In 2018 we saw our fair share of cyber-attacks. Ranging from Ticketmaster affecting around 40,000 customers, to Under Armour with the compromise of 150 million accounts, and the list goes on. We’ve seen the first month of 2019 fly by and with it has already come with many cyber security incidents.
There’s no real way to predict exactly what to expect from cyber attacks. However, we can prepare ourselves for potential risks from what we’ve already seen and the changes to privacy issues backed by new laws and regulations. This year will prove extremely significant for the world of business to business and business to consumer relationships.
Risks Coming into 2019
Coming into 2019, ransomware will still be an issue however it’ll become a more targeted attack. This is because cybercriminals will move over to other ways of creating fast revenue. According to Kaspersky, the number of users who encountered ransomware in 2017 and 2018 fell by nearly 30% compared to the 2016 and 2017 time period, but the targeted attacks were on a much larger scale.
The main reason ransomware has declined is due to cyber-criminals using cryptojacking as a more efficient way of creating profit. Cryptojacking, otherwise known as “Cryptomining malware”, uses both invasive methods of initial access, and drive-by scripts on websites, to steal resources from unsuspecting victims. This method runs in the background of mobiles, servers, computers and endpoints, quietly stealing spare machine resources to make greater profits at less risk. There are huge numbers of ready-made Cryptomining tools so criminals don’t need to be technically skilled to attack. The results of this shows a 44.5 percent rise in number of users that have experienced a cryptomining attack in the past year. An easy, low-risk and profitable method like cryptomining is surely going to be something we see more frequently in 2019.
AI Used to Aid Attacks
AI is one of the most popular and significant technologies on the rise and we expect it to advance exponentially throughout 2019. As AI has become commercialised, we’ve seen it already being implemented in multiple different business operations. AI is making our lives easier by automating manual tasks and enhancing decision making and other human activities. However, this can make them prone to attacks as they store huge amounts of data.
Cybercriminals will not only target AI systems but they’ll use AI technologies in order to create automated systems or social engineering attacks. Automated systems powered by AI could probe networks and systems searching for undiscovered vulnerabilities that could be exploited. In addition, social engineering attacks can easily occur thanks to AI having the potential to create extremely realistic video and audio imitations to target individuals. We expect to potentially see these being used to release fake campaigns in order to misinform or even destroy a business. AI in video is already a widespread with ‘Deep Fakes’ becoming a more popular technology in other industries. This technology can spread fake news to tarnish a reputation, influence others and more. A video of Obama shows how realistic this AI tech can be and it’s made us realise that the result can be more than a minor inconvenience.
Targeted Spear Phishing
Phishing has become a very common security threat. A hacker knows that the more information they have on you the more likely that their attack will be successful. This is because attackers are using various methods of breaking into an email system, watching your behaviour and learning from it. The information they’ve gathered, as well as taking advantage of the relationships and trust built between people who regularly communicate with each other can then be exploited to access financial information or used to impersonate their target for financial gain.
Wire fraud is an increasingly popular method of email phishing. This can be done with anyone from home buyers to work colleges. The home buying marketplace is seeing more and more wire frauds from phishing emails being targeted. The damage last year affected the marketplace to the tune of $5.3 million a month. The attacker will tap into an escrow company’s computers and lift their emails and current customer database. They then create very real-looking emails requesting that wire transfers be made immediately.
Similarly, Fyre Festival has shown us a very recent and common example of this. The co-founder Billy McFarland used a phishing method to earn in excess of $100,000 by using his Fyre Festival mailing list to target and phish people into buying VIP event tickets that didn’t exist.
Advancements coming into 2019
Advanced Threat Protection Turns Mainstream
Windows 10 Advanced Threat Protection (ATP) is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. It can show you what an attacker has done to a system. However, at the moment its only eligible for anyone with an Microsoft 365 E5 licence.
Microsoft are continuing efforts to build a security-focused brand image by making ATP standard with all Windows versions. “This will be a key selling point in choosing Windows products over IBM’s Red Hat in the coming year” according to CSO contributor and Windows expert Susan Bradley.
Companies will Require Masters and More Training in Cyber Security
Businesses being at high risk for hacking is partly due to a global shortage of cyber skills in the workplace. This has resulted in a demand for expertise after companies have realised that they’re not secure with their current strategy. Also, with companies increasingly insourcing their security needs, internal training and skills growth has to continue to accelerate.
“Cybersecurity training will continue to mature. Certificates alone will no longer be enough to take the next step in a security professional’s career. Masters degrees in cybersecurity are popping up all over the place and more and more companies will be looking to hire CSOs/CISOs with the cross-disciplinary skills acquired from a masters degree.”– J.M. Porup
AI Will Be Used By Defenders
Machine learning is currently being used in many threat identification systems, demonstrating the positives that AI can have to protect us. This use of AI can identify entirely new threats. Defenders can now get a one up on their attackers as they can also use AI systems to probe for open vulnerabilities.
Not only will AI help enterprises but it will also protect us at home. AI can be incorporated into our everyday gadgets such as our phones or tablets to warns us of any suspicious actions we may be about to do. It can warn us of suspicious activity and even tell us to set up two-factor authentication when creating new accounts such as email or on social platforms.