2019 Emerging Cyber Threats

2017 was a banner year for ransomware attacks. According to Newsweek, in 2017 attacks were up 250% causing over $5 billion in damage to businesses and Governments.  In 2018 industry predicted that ransomware attacks would accelerate and be the principal cybercriminal activity.  According to MalwareBytes, in the early part of 2018 ransomware dropped to less than 10% of all reported infections.   What happened?  Cybercriminals found that it was easier to infect devices with crypto mining malware and steal computing resources rather than requesting a bitcoin ransom.  Malicious email exploiting known software vulnerabilities caused 90% of infections.  Trends in 2018 show that it is hard to predict emerging threats although hackers continued to use known techniques to infect computers.

As 2019 kicks-off it is important to look forward to what might be the next cyber threat or new technique to be exploited by cybercriminals.  

Emerging threats and tactics

I have never been good at predicting but I thought I would present some ideas that I have come across that we may begin to see in 2019.  The remainder of this discusses some new emerging threats and tactics.

Poisoning machine learning (ML)

Machine learning is a promising cybersecurity defense technology emerging within many new security products.  Using ML, systems can be trained to baseline behavior and apply analytics to identify threats that span environments or use evasion strategies.  ML can track devices based on their exposure to current threat trends and automatically applying patches or updates.  Hackers rather than evading ML detection may find it easier to exploit the ML of the defensive systems.  Attackers may compromise a ML system by injecting instructions that may create vulnerabilities in an enterprise or ignore particular behaviors.

Zero-day mining

By combining ML and fuzzing techniques, cybercriminals can analyze a potential target and automatically mine for zero-day vulnerabilities.  Fuzzing is a technique used by researchers to discover vulnerabilities in hardware and software.  Fuzzing may inject invalid, unexpected, or semi-random data into an interface or program and then monitoring for unexpected events identifying vulnerabilities.  By applying ML models to fuzzing will improve efficiency and effectiveness for finding new vulnerabilities.  This new approach enables cybercriminals to identify and exploit systems using zero-day vulnerabilities.

Swarms 

The next generation of BOTnets is both autonomous and intelligent.  Swarms accelerate an attack by sharing real-time information about which exploits are the most successful and shorten the time between targeting and compromise.  An automated mass exploiter is used to create Swarms.  Online search engines, such as Shodan, may locate specific connected devices on the Internet.  Once a set of targets are identified, it leverages penetration testing tools to target device to identify vulnerabilities.  These vulnerabilities may be exploited to establish a swarm. A swam is very similar to a BotNet with a new and improved menacing name.

Influence operations  

The 2017 elections have shown that bad actors can use information to influence an outcome using social media, fictitious news outlets, or another Internet-based information source.  Influence operations may extend beyond the political arena and used for industrial espionage.  For example, consider a competing company is posting negative information with the purpose of creating fear, uncertainty, or doubt about the viability of their competitor's product. In a global economy, this could be of particular concern if orchestrated by a nation-state. 

Conclusion

As long as there is money to be made cybercrime continues to grow.   ML and AI are becoming part of an enterprise defense these same technologies will be used to improve the effectiveness of criminal exploits. 

Reference

Anthony Cuthbertson. “Ransomware Attack’s Up 250% Hit US Hardest.” Newsweek. November 23, 2017