2019 Hackers Playbook

Overview

Moving into 2019, it is important to try to anticipate cyber-threats and address them before they happen. Analyzing advances and major events during 2018 three main observable areas of influence during 2018 are the increase in computation power, the increased diversity of connected devices, and an increase in political tensions.  These indicate a likely increase in five attack areas outlined below.

1.      Continued rise in traditional based attacks 

It is predicted that a constant rise in traditional attacks will occur in 2019. This includes basic attacks such as phishing, account take over, and technical based exploits. The rate of occurrence for these attacks seem to steadily increase every year and there is no indication the 2019 will be any different. 

2.      Artificial Intelligence and Machine Learning based Attacks 

There is an increased rise of interest around Artificial Intelligence and Machine learning. Because of this, these terms seem to have become buzzwords and yet there seems to be a lack of sufficient understanding as to what they actually are. This has led to many misconceptions and an unsupported understanding of what AI and Machine Learning can accomplish with cyber-security.  

Artificial Intelligence is defined as “a branch of computer science dealing with the simulation of intelligent behavior in computers” and in conjunction with Machine learning have been in development since 1984. Because of current computation capabilities, computers require complex and correct algorithms to complete any give task and cannot learn or adapt based on example or analogy alone. Computer systems still require data sets and these predefined algorithms to accomplish any task and therefore lack the true ability to make decisions that simulate intelligent behavior.

Today’s systems are inching closer to recreating this intelligent behavior but still require a perfect set of defined algorithms coupled with large data sets to rewrite and refine code, both which are resource intensive. Because of this, not all “AI/Machine learning” systems are created equal and attackers understand this.

The introduction of more powerful 7nm processors and the ease of obtaining powerful graphics cards has increased the capabilities of AI/Machine learning systems. This processing power is relatively easy to obtain and fairly inexpensive such as the Nvidia GTX 1060 TI or Intel’s new I9 processor.  

Attackers can leverage the combination of these powerful processors as well as possessing or refining better AI/Machine learning algorithms than their targets to carry out these attacks. It is predicted that in 2019, we will see a rise in attacks that leverage both AI/Machine learning and exploit weakly deployed AI/Machine learning based systems. 

3.      SCADA Attacks 

SCADA based attacks have been occurring at an accelerated rate over the last 8 years and have increasingly devastating effects. Some milestone attacks against SCADA are the Stuxnet attack in 2010, the Ukraine Power Grid in 2016., and the 2017 Triton attack. 2018 saw a substantial increase in nation state interest of utilizing SCADA environments as cyber-war attack vectors.  

In 2018, there has also been an influx and merging of IOT devices within SCADA environments. This is because of the low cost of IOT devices and ease of use in deployment. Because of these two factors, it is predicted that we will see a rise of attacks against SCADA environments. 

4.      Corporate level Psy-ops Campaign

The rate of Psychological manipulation, known as Psy-ops, campaigns conducted by nation states saw a surge in 2018. This source seemingly totes in the wake of Russian involvement in the United States Elections. This also seems to be escalated by political tension between the United States and China of the “Trade Wars”. It is predicted that 2019 will continue to see an increase of Corporate espionage and Psy-ops campaigns and should be considered as a threat. 

5.      Cloud Based Attacks 

2018 continued a steady 6% growth of businesses moving to hybrid cloud based architecture yet the rate of cloud breaches has risen nearly 14%. This alarming rise of attacks against cloud-based architecture seem to be related to security being an afterthought in design. It is predicted that this trend will continue and compound through 2019.

 [c1]Make into 1 sentence, Example, The three main areas of influence we see are XYZ and as a result we are going to see a rise in five attack vectors broken down below. 

 [c2]AI is defined as Z and has been work on since 1984.

 [c3]Very wordy. You use complete too many times and I got tripped up reading it. Try to find a way to combine the two sentences

 [c4]Great paragraph!

 [c5]What is psy ops? Might just be me as a sales rep but maybe a short line of what it is incase somebody as well is unaware

 [c6]Maybe include a stat from saas breaches or something