10 Primal Security Predictions for 2019

29 Dec

Ransomware lost its spot as the number one cyberthreat for consumers and organizations in the first half of 2018, after being at the top of the list for several years.

Despite being marginally outpaced by crypto jackers, however, ransomware has made a rapid recovery, exhibiting that file-encrypting malware is here to stay. And all indications point to some 2019 riddled with emerging new risks.

December is a forward-looking month, one that we dedicate to sharing our forecast for the entire year to come. So without further ado, here are some top 10 predictions for the cybersecurity area in 2019 (and outside ).

1. Ransomware

The most profitable kind of malware, ransomware remains a constant danger. We record copious numbers of infections daily, but the great news is ransomware is no longer growing -- it is plateauing. One reason is well recorded: ransomware has taken a back seat into crypto jacking in yesteryear since bad actors developed a preference for stealing computing capability to create digital money whilst flying underneath the radar. However, an even heftier factor supporting ransomware's stagnation is that the development of dedicated solutions aimed directly at thwarting this kind of malware. There'll always be new variations of ransomware, more complex than others and a few harder to capture, but we do not expect ransomware to take on much bigger proportions. At least not bigger than in the past year.

2. Web of Things (IoT) 

We anticipate more attacks leveraging the Internet of Things (IoT) / smart/connected devices. Since lawmakers scramble to think of a way to modulate the IoT area, believers will continue to capitalize on their inherent flaws. Hackers are becoming better at replicating IoT products like baby monitors, surveillance cams and other home appliances. And connected medical instruments are far from secure. Actually, body implants that support wireless connectivity may result in the very first ransomware strikes where you have to cover or perish. Sounds crazy? Just keep in mind that, in 2013, former US Vice President Dick Cheney asked his doctors to disable the radio role within his pacemaker to hamper the potential of terrorists hacking it.

In another noteworthy fashion in the IoT landscape, most manufacturers are jumping on the mobile bandwagon, slowly moving their IoTs from WiFi into LTE and from ipv4 to ipv6. While this shift promises enhanced safety, it will probably open up a new can of worms because it is relatively new ground for the IoT ecosystem.

3. MacOS strikes on the rise

Apple's share of the desktop market has been climbing, and malware made to sabotage Macs is growing along with it. We project an increase in the number of strikes targeting Mac users, something we are already beginning to see in our internal telemetry. Our information shows not only new MacOS-specific malware but also MacOS-specific mechanics and tools designed to capitalize on Macs post-breach. We've already seen that in past APTs that housed Mac-specific components.

4. MACROs and wireless attacks 

Attacks leveraging Microsoft Office MACROs may even increase in quantity and scope. MACROs are a feature, not a bug, as the old adage goes. Which makes it the ideal lure for victims vulnerable to social engineering scams -- in which the attacker convinces the victim to essentially partake in their own abuse.

We expect fileless attacks -- such as those leveraging PowerShell and other system-bound formats such as reg, mshta etc. -- to additionally increase in scope in the entire year to come.

5. Potentially Unwanted Software (Pua) And Also Crypto Jacking

Potentially unwanted applications (PUA), including adware, do not pose a huge danger in and of themselves, but they're not innocent. For instance, you may obtain a seemingly valid program not knowing it is bundled with crypto miner or even malware.

We predict an increase in JavaScript-based miners embedded in web pages -- like the YouTube crypto jacking episode where attackers conducted an advertising effort and injected miners within advertisements displayed on YouTube.

Finally, we can anticipate a change from drive-by-downloads of malware on complete blown drive-by-mining. In other words, the use of web-mining APIs that play crypto-mining, right in the consumer's browser, rather than exploit-kits to obtain malware on the victim's personal computer.

6. Combating Undetectable Threats 

Network-level exploits may input the limelight next the calendar year, and they will likely be hyped by social media if history is any sign. And researchers will have to devote considerable resources to analyzing hardware-based enhancements, hardware backdoors, and hardware design flaws, as well as supply chain compromises in applications.

7. APTs Targeting Banks

We anticipate advanced persistent dangers to keep emerging, with a renewed focus in the banking industry, reminiscent of this Carbanak group making headlines 2014 for using an APT-style effort to steal money from banks. The malware was allegedly introduced through phishing emails, with the hackers said to have stolen countless million dollars not just out of banks, but from over a thousand private customers too.

8. GDPR to show its fangs 

Following is a positive forecast for a change: Due to the EU's renewed effort to protect personally identifiable information -- in the form of this General Data Protection Legislation that occurred in May this year -- we must expect fewer" credential escapes" into occur or at the very least make headlines. Security incidents are more thoroughly included at a company level in an effort to prevent penalties which could force a business into bankruptcy. Do not forget that the GDPR could dish out penalties of around 4% of the victim's annual turnover, which can translate into hundreds of millions and even billions of dollars in the event of large corporations and enterprises.

9. Election interference in Europe

2019 is the year Europe elects Members of the European Parliament. If recent developments in the U.S. are any indication, we have to expect turmoil in Europe, such as state-sponsored strikes on voting systems, social networking propaganda, and other types of"meddling." If a few years ago these acts were merely rumored to be occurring, events in the past two decades alone affirm the world's major forces will stop at nothing to influence their adversaries' political consequences.

10. A Change Towards Cellular Attacks

Fintech services are paving the way to quite a profitable new fad for hackers, especially in the mobile space. The more money they handle on behalf of their customers, or even the tighter the integration using conventional banking systems, the more attention they will gain from cybercrooks that will probably develop new threats targeting those specific agencies in 2019.

Share this post with your friends!