The 7 methods cyber criminals will use to attack Australian businesses, and the internet as a whole, in 2019.
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year, writes Ericka Chickowski for www.darkreading.com.
It’s time to turn the page on yet another year, which means it’s also time to look into that crystal ball and speculate — wildly or not — on where cyberattacks will take us in the coming months. Security researchers agree that the old standbys, such as phishing, ransomware, and credential attacks, will keep plaguing organisations as much as ever.
But the threat landscape is never static, so security professionals can surely expect the bad guys to continue refining their attacks in 2019.
Here’s what the prognosticators believe are the 7 tactics the attackers have in store for us in 2019:
Attackers Will Leverage AI
This past year has seen a ton of security companies tout their advanced artificial intelligence (AI) and machine-learning (ML) capabilities in thwarting attacks. But this is spy vs. spy, so expect attackers to have their own AI tricks up their sleeves.
“Cybercriminals have attained a decent level of proficiency in practical AI/ML usage,” says Ilia Kolochenko, CEO of High-Tech Bridge. “Most of the time, they use the emerging technology to better profile their future victims and to accelerate time, and thus effectiveness, of intrusions.”
As Kolochenko puts it, many of those cybersecurity startups that throw around AI and ML in their pitch decks and marketing slicks don’t actually have a whole lot under the hood to back up their claims. Not so for the attackers. “The bad guys are focused on its practical, pragmatic usage to cut their costs and boost income,” Kolochenko says of malicious AI usage. “We will likely see other areas of AI/ML usage by cybercriminals. We will probably have the first cases of simple AI technologies competing against each other in 2019.
Critical Infrastructure Tactics
Critical infrastructure is finally gaining some level of awareness among cybersecurity and operational executives, as real-world attacks start demonstrating what a lot of SCADA security experts have warned about for years. The question is whether that awareness can translate into fast enough action on the part of defenders. Security experts, including Justin Fier, director of cyber intelligence and analysis for Darktrace, say that in 2019 the attackers will be increasing the scale and sophistication of their targeting in these environments.
“Since the attacks on the Ukrainian power grid in 2016 and Triton in 2017, attacks on industrial environments have become mainstream. With several nation-states providing warnings in 2018 about ongoing targeting of their energy grids, 2019 looks set for increasing numbers of high-profile cyberattacks on our critical infrastructure,” Fier says.
“Darktrace is specifically looking at three threat vectors: smart meters and IoT (Internet of Things) devices; disruption of core logistics and transportation services, specifically in shipping; and sporting events infrastructure.”
‘Influence Operations’ Move Beyond Politics
News of election tampering and the Cambridge Analytica scandal brought into sharp focus the kind of deep damage that cyber influence manipulators can have on society. Security pundits say they believe that “influence operations” will move beyond the political realm in 2019.
“Whether leveraging compromised data or strictly propaganda or false information, all variety of actors can use information operations to further their personal or organisational goals. Notably from a retail or economic espionage perspective, consider the possible effects of such an operation,” says Adam Vincent, CEO and co-founder of ThreatConnect.
“A competing retailer could post scores of negative reviews for a competitor in hopes of ultimately driving down that organisation’s business. Similarly, a nation-state could minimise competition for its domestic companies by conducting information operations targeting foreign organisations.”
Scaling Up IoT Botnets
It’s been over two years since the Mirai botnet made waves with its first round of massive online attacks, proving the case to attackers on the usefulness of Internet of Things (IoT) devices in forming botnets. Security pundits say that cybercriminals will continue to build off the momentum of the past several years in scaling up unprecedented IoT botnets next year.
“What is changing, and will become only more apparent in 2019, is the size of the attack surface and the velocity of the attacks themselves. The Internet of Things felt like a neat buzzword a few years ago, but literally every facet of our lives is now online,” says Sean McGrath, privacy expert and cybersecurity advocate at BestVPN.com. “From the cars we drive and the planes we fly to the critical infrastructure we rely on for our energy, water, and safety – everything has an IP address.”
And if it’s online, it is ripe for attack, he adds. “And the larger the attack surface, the greater the real-world consequences will be when things do go wrong,” McGrath says. “Hackers are exploiting the woefully inadequate security on smart home devices to build powerful botnets, capable of delivering devastating DDoS attacks.”
According to McGrath, many of those devastating attacks researchers expect on critical infrastructure “will be powered by the devices in our homes.”
Cloud Infrastructure Is Too Tantalising to Ignore
IoT devices won’t be the only ones bot herders will favour in 2019. Cloud infrastructure will also prove a juicy target.
“Recently there has been a change in devices targeted by bot herders. Based on developments we are seeing in the wild, attackers are not only attacking resource-constrained IoT devices, but they are also targeting powerful cloud-based servers,” says Daniel Smith, head of security research for Radware’s Emergency Response Team. “When targeted, only a handful of compromised instances are needed to create a serious threat. Since IoT malware is cross-compiled for many platforms, including x86-64, we expect to see attackers consistently altering and updating Mirai/Qbot scanners to include more cloud-based exploits going into 2019.”
This is just one of the many cloud avenues attackers will go down in the next year. According to Gartner, public cloud services are on track to grow by 17.3% in 2019. The more we move to the cloud, the more attackers will be seeking to take advantage of that attack vector. Smith believes we’ll be seeing public cloud services targeted by at least one major attack in 2019.
“While cloud adoption is touted as faster, better, and easier, security is often overlooked for performance and overall cost,” he says. “Organisations trust and expect their cloud providers to adequately secure information for them, but perception is not always a reality when it comes to current cloud security, and 2019 will demonstrate this.”
Getting to IoT Through the Supply Chain
Major news coverage of supply chain attacks in our technology ecosystem has demonstrated the lengths to which attackers will go to initiate their activities at the supply chain level. Some security experts believe that these kinds of attacks will target IoT devices in a big way next year.
“The major devices targeted will be IoT and will range anywhere from consumer-based routers to home-based nanny cams,” says Morey Haber, CTO at BeyondTrust. “Expect the supply chain for many vendors, including those that produce personal digital assistants, to be a new target from threat actors who infiltrate environments and insecure DevOps processes.”
To ensure your business is as protected as possible, contact the cyber security experts at Domain Digital on (08) 9441 6300