Looking Over The Horizon: What Does Cyber Security Have in Store for 2019?

Tom Kellermann

Tom Kellermann

In every intelligence industry there’s often a central aim: predicting the future. We collect and analyse, dissect and interpret, looking for that essential nugget that will give us the edge over our adversaries by indicating what they’ll do next. While this activity goes on 24/7/365, the start of the year encourages us to go public with forecasts to help navigate the choppy waters on the horizon. This year, because all good intelligence involves collaboration, Tom Kellermann has combined his thoughts with those of threat analysts and security strategists to give some insight into the tactics, techniques and procedures and sectors likely to be top of the list for cyber attackers in 2019.

Destructive attacks and nation state activity continue to ramp up

Geo-political tension remained high throughout 2018, bringing with it an associated uplift in cyber insurgency. The US trade war with China is undoubtedly a factor behind the recent resurgence in Chinese cyber espionage and this is set to continue.

As well as espionage targeted at infiltration and data theft, our intelligence detected an escalation of attacks where the primary objective was destruction. Our most recent Quarterly Incident Response Threat Report depicted a widespread adoption of C2 on sleep cycles, while a high prevalence of attack victims experiencing ‘island hopping’ and counter incident response.

In 2019, I’m predicting we’ll see more instances of island hopping, particularly via public cloud infrastructure. We’ll also continue to see a wave of destructive attacks as geopolitical tension continues to manifest itself in cyber space.

Counter-detection becomes more sophisticated

In 2019, we’ll continue to see attackers attempt counter-detection in the form of Vapor worms – fileless attacks that display worm characteristics and propagate through networks – and Internet of Things (IoT) worms. As attackers become more sophisticated in their methods, defenders will need to become more adept at spotting evidence of incursions through proactive threat hunting and analysis.

Breach to extortion will become common

Paul Drapeau, enterprise architect in our Threat Analysis Unit, believes that our habit of putting our private lives online in the hands of third parties will come back to haunt us in 2019. He told me: “Attackers have been actively using ransomware to make a quick buck by locking systems and encrypting files, but this activity could move from compromise of systems to compromise of personal lives. Breaches of social media platforms present a wealth of data to be mined by bad actors. This data could be used to correlate activities between people to find illegal, scandalous or compromising behaviour and then leveraged for traditional blackmail at scale. An example note might read: ‘Pay up or your spouse/employer receives copies of these direct messages’. We can fight ransomware on our own networks with anti-malware tools or back-ups, but we depend on giant companies to protect our more personal details.”

The breach doesn’t even have to be real to result in extortion attempts, as was seen in 2018 with the mass e-mail scam purporting to have compromising video and passwords of the victims. Imagine an attacker building on data from a breach and fabricating message contents and then demanding a ‘ransom’ be paid. This type of attack takes more work to executive and is more targeted and difficult, but the pay-off could be there. Victims may be willing to pay more money and pay up more readily when it’s their real lives and reputations at stake versus their digital files.

Supply chain attacks in healthcare

When it comes to the sectors facing the highest risk, our security strategist Stacia Tympanick expects to see a lot more supply chain attacks occur within the healthcare industry. Healthcare is a tough attack surface to protect and could be a tempting target for nation state actors bent on disrupting Critical National Infrastructure.

There’s so much focus on just making sure that devices are discovered and protected on networks that managing medical devices on top of this opens up a large attack surface. The trend toward remotely managing patient conditions via IoT devices increases that surface still further. This vector could be ‘weaponised’ by bad actors.

Healthcare is also starting to move to the cloud as part of the UK Government’s ‘Cloud First’ policy, so cloud providers should be evaluated under a stern eye to ensure that proper and secure procedures/processes are in place to protect patient data.

Steganography makes a comeback

I always like to make at least one semi-bold prediction each year, and this year I’m saying that steganography makes a comeback. Steganography is the technique of hiding secret information within innocuous images or documents. It’s an ancient practice – think Da Vinci hiding codes in the Mona Lisa.

Examples of steganography are just as hard to detect in the cyber world, with code being masked in legitimate files designed to make it past scanners and firewalls.

We could see steganography being used in combination with other attack vectors to create persistence and control mechanisms for malware that’s already running on a compromised network.

Tom Kellermann is Chief Cyber Security Officer at Carbon Black

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts