In every intelligence industry there’s often a central aim: predicting the future. We collect and analyse, dissect and interpret, looking for that essential nugget that will give us the edge over our adversaries by indicating what they’ll do next. While this activity goes on 24/7/365, the end of the year encourages us to go public with forecasts to help navigate the choppy waters on the horizon. This year, because all good intelligence involves collaboration, I’ve combined my thoughts with those of our threat analysts and security strategists to give some insight into the TTPs and sectors likely to be top of the list for cyberattackers in 2019.
1. Destructive attacks and nation-state activity continue to ramp up
In 2019, I’m predicting we’ll see more instances of island hopping, particularly via public cloud infrastructure. We’ll also continue to see a wave of destructive attacks as geopolitical tension continues to manifest itself in cyberspace.
2. Counter-detection gets more sophisticated
3. Breach to extortion will become common
“Attackers have been actively using ransomware to make a quick buck by locking systems and encrypting files, but this activity could move from compromise of systems to compromise of personal lives. Breaches of social media platforms present a wealth of data to be mined by bad actors. This data could be used to correlate activities between people to find illegal, scandalous or compromising behaviour and then leveraged for traditional blackmail at scale. “Pay up or your spouse/employer gets copies of these direct messages,” an example note might read. We can fight ransomware on our own networks with anti-malware tools or backups, but we depend on giant companies to protect our more personal details.”
The breach doesn’t even have to be real to result in extortion attempts, as was seen in 2018 with the mass email scam purporting to have compromising video and passwords of the victims. Imagine an attacker building on data from a breach and fabricating message contents and then demanding “ransom” be paid. This type of attack definitely takes more work to pull off, it’s more targeted and difficult, but the payoff could be there. Victims may be willing to pay more money and pay up more readily when it is their real lives and reputations at stake vs. their digital files.
4. Supply-chain attacks in healthcare
There is so much focus on just making sure that devices are discovered and protected on networks, that managing medical devices on top of this opens up a large attack surface. The trend toward remotely managing patient conditions via IoT devices increases that surface still further – this vector could be weaponised by bad actors.
Healthcare is also starting to move to the cloud as part of UK government’s ‘Cloud-first’ policy, so cloud providers should be evaluated under a stern eye to ensure that proper and secure procedures/processes are in place to protect patient data.
5. Steganography makes a comeback
Whatever 2019 holds, here at Carbon Black we’ll be working 24/7 to collect, analyse and interpret the intel that will keep us a step ahead of our adversaries. Wishing you all a happy and cybersafe New Year!