as a topic of interest and activity as cryptocurrency usage has grown exponentially in the last few years. Nowadays, it is impossible to see any technology news feed without articles on cryptocurrency and blockchain. Cryptojacking is a way for cybercriminals take over the computing devices and smartphones to take advantage of the CPU power to mine cryptocurrency.

Cybercriminals infect victims’ phones and smartphones with malware, which uses the CPU power of the device to mine cryptocurrency, with the profits being directed back into the wallet of the attacker. The attack is not easy to detect because aside from the heavy use of the PC fan and driving up the energy cost of using the computer, cryptojacking doesn’t make itself obvious. An average victim won’t suspect the presence of malware activity if the computer is noisier and consumes more power than usual. According to Mike McLellan, a senior security researcher at the SecureWorks Counter Threat Unit, cryptocurrency mining represents a good return on investment and a low-risk way of doing it because it leaves the user unaware that their machine is infected, which means rather than providing payment in one quick hit like ransomware, the operation can be sustained for a long period of time. Plus, it doesn’t matter to the attacker where the victim resides in the world, providing a huge target market for the attacker. The code behind cryptojacking malware is relatively simple and it can be delivered via phishing campaigns, malvertising, compromised websites, or even software downloads. Once on a computer system, the game is all about not getting caught. According to CSO contributor David Storm, “Cryptomining will continue to be a threat as long as attackers can make quick cash from the infections.” [2]

GDPR

According to Nok Nok Labs’ CEO Phil Dunkelberger, “[t] he global regulatory environment will become more challenging as regulators and governments worldwide continue to strive to implement better data privacy protection as was done with GDPR. While this is great progress, we’re going to see these governments counter to gain more access to information” [3]

General Data Protection Regulation (GDPR) offers an innovative framework that the European Union has enacted to augment data protection requirements with amplified responsibilities and obligations for organizations. For global organizations that fail to adapt to this change, fines for non-compliance can reach up to 20 million Euros or 4% of worldwide annual turnover, whichever is greater. By early 2019, around 80% of multinational companies may fail to comply with GDPR if they do not understand modern data protection regulations [4]. GDPR will almost certainly force many multi-national companies to be more accountable for its use and collection of customer data.

While GDPR primarily affects entities operating in the EU, extraterritoriality aspects exist in the legislation. Additionally, GDPR may embolden American lawmakers and certain US states to address the rising concern that many Americans have over how companies use and protect personal information by holding companies more accountable for its data privacy policies. This will likely force companies to start thinking about the privacy-first approach to data, which may drive major changes in how companies collect, use and share data with third parties.

Rapid rise of identity theft

Identity thefts are skyrocketing, and criminals are using more sophisticated, multistep frauds to grab information about new accounts. According to one 2017 survey, 1 out of 15 people have reported being a victim of some sort of identity theft [6]. Criminals are using SSNs, home addresses and knowledge-based authentication question answers to hopscotch from one kind of account to another. Since many two-factor authentication schemes use cellphone SMS text messages for logins or password resets, hackers are working hard to break into cellphone accounts, which will allow them to defeat the two-factor implementation. Criminals are also matching up pieces of various identities to create an entirely new “person” they can use to apply for credit and steal money. It is expected that identity theft will continue to rise in 2019.

Synergistic Threats Will Multiply, Requiring Combined Responses

2018 has seen the rise in ransomware attacks and cryptojacking, which provides lower risk and better return on investment. We have also noticed that fileless and “living off the land” threats are more slippery and evasive than ever. In 2019, it is expected that attackers will combine these tactics to create multifaceted, synergistic threats. Synergistic threats are becoming more common because bad actors are developing foundations, kits and reusable threat components that allow them to focus on adding value to previous building blocks and enables them to orchestrate multiple threats instead of just one to reach their goals. Fighting against such attacks requires questioning every threat. To guard against cyber threats, we need to ask questions such as, “What if we are missing the real goal of the attack?” Remember, it is expected that bad actors will add synergy to their attacks, but cyber defenses can also work synergistically to defeat such attacks.

IoT security and attack on voice-controlled devices

It is expected that we will have 75 billion devices connected to the internet of things (IoT) by 2025. [8] Hence, we will have a huge number of devices to secure and new threats to identify. Both hardware and cloud-based tools have emerged that can monitor threats on multiple devices at a time, but threats can be enormous, often change in tactics and approach, and are not always completely understood. If attackers gain control of IoT devices, they can create havoc on individuals and organizations. They can use the device to mine cryptocurrency or connect them with similar endpoints to form a botnet, launch a DDoS attack, steal personal data and attack websites. To prevent such threats, IoT security solutions are automating the detection process, and it is projected that IoT security market will grow to over 30 billion by 2022 [9].

Increasingly, voice-controlled assistants will be used to manage IoT devices within the home. With the adoption of voice-controlled devices increasing rapidly, cybercriminals’ interest in attacking voice assistant devices and IoT devices connected to them will inevitably continue to grow.

References:

Chintan Udeshi

Product Marketing Manager at Infoblox