In 2018, the Europe Union introduce sweeping data protection legislation under the General Data Protection Regulation (GDPR). And in the United States, leaders of tech giants testified before Congress regarding data privacy and protection.
There’s a heightened awareness of an expectation for better information security and that’s a good thing.
Data protection is no longer a technology problem. It is political and commercial impact is far-reaching.
But as a new data protection baseline has established, the complexity and frequency of cyber security threats is increasing. Threats that were new a few years ago are now available as a service and with little technical expertise.
2018 saw an increase in hijacking IT resources for mining cryptocurrency, but ransomware, insider attacks and malware aren’t letting up. While these threats will continue, here are some key trends to keep a close eye on in the year ahead.
Biometric hacking, an increase in phishing attacks and sophisticated use of Artificial Intelligence (AI) are among the top cyber security threats to expected in 2019, they keep evading through new techniques.
Attacks through theft of biometric data
While, major leaks of biometric data have occurred globally, the Middle East and Africa regions could see the first attacks in the theft and use of biometric data in 2019, according to Kaspersky Lab.
However, more biometric systems for user identification and authentication are implemented by various financial institutions in META (Middle East, Turkey and Africa), 2019 will see criminals exposing vulnerabilities in passcodes, touch ID sensors and facial recognition,” says Fabio Assolini, senior security researcher at Kaspersky Lab.
“Many financial organisations consider these emerging biometric-based solutions to improve security over current authentication methods. Biometric data will increasingly used to steal sensitive information.”
AI, machine learning make attacks harder to detect
Manuel Corregedor, COO at Telspace Systems, says 2019 more advanced exploitation of AI to carry out and conceal new exploits.
“Therefore, an increase in attackers utilizing AI and machine learning as a means to make their attacks more difficult to detect or prevent,” says Corregedor.
However, AI will also change the way the industry deals with threats.
Brian Pinnock, cyber security specialist at Mimecast, says AI and machine learning will play a more prominent role as the velocity and variety of attacks makes conventional approaches – such as blacklists – outdated and ill-equipped to deal with modern cyber threats.
“Organisations will realize the importance of threat intelligence and will focus on the need for an “intelligence function’ to identify threats,” says Pinnock.
Phishing scams to soar
As e-mail attack grow more frequent and complex, more organisations will left scrambling for new ways to reduce risk and better detect and remediate threats in 2019.
Pinnock says throughout 2019, the most insidious development won’t be new attack types, but, rather, improved execution of existing attack types, especially those delivered via e-mail.
Phishing techniques like the use of homoglyphs, elongated URLs, legistimate certification (green lock), and credential harvesting sites will increase. Flawless phishes will continue to prey on the gap in human firewalls, pivoting internally around organisations and intensifying efforts to better educated all staff.”
Dr Jebu Mtsweni, research group leader for cyber defence at the Council for Industrial and Scientific Research (CSIR), points out that phishing scams are still quite popular as cyber security awareness remains low.
“Deniel of service attacks on government Web sites also popular in 2018. This includes injection of malware on government Web sites that remain undetected. In 2019, malicious e-mail and links will continue to be used by criminals to get access to organisations’ networks.”
Fake videos, new era of fake news
UK based innovation foundation Nesta forecasts that 2019, new level of malicious posts on social media as fake videos can set the next stage in fake news.
Above all, computer generated graphics appearing to show video footage of events that never really happened will used to mislead the public.
“Predict that within the next 12 months, the world will see the release of highly authentic looking malicious fake videos, which could cause substantial damage to diplomatic relations between countries,” says Nesta.
“Deep fakes, a new AI based technology that makes it possible to create fake videos of individuals, nearly indistinguishable from the real thing, will make this possible.”
The innovation foundation believes that Deep fakes have the potential to spark a geo-political incident if a politician or celebrity is maliciously impersonated.
Improved execution of existing attack types
In 2018, cyber-attacks and data breaches continued to increase in both frequency and intensity, and organisations expect more of the same in 2019, according to experts.
Corregedor points out that the biggest cyber security event of 2018 is probably the sheer number of data breaches that have occurred across industry sectors. Some utilizing advanced attacks, others as a result of mistakes made by the affected organisations.
Over 4.5 billion data records compromised worldwide in the first half of 2018, according to Gemalto’s latest Breach Level Index.
Pinnock points out that better social engineering, increases in credential padding attacks, and complicated malware with multiple stages and different form factors for transmission make threats incredibly tricky to detect in 2019.
“With global cyber-crime organisations growing and sophistication, many are acquiring capabilities that once the sole reserve of nation states,” notes Pinnock.
“Cyber criminals use stolen credentials from the past few years’ data breaches to compromise the security of the most secure organisations. Even companies with good cyber protection have little protection against the reuse of passwords that have collected in other breaches.”
Slight decrease in crypto currency attacks
According to Kaspersky Lab, 2018 saw a rise in the malicious use of cryptocurrency miners, with virus attacks and malicious software against crypto miners growing fourfold.
Kaspersky predicts that crypto currencies as a means of payment will decline further in 2019, and this trend is expected to lead to a slight decline in crypto currency threats.
“In the face of huge commissions, slow transfers, a large price for integration, and, importantly, a small number of customers, the use of crypto currency as a method of payment has declined steadily from 2017 and will continue to decline in 2019.”
However, those crypto currency threats that do occur will be focused on mining malware, with the intervention of new players and the continuation of the use of ransomware.
“In 2018, the META region became appealing to cyber criminals, with financial and malicious crypto mining attacks taking centre stage,” notes Assolini.
“Illegal mining of crypto currencies increased dramatically to overtake the main threat of the last few years ransomware. The reason for this is that mining is silent and causes less impact that ransomware, making it less noticeable.”
Mobile, in the app malware
While malware that runs on the Windows operating system vastly outnumbers malware for any other platform, users of mobile devices are increasingly subject to malicious activity that pushes malware apps to their phones, tablets, or other devices running Android and iOS, according to computer network security company Sophos’ 2019 Threat Report.
For some time, malicious versions of popular apps were predominantly found on third party app stores. These can be sketchy places, hosting pirated and/or trojaned versions of legitimate apps, notes the report.
Unusual malicious campaigns affecting the Android platform – phishing in the app can be expected in 2019, warns Sophos.
“In 2018, we discovered one way that criminals can bypass the Play Market’s source code checks was by not including anything malicious in the app itself, but rather by making an app that, in essence, is a browser window to a phishing site. The apps, in this case, were designed in tandem with the phishing site so the user had a seamless experience,” notes the report.
5G deployments to fuel threats
A number of 5G network infrastructure deployments kicked off this year, and 2019 is expected to be a year of accelerating 5G activity. While it will take time for 5G networks and 5G-capable phones and other devices to become broadly deployed, experts predict growth will occur rapidly.
According to Symantec’s Cyber Security Predictions: 2019 and Beyond, growing 5G deployments and adoption will expand the cyber-attacks surface area.
“As a stepping stone to broad deployment of 5G cellular networks, some carriers are offering fixed 5G mobile hotspots and 5G-equipped routers for homes. Given the peak data rate of 5G networks is 10 Gbps, the shift to 5G will catalyse new operational modes, new vulnerabilities.
“Over time, more 5G IoT devices will connect directly to the 5G network rather than via a WiFi router. This
trend will make those devices more vulnerable to direct attack.”
IIoT attacks not slowing down
Industrial IoT (IIoT) attacls through cloud infrastructure and over-reliance on AI in cyber security systems are two critical risks for enterprises in 2019, according to Forcepoint’s 2019 Cyber security Predictions Report.
“In 2019, attackers will break into industrial IoT devices by attacking the underlying cloud infrastructure. This target is more desirable for an attacker access to the underlying systems of these multi-tenanted, multi-customer environments represents a much bigger payday.”
Three elements expected to play a significant role in the increase of IIoT attacks, according to the report, are: increasing network connectivity to edge computing; the difficulty in securing devices as more compute moves out to the edge; and the exponential number of devices connecting to the cloud for updates and maintenance.
Rise of SaaS
Gilad Peleg, CEO of cyber security firm SecBI, predicts that in 2019, the model of enterprise software deployed on-premises will gradually disappear as it’s replaced by Software as a Service (SaaS).
Many of the resources once in the hands of corporates, like the database, e-mail server, ERP, CRM and others, will all move to the cloud, leaving enterprises vulnerable, he observes.
“SaaS” greatest advantage is also its greatest weakness. With SaaS, you need much less IT. This is a benefit at first glance, but upon inspection, it becomes a problem you don’t control the access, or the data.
Your comment blow please.