The cyber security landscape is wide and getting increasingly more complex with every year – even month. With big cyber attacks happening on a regular basis, it’s hard for businesses – big and small alike – to detect the attacks and keep their IT networks and data intact and unused against them and avoid devastating effects on the business.
It’s everyone’s responsibility to do their part in defending against cyber attackers – the authorities’ as much as businesses’ – which is reflected in passing regulations such as GDPR as well as the strategic approach to cyber security more and more companies have adopted. But that just means that the good guys are arming themselves for the fight, not that the baddies have lost the war. In that sense, let’s see what we can expect from them in 2019.
1) Fewer ransomware attacks, but just as problematic
Ransomware attacks will become less frequent in 2019 as cyber criminals will move onto finding other ways of generating revenue – the attacks that will happen will be more focused and precisely targeted. According to Kaspersky, the number of users who faced ransomware attacks in 2017 and 2018 decreased by almost 30% over the 2016 to 2017 time period.
“The randoms went down, and the targeted ones were big news,” says Steve Ragan, CSO’s senior staff writer. For example, the ransomware group responsible for SamSam is now focusing primarily on relatively few U.S. companies, mainly municipal and healthcare organizations, according to Symantec. The reason for the decline is that criminals are finding cryptojacking and other schemes are more effective money-makers. The rising number and quality of ready-made cryptomining tools means that criminals don’t need to be technically skilled.
“Cryptomining will continue to be a threat as long as attackers can make quick cash from the infections”, says CSO contributor David Strom.
2) More data protection policies
Last year, CSO predicted that the EU would quickly punish a few companies in violation of its General Data Protection Regulation (GDPR) to make an example of them – which didn’t happen. Nevertheless, the threat of penalties over compromised personal information will still have a huge effect on security operations in 2019. With hundreds of complaints filed against companies engaged in surveillance capitalism – Google and Facebook – they are likely in for a few rough years. Moreover, rising concern over how companies use and protect personal information will encourage many Americans to hold those companies more accountable.
“The reaction by consumers to constant security breaches and other unethical information disclosures (e.g., Facebook) leads U.S. consumers to demand more default privacy and control over their own information,” says CSO contributor Roger Grimes.
He expects to see an effort to enact privacy laws similar to GDPR nationally in 2019. The California Consumer Privacy Act has already passed into law and goes into effect in 2020. On November 1, Sen. Ron Wyden introduced a bill titled the Consumer Data Protection Act (CDPA), which has stiff penalties, including jail time, for privacy violations.
“Companies will start seriously thinking about a privacy-first approach to data, especially as these laws expand to more jurisdictions, and to narrowly targeted verticals, such as banking, medical and payments,” says CSO contributor Maria Korolov. “That will require some major changes in how companies collect, use, and share data.”
3) More nation-wide attacks and surveillance of individuals
State-conducted or sponsored targeted cyber attacks on journalists, dissidents and politicians will continue to grow. Like-minded governments will turn a blind eye to such attacks on their own soil.
The worst possible outcome of a nation surveilling its own citizens played out in the case of Saudi journalist Jamal Khashoggi. Israeli newspaper The Haaretz reported that the Saudi government used Israeli cyberweapons to track Khashoggi while he was in Canada. The Israeli government appears to be a major exporter of technology that other governments can use to spy on its citizens. Another Haaretz story reports that multiple countries are using Israeli software to target dissidents and homosexuals.
4) Nations to establish cyberwarfare rules
There are no exact rules for cyberwarfare, and some nations seem to believe they can do almost anything with near impunity. “North Korea hacks Sony Pictures. Russia hacks industrial critical control systems and tries to influence the elections of other nations. China steals intellectual property. And the U.S. and Israel use malware to destroy nuclear equipment,” says Grimes. “Digital boundaries are being tested, and some nation states are starting to push back. Expect there to be a Geneva Convention for digital warfare coming soon.”
Rules or no rules, some nations will continue to push boundaries when it comes to cyber warfare. “Cyber attackers will continue to have a safe haven in Russia and China and North Korea,” says Korolov. “They will have more resources at their disposal than ever, either from their government backers or from the financial windfalls of this year’s ransomware and cryptojacking attacks. They will use these resources to find new attack vectors and to improve the resilience and adaptability of their malware. The situation will continue to get worse until something very major changes in global geopolitics, which won’t be until the next U.S. presidential election, at the earliest.”
5) More targeted spear fishing
Attackers know that the more information they have about you, the better they can craft a successful phishing campaign against you. Some are using tactics that are a bit creepy. “One of the trending changes in spear phishing are phishing campaigns where the hacker breaks into an email system, lurks and learns,” says Grimes. “Then they use the information they have learned, as well as taking advantage of the relationships and trust built between people who regularly communicate with each other.”
One area where Grimes sees this happening more is mortgage wire fraud, where home buyers are tricked into wiring closing fees to a rogue party by an email arriving from a trusted mortgage agent. “The hacker breaks into the mortgage lender’s (or title agent’s) computer and takes note of all the upcoming pending deals and their closing dates,” he says. “Then the day before the mortgage agent would normally send out an email telling the client where to send the closing money, the phisher uses the mortgage agent’s computer to beat them to the punch. The unsuspecting client wires the money, which is rarely recovered, and ends up losing the house (unless they can come up with another substantial closing payment, which most can’t do).”
6) Multi-factor authentication to become standard for all online transactions
Even though not a perfect solution, most e-commerce websites and online services will abandon password-only access and offer additional required or optional authentication methods.
“Only using a password to authenticate is increasingly leaving us open to phishing and other attacks,” says Susan Bradley, CSO contributor and Windows expert. “But the fact that all the vendors are implementing different systems to authenticate means I’m being driven slightly crazy with all of the two-factor authentications I’m having to manage. It won’t be better until a more standardized process is settled on.”
Those standards, at least on the vendor side, are on the way. “With FIDO2 browser enhancements and the Duo/Cisco acquisition, it could tip the scales. Expect to see more innovation here in the coming year that makes it easier and more compelling to use MFA than not to,” says Strom.