Cybersecurity attacks in 2019: the predictions

Source: Symantec.

Thompson.

How are cybercriminals going to penetrate enterprise defences in 2019? The same way they did in 2018 in many cases, with basic cyber hygiene often neglected, but there will be new angles of attack as well. Here are some possible ways:

Is your software safe?

According to Hugh Thompson, Symantec CTO and Steve Trilling, Senior VP and GM Security Analytics and Research at Symantec, the software supply chain is now a popular target, with attackers implanting malware into otherwise legitimate software packages.

“Such attacks could occur during production at the software vendor or at a third-party supplier. The typical attack scenario involves the attacker replacing a legitimate software update with a malicious version in order to distribute it quickly and surreptitiously to intended targets. Any user receiving the software update will automatically have their computer infected, giving the attacker a foothold in their environment,” they said.

Source: Symantec. Trilling.

“These types of attacks are increasing in volume and sophistication and we could see attempts to infect the hardware supply chain in the future. For example, an attacker could compromise or alter a chip or add source code to the firmware of the UEFI/BIOS* before such components are shipped out to millions of computers. Such threats would be very difficult to remove, likely persisting even after an impacted computer is rebooted or the hard disk is reformatted.”

Cryptomining on the up

Cryptojacking - the process by which a device is hijacked illegitimately for cryptomining - “shows no signs of slowing down”, according to ESET Senior Security Researcher David Harley.

Source: ESET. Harley.

Coin-mining or cryptomining – the hijacking of hardware to mine cryptocurrency – continues to be a problem in 2019. Harley said, “We can also expect to see more coin-mining software attempting to remove competing coin miners on compromised systems in order to get a higher-calorie slice of the processing pie.”

Nilesh Jain, VP of SEA & India, Trend Micro, agreed. “We will start to see more cloud instances being used for cryptomining, because cloud mining is easy to start and maintain, and does not pose a roadblock to miners for whom obtaining hardware and electricity is a challenge.”

Social engineering

Source: Trend Micro.

Jain.

“The role of social engineering in successful attacks against businesses and individuals will continue to increase throughout the year. Since 2015, the number of phishing URLs blocked by Trend Micro has increased by nearly 3,800%. This offsets the lessening reliance on exploit kits, which has decreased by 98% in the same time. Additionally, attackers will continue to rely on known vulnerabilities that remain unpatched in corporate networks for 99.99% of exploits, as this remains a successful tactic,” Jain added.

In Trend Micro's Mapping the Future: Dealing with Pervasive and Persistent Threats report, it is predicted that 2019 will see phishing attempts not only in email but also in SMS and messaging accounts. There will also be completely new types of attacks like SIM-jacking, which relies quite heavily on social engineering. “This attack method allows criminals to hijack a cell phone without the user’s knowledge, making it difficult for consumers to regain control of their devices,” Jain explained.

Source: ACI Worldwide. Scriven.

Phishing attacks will increase exponentially, agreed Gene Scriven, Chief Information Security Officer (Senior VP of Global Information Security) at ACI Worldwide.

“The days of poorly-worded messages filled with grammatical errors and cut-and-pasted logos are over. Messages are now more succinct and do a much better job of masquerading as legitimate correspondence. This will bring a rise in the number of successful phishing attacks. In fact, spear-phishing (phishing designed to target specific individuals or roles in a company) will become the norm,” he said.

“Since the costs (and risks) of mounting phishing attacks to plant malware or steal credentials are so disappointingly low, phishing will continue to be one of the most prevalent attack vectors used by malicious individuals.”

Less ransomware. Or more?

Scriven believes that ransomware incidences will fall into 2019. “This is because fewer companies paid ransoms to recover data than expected, while malware/ransomware defences have improved. Ransomware will, however, remain in the hacker toolkit, but will be used mostly as a distraction, to focus attention on the locked files, while a data-harvesting attack is silently occurring elsewhere in the network. Whether delivered via email or visits to malicious websites, basic malware (keylogging, data mining, etc.) will also increase as an attack vector of choice because of its simplicity and effectiveness,” he said.

Source: CrowdStrike.

Sentonas.

Michael Sentonas, VP Technology Strategy, CrowdStrike, thinks ransomware remains a significant threat in 2019 on the other hand. He highlighted the 'SamSam' style of ransomware attack in particular.

“While most ransomware is spread indiscriminately, usually via spam emails or exploit kits, this year we saw adversaries exercise patience, with ransomware being used in a targeted fashion. A great example of this was the SamSam attacks.

“The SamSam group’s modus operandi is to gain access to a network, perform reconnaissance to map out the network, before encrypting as many computers as possible and presenting the organisation with a single ransom demand. This is concerning as it shows that the group behind this attack are skilled and resourceful; they are using tactics and tools more commonly seen in espionage attacks. (In 2019) we’ll see more targeted enterprise ransomware of this nature,” said Sentonas.

Cyberespionage

Sentonas further shared that CrowdStrike predicts more state-backed attacks in 2019. “On a macro level, we predict that there will be an increase in cyber activity in North Korea and China respectively. Despite being on the charm offensive for most of 2018, behind the illusive curtain of North Korea, they will continue their financially motivated attacks on banking institutions engaging in the theft of funds. In addition, although no destructive attacks were reported, there’s a high probability that they will continue to target their neighbours, South Korea,” he said.

In China's case, an increase in cyber espionage has already occurred over the past 18 months, specifically from China in their trade war with the US, Sentonas said. “In 2019, with the war set to escalate; China will look to ramp up their efforts to obtain intellectual property and trade secrets. Eventually both countries will come to an agreement, but this is unlikely to happen in the immediate future, and as a result, we will see more intrusions,” he said.

A related trend will be in repurposing nation-state strategies for corporate extortion. McAfee experts suggest that bots used to amplify deceitful messaging will be redeployed by cybercriminals. “Following in the footsteps of recent infamous nation-state campaigns to sway public opinion, cybercriminals will likely repurpose bots and leverage social media to extort organisations by threatening their brands,” said a group of McAfee thought leaders from McAfee Labs, McAfee Advanced Threat Research, and members of McAfee’s Office of the CTO.

Explore:

Browse the full list of 2018 round-ups and 2019 predictions in TechTrade Asia

*Unified Extensible Firmware Interface (UEFI) is an interface between the operating system and firmware. Firmware is also known as BIOS, which provides services for operating systems and software, and gets the computer hardware working when the power is switched on. 

In October 2018, Bloomberg ran a story about how Chinese companies had compromised the motherboards of computers in US companies with chips that could spy on what the computers were doing. There is some controversy about whether this is currently possible with the state of electronics technology in play today.