Predictions in Cyber Security for 2019 – Part 1
In anticipation of the major privacy and security trends for 2019, it’s possible to find an abundance of clues within the circumstances of the last year. Among the currently familiar types of attack, cyber hacks of websites and corporate systems continued in the year 2018 and inevitably will be a part of the cyber security world in 2019. Most well-known businesses worldwide suffered substantial breaches in 2018. The largest possible data leak, which affected data aggregation and marketing company Exactis, involved a database exposure containing almost 340 million data records.
As you prepared yourself ahead of time for a new year of cyber threats, below we list 3 activities and trends most likely to affect your business:
Attackers Increasingly Will Capture Data While in Transit
We’ll probably see attackers exploit routers based in the home and additional poorly secured IoT devices within new ways. An exploit already in existence is monitoring IoT devices in order to launch huge cryptojacking efforts that mine cryptocurrencies.
In the year 2019, we may expect more and more attempts at gaining accessibility to home routers and additional IoT hubs to obtain some of the information that passes through them. For instance, malware that is inserted into this type of a router could obtain credit card numbers, steal banking credentials, or show malicious, spoofed pages to a user to compromise private data. This type of sensitive information is usually better secured when it’s at rest today. For instance, eCommerce merchants don’t store credit card’s CVV numbers, which makes it more challenging for attackers to rob credit cards from eCommerce databases. Without a doubt, attackers will continuously evolve their methods to steal consumer information when it’s in transit.
In 2018, there were a number of instances of data in transit compromises on the enterprise side. Magecart robbed credit card numbers, as well as additional sensitive consumer data on e-Commerce websites by embedding malicious scripts right upon targeted sites or by compromising 3rd-party suppliers utilized by the website. These types of “formjacking” attacks recently have impacted the sites of various global businesses. In one other attack that targeted enterprise data-in-transit, the VPNFilter malware additionally infected an array of network-attached storage devices and routers, permitting it to change network traffic, steal credentials, decrypt data, as well as serve a launch point for additional malicious tasks inside targeted businesses.
Growing 5G Adoption and Deployment Will Start to Grow the Attack Surface Area
In 2018, numerous 5G network infrastructure deployments started, and the upcoming year is shaping up to be one of accelerating 5G activity. While it’ll take time for 5G networks, as well as 5G-capable phones and additional devices to become widely deployed, growth rapidly will occur. For example, IDG calls 2019 “a seminal year” upon the 5G front, and predicts that the 5G and 5G-associated network infrastructure market will expand from around $528 million in the year 2018 to $26 billion in the year 2022, and exhibit a compound yearly growth rate of 118%.
Even though smart phones are the concentration of a lot 5G interest, the quantity of 5G-capable phones will probably be limited in 2019. As a stepping stone to deployment of 5G networks, a handful of carriers are providing fixed 5G mobile hotspots, as well as 5G-equipped home routers. Given that the peak data rate of 5G networks is 10 Gigabits per second, as compared with 4G’s 1 Gigabits per second, the change to 5G is set to catalyze new architectures, operational models, and–in turn–new vulnerabilities.
Over a period of time, an increasing amount of 5G IoT devices are going to directly connect to the 5G network instead of through a Wi-Fi router. The trend is going to make these devices more susceptible to direct attack. For home users, it’ll also make it more challenging to observe all IoT devices as they bypass a central router. More broadly, the capability of backing-up or easily transmitting massive data volumes to cloud-based storage is going to give attackers fresh targets to breach.
Attackers Are Going to Exploit AI and Use it to Assist Assaults
In recent years, AI’s commercial promise has started to materialize, with artificial intelligence-powered systems that are already being used in multiple business operation areas. Even as those systems usefully automate manual jobs, as well as enhance tasks and decision-making done by humans, they additionally emerge as targets of attack, as most artificial intelligence systems house huge quantities of data.
Additionally, scientists have grown more and more worried about the vulnerability of those networks to input which may corrupt their logic, as well as impact their operations. Fragility of a few artificial intelligence technologies is set to become an increasing concern for 2019. The expansion of crucial artificial intelligence systems as targets of attack, in some ways, will begin mirroring the sequence that was witnessed two decades ago with the Web that quickly grabbed the attention of hackers and criminals, particularly after the rise in e-Commerce.
Attackers will not simply target AI systems, they’ll enlist AI methods themselves to charge their own unlawful activities. The automated systems that are powered by artificial intelligence could probe systems and networks looking for unfound vulnerabilities which might be exploited. Plus, AI could be utilized to make phishing even more advanced by creating very realistic audio and video or well-created emails made to deceive targeted people. Artificial intelligence also could be utilized to introduce realistic-looking disinformation campaigns. For instance, imagine a phony, realistic, artificial intelligence-created video of a Chief Executive Officer, announcing a massive financial loss, security breach, or additional major news. Release of this type of fake video might have a substantial effect on the organization before the facts are known.
Plus, similar in the way that we witness attack toolkits for sale on the internet, which makes it fairly simple for cyber attackers to produce fresh threats, we are certain to ultimately see artificial intelligence-powered tools which are able to offer even small-time criminals the capability of launching targeted, sophisticated attacks. With these types of tools automating the development of extremely personalized attacks–attacks which have been expensive and labor-intensive in the past–these types of toolkits might make the marginal expense of creating every additional attack pretty much be zero.
In the upcoming year, we expect attackers will continuously concentrate upon network-based enterprise attacks, as they offer special visibility into a victim’s infrastructure and operations.
TSI Cyber is a full-service information security consulting firm and managed security service provider specializing in helping clients identify and remediate threats and protect against risks to their IT infrastructure. For more information on how we can protect your business contact TSI today!
Want more predictions on cybersecurity? Check out part 2 of this series here.