2018 has been an eye-opening year for the cybersecurity industry. Big corporations such as Panera Bread, Facebook, Under Armour and more recently, Marriott, have had millions of customer records stolen, each of which has caused significant harm to the company\u2019s brand. It is not only big corporations that are targeted by cybercriminals though. In fact, 43% of the attacks are targeted at small businesses [17].<\/p>\n
It is expected that cybercrime will cost the world $6 Trillion by 2021 [18]. To protect customer data and proprietary information, corporations are spending more and more on security products and tools each year. In 2019, worldwide spending on information security products and services is expected to grow by 8.7% in 2019 to $124 billion [18]. Let\u2019s look at some of the cybersecurity trends that seem poised to significantly alter the landscape in the upcoming year:<\/p>\n
Attacks powered by AI<\/strong><\/p>\n For a long time, attackers have used evasive techniques to bypass security measures and avoid detection. Recently, however, an entire underground economy consisting of products, tools, and dedicated services has emerged to assist attackers. Considering the ease with which attackers can outsource key components of the attacks, it is predicted that evasion techniques will become more agile due to artificial intelligence in 2019. Malware evasive techniques to bypass machine learning engines have increased in recent years. Bypassing artificial intelligence engines has already been on criminal\u2019s to-do-list for a while. In the coming year though, it is projected that criminals will also be able to implement artificial intelligence in their malicious software to automate target selection and check infected devices before deploying next stage malware and anti-detection technologies.<\/p>\n Data Exfiltration Attacks to Target the Cloud<\/strong><\/p>\n In recent years, enterprises have widely moved their data to the cloud using Infrastructure and Platform-as-a-Service cloud models such as AWS and Azure. With a significant amount of corporate data in the cloud, attacks on cloud platforms are bound to increase. With the adoption of Office365, there has been a surge of attacks on Office365 services, especially attempts to compromise email. Last few years have also seen many high-profile data breaches attributed to misconfigured Amazon S3 buckets.\u00a0The problem is that many of these buckets are owned by vendors in their supply chains rather than by the target enterprises. These open buckets and credentials allow bad actors to easily attack S3 buckets.<\/p>\n Cryptojacking will continue to be in the headlines<\/strong><\/p>\n Cryptocurrency mining has increased both as a topic of interest and activity as cryptocurrency usage has grown exponentially in the last few years. Nowadays, it is impossible to see any technology news feed without articles on cryptocurrency and blockchain. Cryptojacking is a way for cybercriminals take over the computing devices and smartphones to take advantage of the CPU power to mine cryptocurrency.<\/p>\n Cybercriminals infect victims\u2019 phones and smartphones with malware, which uses the CPU power of the device to mine cryptocurrency, with the profits being directed back into the wallet of the attacker. The attack is not easy to detect because aside from the heavy use of the PC fan and driving up the energy cost of using the computer, cryptojacking doesn’t make itself obvious. An average victim won\u2019t suspect the presence of malware activity if the computer is noisier and consumes more power than usual. According to Mike McLellan, a senior security researcher at the SecureWorks Counter Threat Unit, cryptocurrency mining represents a good return on investment and a low-risk way of doing it because it leaves the user unaware that their machine is infected, which means rather than providing payment in one quick hit like ransomware, the operation can be sustained for a long period of time. Plus, it doesn\u2019t matter to the attacker where the victim resides in the world, providing a huge target market for the attacker. The code behind cryptojacking malware is relatively simple and it can be delivered via phishing campaigns, malvertising, compromised websites, or even software downloads. Once on a computer system, the game is all about not getting caught. According to CSO contributor David Storm, \u201cCryptomining will continue to be a threat as long as attackers can make quick cash from the infections.\u201d [2]<\/p>\n GDPR<\/strong><\/p>\n According to Nok Nok Labs\u2019 CEO Phil Dunkelberger, \u201c[t] he global regulatory environment will become more challenging as regulators and governments worldwide continue to strive to implement better data privacy protection\u00a0as was done with GDPR. While this is great progress, we\u2019re going to see these governments counter to gain more access to information\u201d [3]<\/p>\n General Data Protection Regulation (GDPR) offers an innovative framework that the European Union has enacted to augment data protection requirements with amplified responsibilities and obligations for organizations. For global organizations that fail to adapt to this change, fines for non-compliance can reach up to 20 million Euros or 4% of worldwide annual turnover, whichever is greater. By early 2019, around 80% of multinational companies may fail to comply with GDPR if they do not understand modern data protection regulations [4]. GDPR will almost certainly force many multi-national companies to be more accountable for its use and collection of customer data.<\/p>\n While GDPR primarily affects entities operating in the EU, extraterritoriality aspects exist in the legislation. Additionally, GDPR may embolden American lawmakers and certain US states to address the rising concern that many Americans have over how companies use and protect personal information by holding companies more accountable for its data privacy policies. This will likely force companies to start thinking about the privacy-first approach to data, which may drive major changes in how companies collect, use and share data with third parties.<\/p>\n Rapid rise of identity theft<\/strong><\/p>\n Identity thefts are skyrocketing, and criminals are using more sophisticated, multistep frauds to grab information about new accounts. According to one 2017 survey, 1 out of 15 people have reported being a victim of some sort of identity theft [6]. Criminals are using SSNs, home addresses and knowledge-based authentication question answers to hopscotch from one kind of account to another. Since many two-factor authentication schemes use cellphone SMS text messages for logins or password resets, hackers are working hard to break into cellphone accounts, which will allow them to defeat the two-factor implementation. Criminals are also matching up pieces of various identities to create an entirely new \u201cperson\u201d they can use to apply for credit and steal money. It is expected that identity theft will continue to rise in 2019.<\/p>\n Synergistic Threats Will Multiply, Requiring Combined Responses<\/strong><\/p>\n 2018 has seen the rise in ransomware attacks and cryptojacking, which provides lower risk and better return on investment. We have also noticed that fileless and \u201cliving off the land\u201d threats are more slippery and evasive than ever. In 2019, it is expected that attackers will combine these tactics to create multifaceted, synergistic threats. Synergistic threats are becoming more common because bad actors are developing foundations, kits and reusable threat components that allow them to focus on adding value to previous building blocks and enables them to orchestrate multiple threats instead of just one to reach their goals. Fighting against such attacks requires questioning every threat. To guard against cyber threats, we need to ask questions such as, \u201cWhat if we are missing the real goal of the attack?\u201d Remember, it is expected that bad actors will add synergy to their attacks, but cyber defenses can also work synergistically to defeat such attacks.<\/p>\n IoT security and attack on voice-controlled devices<\/strong><\/p>\n It is expected that we will have 75 billion devices connected to the internet of things (IoT) by 2025. [8] Hence, we will have a huge number of devices to secure and new threats to identify. Both hardware and cloud-based tools have emerged that can monitor threats on multiple devices at a time, but threats can be enormous, often change in tactics and approach, and are not always completely understood. If attackers gain control of IoT devices, they can create havoc on individuals and organizations. They can use the device to mine cryptocurrency or connect them with similar endpoints to form a botnet, launch a DDoS attack, steal personal data and attack websites. To prevent such threats, IoT security solutions are automating the detection process, and it is projected that IoT security market will grow to over 30 billion by 2022 [9].<\/p>\n Increasingly, voice-controlled assistants will be used to manage IoT devices within the home. With the adoption of voice-controlled devices increasing rapidly, cybercriminals\u2019 interest in attacking voice assistant devices and IoT devices connected to them will inevitably continue to grow.<\/p>\n References:<\/strong><\/p>\n 2018 has been an eye-opening year for the cybersecurity industry. Big corporations such as Panera Bread, Facebook, Under Armour and more recently, Marriott, have had millions of customer records stolen, each of which has caused significant harm to the company\u2019s brand. It is not only big corporations that are targeted by cybercriminals though. In fact, […]<\/p>\n","protected":false},"author":180,"featured_media":1758,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[16,15],"class_list":{"0":"post-1757","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-infoblox","9":"tag-security","10":"entry"},"acf":[],"yoast_head":"\n\n