2019 is underway. Two weeks down, fifty to go. Technology continues to evolve rapidly and the threat landscape is constantly shifting. It’s challenging for organizations to try and stay a step ahead of cybercriminals and break out of the cycle of just reacting to the exploit du jour. Cybersecurity experts from IOActive are here to help, though, with insight on what to expect in the year ahead.
Based on cutting edge research, knowledge of emerging threats, and an understanding of established trends, here are five things you should look for this year:
Countries Will “Onshore” Cyber Testing and Products to Reduce Risk, Especially in the Supply Chain
Jason Larsen, ICS Principal Security Consultant at IOActive
Following on the heels of the Kaspersky directive in late 2017, we saw the start of what has been called a “nationalistic” cyber trend in 2018 as governments have started to look at shifting projects to internal security resources. From a risk perspective, many countries now prefer that their own countrymen protect their own critical infrastructure, rather than seeking support from global firms. This onshoring of cyber testing and products has rippled across the globe and will continue in 2019.
We’re hearing an increase in concerns about attacks on the supply chain—on both the hardware and software fronts. These attacks have been discussed theoretically or proved in some kind of demonstration, but in 2019 we will likely see more of these supply chain attacks in the wild. The catch is that these attacks are extremely hard to detect. For example, in 2018, we predicted and TrendMicro discovered the first Unified Extensible Firmware Interface (UEFI) rootkit in the wild. Named LoJax, the rootkit is believed to have been built from an anti-theft software program to snoop on European governments.,
There are two kinds of compromises when we talk about supply chain. The first involves true malicious actors who put compromises in place and the second is compromises that occur due to poor security posture, which is by far the bulk of what we should be concerned about. If vendors are still dealing with defects as a result of quality, then they have no hope of dealing with more intentional attacks. After all, there are a lot more bugs when products are based on third-party products—for example, bugs in the vendors’ vendor product.
Automation Will Help, But the Cybersecurity Talent Gap Will Remain A Problem As 2019 Brings More Impactful Attacks, Including Attacks on Smart Cities
Cesar Cerrudo, CTO at IOActive
The demand for cybersecurity talent will continue growing, but so will the advancement of automation. Thanks to automation, one person can now do the work of many. However, when it comes to jobs requiring highly-skilled and specialized people, automation cannot help.
Common cyber attacks and ransomware are already having a detrimental impact on companies. In 2019, we will see increases in these attacks and their negative impact on companies. Ransomware is an easy way for cybercriminals to profit, so it will continue propagation unless the bad guys find a better method to profit. Coin mining attacks may replace some ransomware attacks, depending on how cryptocurrencies do next year in terms of valuation and mining difficulty. This means cybercriminals could choose to use hacked computers more to mine cryptocurrencies, rather than asking for ransom.
In 2019, technology adoption in cities will continue to grow and speed up. Most cities are deploying new technologies at a rapid pace, regardless of whether they are big or small cities, because technology helps to provide better services and to reduce costs. While adopting new technologies is a great move which brings many benefits, it also brings many problems related to cybersecurity—the more technology that is being used, the more possibilities there are for cyber attacks.
Most technologies that are adopted aren’t very secure. As cities continue to deploy these technologies without first ensuring that they are secure enough, this puts city infrastructure and services at risk. Cybercriminals will keep targeting city services with ransomware, denial of services and other attacks as they continue finding easy ways to compromise city systems and profit from it. Maybe 2019 could be the year when we start seeing attacks with greater impact in city systems and populations, causing millions of dollars in losses and putting citizens at risk. Everything depends more and more on technology and if technology is not secure, people will suffer bad consequences when it’s hacked.
Kinetic Threats Will Increase and Researchers Uncovering this Type of Cybercrime Must Guard Against Personal, Targeted Attacks
Tom Brennan, U.S. East Coast Director at IOActive
When it comes to kinetic cyber, the criminal underground can trace back to researchers uncovering their activity in this space. Researchers who are taking down APT groups, publishing details about those groups, and disrupting nation state level attacks put themselves at risk for targeted attacks from the criminal underground. Whenever researchers wield the potential to disrupt criminal elements, such as the harvesting or making of money in the underground space, the criminal underground has the potential to physically target these individuals.
On that note, one of the big things we will likely see in 2019 is a significant increase in strategic cyber operations to further the interests of nation states. We expect a growing sophistication in the number of attacks and a faster movement of new techniques from nation states to NGOs.
Traditional Defenses Will Become Less Effective & Pentesters Relying on Available Exploit Samples Will Get Caught Quickly
John Sawyer, Associate Director of Services at IOActive
The last year has shown that attackers are moving down the stack, closer to firmware and the supply chain—all the places that you’re not looking. In this case, your traditional IT defense that focuses on operations and patching will become less effective.
More than ever, in 2018, attack methods were circulated online with samples appearing on websites such as VirusTotal and Twitter. The window between when a new bypass or evasion method is discovered and when it is “mined out”—or no longer worth putting into malware—is shortening. Exploits and evasions must be continuously discovered in order for red teams to stay relevant.
On top of this, researchers are constantly exposing new attack techniques via social media, which is great for resolving old threats. However, the issue arises when penetration testers rely on these pre-existing samples and exploit methods too heavily during testing. With the huge variety in threat actors and attack methods, relying on recent samples means that testers will be get caught very quickly. In the future, blue teams will need to be prepared for innovations that go beyond slight variations based on pre-existing malware samples.
Companies Who Take a Risk-Centric View and Focus on Operational Resiliency Will Persist Through Future Attacks, Especially Impending Large-Scale DDoS Attacks
John Sheehy, Director of Strategic Security Services at IOActive
It’s important not to look in the rear-view mirror and focus only on what has been successful in the past. Companies and agencies alike must identify emerging risk and manage it by having a very risk-centric view with a mature security program that covers IT, OT and, if applicable, product technology as well. We need to focus on operational resiliency. Many predictions this year involve attacks that will be deep in the supply chain. There is no way for the ordinary organization to see these today. As organizations continue to face an increase in social engineering, phishing and spear phishing attacks, how they manage risk post-breach will differentiate organizations in the near future.
In 2019, it won’t be surprising to see DDoS attacks coming back with a vengeance, due to higher speed infrastructure with insecure IoT devices. Attackers can pump attacks over with more bandwidth than the average home user by attaching to insecure devices. Soon I predict we will see the return of large-scale DDoS attacks that will take down whole sections of the Internet.
There will, of course, still be run-of-the-mill malware and exploits. You will still see ransomware and phishing attacks. Guarding against those threats is table stakes, though. As these predictions spell out, there are current and impending threats that are more innovative and focus on cutting edge technologies like smart city infrastructure, and IoT or IIoT (industrial internet-of-things) devices. Organizations that focus only on defending against common and obvious attacks may have a really bad 2019.