The Cyber threat is ever changing and getting more innovative. The need for cybersecurity is fuelled by the threat of hackers and cyber criminals who pose a serious challenge to the security of important data, information and systems. The year 2018 ended with a lot of organizations reporting massive data breaches and personal data of users being compromised. It has been reported that thousands of customer personal accounts have been compromised including that of various organizations like British Airways, Facebook, Quora, Mariott, Abine, Blur, etc. to name a few. There has been a constant ongoing war between cyber security specialists trying to secure their data and attackers trying to breach the secured zone. Statistics revealed there were 2,216 data breaches and more than 53,000 cybersecurity incidents reported in 65 countries in the 12 months ending in March 2018. Cyber attackers continue to penetrate the perimeter and steal sensitive data and disrupt operations on a large scale.
The question is how many more data breaches we will see in 2019 and how big they will be? Hackers are becoming increasingly sophisticated and trying more innovative way at collecting external data about their targets. Data has also given a lot of new opportunities for organizations to explore and generate insights from data for further usage. Securing this huge data is also the responsibility of organization considering the ongoing cyber threat.
McAfee, in its latest research has come out with the threats and prediction for 2019 and analyses the latest trends that can pose serious challenge. The defence mechanism opted by various organizations also becomes more elaborate with the usage of automotive technology, IoT, AI, RDP, etc. to secure their sensitive information and data. McAfee report also expects to see the use of multifaceted, synergistic threats where several different kinds of cyber threats such as phishing and ransomware are used in tandem. Attacks like these are hard to classify and even harder to mitigate. The research focuses on areas where cyber defenders need to pay attention.
Main findings of McAfee Cyber Security Predictions 2019
- McAfee predicts that there would be increase in activity relating to exploiting android-based mobile devices. Mobile platform provides enough space for cyber criminals, given the amount of access they have to sensitive information such as bank accounts, passwords, etc. Third party scheming operations will increase targeting large ecommerce platforms, linking stolen credit cards, and silently steal fresh credit card details. The market for stolen credentials will increase as recently large data breaches occurred and left users data vulnerable.
- The report indicates an increase in malware specifically ransomware to infect remote desktop protocol (RDP) as an entry point to cause infection. These will become more rampant. Another expected increase in malware is related to cryptocurrency mining, which will become more sophisticated.
- The year 2019 will also see increase in bypassing AI based engines and cyber criminals can implement artificial intelligence in their malicious software, the study says.Therefore,leveraging artificial intelligence so that it can check infected environment remains a priority. As organizations are embracing AI for productivity and efficiency but at the same time these AI can be programmed by hacking groups to manipulate for more sophisticated attack.
The cyber criminals and hacking groups mostly operate underground in a collaborative zone of trust and have hidden hackers’ forum and chat groups which serve as market for cyber criminals. McAfee predicts that there will be increase in such group activity creating stronger malware-as-a-service families that will actively work together to will drive more sophisticated attacks like cryptocurrency mining, rapid exploitation of new vulnerabilities, increases in mobile malware, stolen credit cards details and credentials.
- As organizations embrace cloud to shift workload, securing data in cloud will continue to be challenge .The data that is stored in cloud is sensitive and amounts to 21% as per the study which includes intellectual property and a vast amount of customer data and personal data as well that can be easily hacked. The data stored in cloud platform will be used by users for collaborating and finding a better value added services and that amount can increase upto 33% says study. As companies are finding various models based on SAS software to store data in cloud, cyber criminals will find more ways to target the cloud. So cloud becomes an easy target for cyber criminals especially those with weak application program interfaces (APIs) or ungoverned API points.
- The study reveals there would be an increase in usage of social media by cyber criminals to spread misinformation and spoil the brand image of organizations by twitting malicious news, manipulating conversations and to drive agenda that stands ready. Further, there would be an increase in activity related to repurposing these campaigns to extort companies and threaten to damage their brand image. Social media platforms will be using increased measures to protect their customer data, but cyber criminals will find more ways to further spearhead their attack in such data rich environment, says the study. An increase in unauthorised data filtration in the form of transfer or copying can also put users data in more vulnerable zone, as per the study.
- The next in target as per the research are home base IoT devices and voice controlled digital devices. Cyber criminals will continuously find ways to attack home base devices gaining entry to a home based network since they remain poorly secured and their passwords are easy to crack. Further, the research says that the main expected vectors for attacking home based IoT devices would be routers and smartphones/ tablets. Infected IoT devices can steal more personal data and information which can became top targets of cybercriminals as they take new techniques to take control. The success rate of attacks will increase and the routes through which these cyber-attacks had been carried out will be difficult to identify, it says. Any type of voice controlled digital devices may also fall into sophisticated malware attack and start to malfunction like giving commands opposite to its nature. Bots that are used in organizations for various functional capabilities can be used by cyber hackers to gain access and extract critical data and information pertaining to users posing a major security challenge for organizations.
Consumers are exhausted by breaches and abuse of their personal data that have led organizations to introduce new privacy safeguards in the services they provide. IoT devices are more machine centric and therefore it’s important for such devices to identify the trusted ones and ignore the rest. IoT edge devices are prone to every attack as their self defence mechanism is weak. McAfee researchers have demonstrated how medical devices protocols can be exploited and can endanger human lives while compromising with their most private and sensitive data. So it can be said that in future cyber criminals will be choosing IoT devices for its less resistances and can be easily exploited.
(Image Courtesy: www.solutionsreview.com)