Skip to main content

Cyber Attack Targets & Outcomes to Watch Out for in 2019

By Morey Haber, CTO, BeyondTrust

There are three jobs in this world where you can be completely wrong all the time and still not have to worry about being fired. One is a parent. Another is a weatherperson. And the last one is a technology trends forecaster. Having failed as a weatherman, and with the results of my parenting skills still up for debate, I have turned my mental prowess toward bold predictions on the state of data breaches, IT security, and cyber risks!

I have categorized this list of predictions into two categories—Attack Vectors/Targets, and Attack Outcomes. Attack vectors/targets include the mechanisms cyber attackers will use, as well as their ultimate objectives. Attack outcomes include how organizations will respond.

Attack Vectors/Targets

Privileged attacks continue
Privileged attack vectors will continue to be the number one root cause of breaches for both consumer and business data. While Gartner acknowledged that Privileged Access Management as the top security priority for 2018, many organizations are still in denial of their privileged account risks, which frequently stem from poor password management hygiene.

2019 will see even more high-profile breaches. Organizations must discover and manage their privileged accounts because the attack vector is not going away anytime soon, and ugly newspaper headlines will continue to plague boardrooms.

Well-known vulnerabilities will continue to dominate cyber-attack reports
The pattern of successful attacks through the use of well-known and entirely preventable vulnerabilities shows little sign of abating. Organizations continue to focus their efforts injudiciously, ignoring the lower severity vulnerabilities with known exploits in favor of largely academic, high severity vulnerabilities. This leaves their systems vulnerable to becoming footholds, which can then open up pathways for further exploitation, resulting in major data exfiltration incidents.

Artificial Intelligence (AI) on the attack―Skynet is becoming self-aware!
2019 will see an increasing number of attacks coordinated with the use of AI/Machine Learning. AI will analyze the available options for exploit and develop strategies that will lead to an increase in number of successful attacks.

AI will also be able to take information gathered from successful hacks and incorporate that into new attacks, potentially learning how to identify defense strategies from the pattern of available exploits. This evolution may potentially lead to attacks that are significantly harder to defend against.

Industrial control systems come into focus
The next few years will see an increase in the attention that ICS/SCADA systems attract from cybercriminals and nation-state hackers. The opportunity to create ransomware scenarios directly affecting critical national infrastructure will draw attention from cyber criminals motivated both, by financial gain, as well as those who are looking to develop weapons in the evolving cyber-frontline.
Historically, Operational Technology (OT) teams have been reluctant to engage with IT security practices, but we are seeing this change as all teams recognize that cybersecurity is a critical aspect of business continuity.

The supply chain is at risk
Major security breaches will continue to dominate the news, but the latest form of attacks on organizations will come in the form of an attack on their supply chains.

Considering the recent Bloomberg article accusing China of embedding chips the size of a grain of rice into supermicro servers, and previous attacks using embedded chips on printers purchased by the United States Government, the threat is very real. 

Corporate attacks and corporate espionage will take on a whole new meaning as more supply chain attacks with embedded malware are discovered. But this is the tip of the iceberg in terms of cyber threats—the major devices targeted will be IoT and will range anywhere from consumer-based routers to home-based nanny cams. Expect the supply chain for many vendors, including those that produce personal digital assistances, to be a new target from threat actors who infiltrate environments and insecure DevOps processes.

Attack Outcomes

Android closes open access
Android will no longer be fully open and extensible. Google has already announced that only the “default” application can access calls and SMS texting data for the next release of Android, and the default application must be explicitly set in the configuration. No longer can multiple applications―including tools used for spam detection—be shared with your favorite calling and texting applications.

Expect Google to continue this trend to fight malware and spyware by closing more of the operating system in the name of security.

Monetizing data
Infonomics will begin to become mainstream and, just like other intellectual property, expect businesses to begin applying a value to the data and disclosing the information they have and what it costs “for sale”.

If you think this is farfetched, consider the value of GPS data over the last 30 years. From the early days of MapQuest to dedicated GPS receivers, driving and transportation data has become a commodity.

However, if you start layering other data―like traffic, construction, etc.—used by the likes of Waze, you have a high-valued database that will become crucial for autonomous cars. There is real value there, and it will come at a price to car manufacturers. The data itself therefore has a value, and businesses will begin rating themselves more publicly on the Infonomics they possess. And not just to private equity firms or other businesses looking at merger and acquisition activities, or purchase of the information.

Millennials ruin everything―evolving definitions of privacy
The millennial generation will share almost anything on the Internet. Social media has proven that almost anything goes regardless of its perceived sensitivity. This implies that nearly an entire generation has a lower sensitivity to private data and that a “who cares” attitude for sensitive information is beginning its own movement.

In addition, as we become numb to data exposure, expect some push back from the youngest voting group regarding the data being exposed due to a hack. If most sensitive personal data is public (like name, email, address, birthday, etc.) and only the most important information protected (national ID numbers, bank records, credit cards), the value is diminished for anything already being exposed today and the “who cares” movement has begun.

Expect data classification to evolve based on the youngest users, and what we consider private today will not be private, or of a concern, tomorrow.

Centralized information brokers emerge
In an effort to protect and control the exposure of personal data, information ‘brokers’ will begin to emerge. These services will provide centralized mechanisms that allow granular sharing of data so that only the essential data is shared for whatever service you are signing up to.

The EU has been working on digital identity in this form for several years and may well be the first to bring that into full effect, but others will follow in providing a mechanism by which our data is decentralized. This will help limit individual data exposures when systems are compromised and allow more control by individuals over their data and who has legitimate access to it.

In closing, as in any cyber defense strategy, I first recommend getting the basics right—secure your privileged accounts, eliminate excessive user privileges, ensure secure remote access to critical systems, patch the vulnerabilities with known exploits, and report, report, report. 

I wish you all a prosperous and attack-free 2019!

- ENDS - 


Popular posts from this blog

Snap Tube can download any video in your regional language

Snap Tube is an Internet Company founded in 2016 with the objective in providing services in the mobile related products and services. Within a span of 18 months, Snap Tube gained lead place in the global market by its satisfactory service to its esteemed consumers. Snap Tube started new feature in India where the user can use the app in his mother tongue, where Snap tube is coming up with the introduction of Indian Regional languages. Namely Hindi, Tamil, Telugu, Bengali, Gujarati, Malayalam, Marathi, Urdu and Kannada.
Snap Tube is now operated and available in more than 100 countries and recognized as trust worthy around the globe. Now there are more than 40 million downloads across the world and everyday more than 10 million users are getting the benefits of the application.
Snap Tube is a tool designed to download videos in a simple, fast, and convenient way from YouTube, Facebook, Twitter, and Instagram. It is a user friendly and with this application user can download the video…

Insurtech startup Kruzr raises $1.3 Million from Saama Capital and Better Capital

InsurTech startup Kruzr has raised 1.3 Million USD (Rs. 9.5 Cr) for its seed round led by Saama Capital with participation from Better Capital. Kruzr is a preventive motor insurance technology which helps insurance companies personalize policy premiums & improve their risk model by delivering an engaging preventative driving assistant to their customers. Kruzr is founded by Pallav Singh, Ayan, and Jasmeet Singh Sethi.

Kruzr blends the power of voice technology and artificial intelligence in its personal driving assistant that helps drivers minimize mobile distractions, drowsy driving, speeding and external risks like weather and accident-prone zones. In pilots with insurers, Kruzr managed to cut down distracted driving by 80%. Kruzr is working with motor insurance companies in Europe, UK and India to bring its technology to their customers to prevent accidents & improve claims.

“Road accidents cause over 1.3 million deaths globally every year, and motor insurance companies los…

Going Beyond the Buzz in 2019-Understanding 'Digital'

By: Chris Pope, Global VP of Innovation, ServiceNow

There are college degrees in computer science and software engineering that feature various different programming languages and methodologies. Looking further, there are technical architecture courses and many extended forms of tuition designed to school us in every aspect of technology you can think of. Yet, despite all these channels of teaching and the many books that have been written to explore our world of technology, we appear to largely fail when it comes to formalising a wider approach to simply ‘teaching digital’.

Understanding digital, the subject, the discipline itself, is a prerequisite if firms are going to actually appreciate where new and emerging technology will have an impact on an organisation.

A responsibility to embrace digital
The consequences of not embracing digital and the process of moving fundamental work operations to new cloud-based, services-driven platforms leads to something of a vicious circle. Firms st…

Best Five Apps to Help You to Keep Your New Year’s Resolutions

Millions of people will declare their resolutions for 2017. Whether you're resolving to lose weight, get fit, pay off your debt, or just be more grateful for the life you've got, it can be notoriously difficult to follow through in the long run. But put technology on your side and give it your best shot. Here are best five apps designed to help you stick with your New Year's resolutions and achieve your goals.