2019 cyber threats trends
2019 will surprise us with technological improvements that will boost global connectivity such as the implementation of the 5G network. However, this also means the evolution of cyber threats that companies must face, since technological improvements become new opportunities for the development of more powerful and sophisticated malware.
We just need to take a look back to 2018, one of the most scandalous years in terms of ransomware attacks and data breaches. Companies such as Facebook and Marriot were involved, affecting more than 500 million people.
According to the consulting company Juniper Research, in 2020 the average cost of a data breach will be 150 million dollars while cybercrime will cause losses close to 2 trillion.
Several experts in cybersecurity agree that this year will be one of the most difficult to face for companies and point out these as the cyber threats in 2019.
Most powerful botnets
Just a couple of years ago, Mirai, one of the most lethal botnets, managed to knock down a large internet portion by focusing its attack on the IoT. Due to the great vulnerability of various devices connected to the internet such as smart tv's, security cameras and even refrigerators, Mirai was successful using a simple code.
However, this botnet was the first big alert for companies that are already investing in adapting their products to the IoT. Although some manufacturers may have anticipated the risk of botnet attacks like Mirai, not all of them are prepared to invest in expensive updates of their products.
According to Kaspersky, botnets attacks to the IoT will increase drastically this year. The cyber pirates will seek to hijack as many devices as possible to create swarms of bots also called Hivenets that allow them to attack the most vulnerable points of the network.
Plus, the arrival of the 5G will give Hivenets greater effectiveness by making use of better latency to communicate with each other and act together. This is highly dangerous for all devices connected to the IoT but much more for those connected to hospitals, transportation, energy and any other sensitive sector on which many lives depend.
How to stop a botnet?
According to Kaspersky, a defense from a botnet or DDoS attack is due at server or ISP level. However, for a common user, the best defense is to update all the software installed in the computer and avoid clicking on suspicious links. Unfortunately, the ingenuity of many users when opening malicious links is the main causes of malware expansion allowing hackers to build botnets faster.
Cloud services providers under fire
As everything becomes more dependent on services in the cloud, vulnerabilities increase. Unfortunately, the investment in security that cloud providers have made in recent years has not been sufficient. Why? Because most cloud configurations are new and continually have to adapt. This causes configuration errors such as that experienced by Amazon with its S3 error.
However, the biggest danger to cloud providers seems to be inside the house. That Trojan horse may be the company employees! It has been detected that a large part of the security problems faced by cloud providers comes from the negligence of some employees when making use of their credentials. This causes the theft of sensitive information and malware expansion.
It is predicted that in 2019 social engineering attacks targeting employees involved in cloud services will be more aggressive than in previous years.
What is social engineering?
It is a method used by cybernetic hackers to obtain sensitive or confidential information through the manipulation of legitimate users. Some examples of social engineering are phishing and pharming.
The case of pharming is special since it steals information by modifying the queries to DNS servers in real time. Then modify the lmhost file that handles all web queries.
Increase Supply-Chain attacks
During 2019 companies will expand much more their Supply-Chain due to their growing need to open up to new partnerships. Cybercriminals have realized this and know that one of the most vulnerable points to infiltrate and attack a company is through its network of suppliers and contractors.
There are examples that can show us the danger of attacks to Supply-Chains as the case of Target Data Breach that affected one of the largest U.S. retailers.
According to Target, hackers stole the data of more than 40 million credit and debit cards from clients that visited their stores during 2013. The attack on Target occurred through the HVAC retailer.
Even more horrifying seems to be the suspicions around the hardware manufacturer Super Micro which is among the main suppliers of Apple, Amazon and the United States government.
Super Micro is pointed by Bloomberg because of possible manipulation of the motherboards that the manufacturer sells to big companies by using secret Chinese chips installed in the hardware.
These circumstances will force companies to put more control into their supplier risk management processes. In addition, it will be necessary to tighten policies for constant monitoring and access to record retention. The attacks on Supply-Chains will undoubtedly be one of the most publicized threats of 2019.
Supply-Chain attacks prevention
A Supply-Chain attack can occur in any industry, from the energy sector to the financial or government. The attack consists of infiltrating the companies system through the suppliers that have access to the company's data.
If we take into account that currently, large companies have more than one provider, the risk of an attack increases. One of the ways to reduce the risks of a supply chain attack is to reassess the security and privacy policies of all providers, especially the smallest ones.
Suppliers should also be required to agree to establish security controls such as self-assessments, customer visits, audits, or acquisition of cyber insurance.
The year of the crypto-jacking
During 2018, crypto-jacking became one of the preferred methods of intrusion by cyber pirates. Security experts such as Webroot mention in their last September report that only crypto-jacking accounted for 35 percent of the total threats that companies faced.
The same report indicates that many more cases of crypto jacking are expected because this method of infiltration allows attackers to move in an easier, faster and safer way without the use of malware, that is, without leaving a trace.
In the millions of URL requests that Webroot analyzes per day, it detected that 3 percent of the time, users access sites with crypto mining scripts. The most visited crypto mining sites were Coinhive and Xxgasm. Those sites that intentionally use the Coinhive script to monetize may not be informing their users that they are actively mining.
Although Coinhive has tried to regulate this situation by implementing an opt-in to inform users about how their CPU power is going to be used, for criminals and legitimate owners of the sites using mining scripts it is easy to evade this regulation.
Criminals usually modify the sites without their owner's knowledge to perform crypto mining, for example, redirecting the traffic from Coinhive to Monero. This strategy disguises mining with lower counts to avoid being discovered.
How crypto-jacking works
Crypto-jacking or crypto mining malware uses invasive access methods such as drive-in scripts. This method runs in the background and offers anonymity to the attacker.
During crypto-jacking, pirates appropriate the computing power of any device to exploit the cryptocurrency. Due to its profitability and low risk of detection, crypto-jacking will be projected as one of the biggest threats in 2019
Nations in Cyberwar
For armies is no longer necessary to launch a bombing over an enemy city to destroy its infrastructure. It is enough to have a team of expert hackers to destabilize a nuclear plant, airplane navigation systems, the electricity supply or a water plant of any city.
Technology provides us with many benefits but also with great risks. One of them is cyberwar. The growing tension between the United States, China and Russia have triggered a kind of low-intensity cyber war that can scale to large dimensions at any time.
Above all, we must take into account the expansion of the IoT and its growing vulnerability. Shodan, the scariest search engine on the internet can give us an example of what you can do with any device connected to the IoT.
2019 is expected as one of the most intense years in cyber attacks sponsored by states in tension. For sure, this is the worst and scarier version of a cyber attack that we can face during this year.