The year 2018 introduced a challenging cyber threat landscape. Threat actors consistently improved their weapons and quickly adapted their cyberattacks to emerging technologies. The 2019 Security Report includes a thorough analysis of what today’s security threat trends are. Also learn where your weakest links are, security threat predictions, and recommendations on how to protect your organization from being tomorrow’s next victim. Uncover the facts with the 2019 Security Report and get strategies to secure your organization now.
2019 Cyber Threat Predictions
Whereas in the past we saw attacks causing mass damage across hundreds of thousands of targets simultaneously, it would be fair to say that the threat actor’s mind is turning more towards far more specific closely chosen and more lucrative targets. As a result, we predict the biggest threats to organizations in 2019 will continue to be motivated by the ability to make a profit.
As the cybercrime industry matures, we expect to see similar types of attacks continue, yet bring in a higher return for their creators. In the case of ransomware this would mean attacking assets where threat actors can demand a higher ransom and with a higher likelihood of the victim making the payment; crypto mining targets assets that offer greater CPU capacity and therefore faster mining with a smaller footprint. This would mean cloud infrastructure is under threat due to the scalable and agile features they offer.
Targeted phishing attacks, often in the form of whaling, that often rely on natural human error will likely become more prevalent and a more popular attack strategy. Also, we expect to see more attacks using cloud infrastructure and IoT devices not only as direct targets themselves but also as the main point of entry due to these devices often being less secure than networks, endpoint, and on-premise data centers, and offering attackers an easier way in.
An organization’s fleet of company-issued and BYOD mobile devices continues to be overlooked as far as security is concerned. As a result, we believe that not only will mobile malware become more prolific in the year ahead but also that an all-in-one mobile malware that combines capabilities for multiple purposes will become more prevalent. This includes the combination of banking Trojans, keyloggers, and ransomware that will give attackers multiple options from which they can profit from an infected device.
Rates of banking malware that steal two-factor authentication or create a fake bank credentials window were steadily increasing in 2018 and will continue to grow, replacing malicious crypto-mining apps as the main mechanism for malicious profit.
The scalability of the cloud allows organizations to do things they could only imagine with their own data centers. However, as the level of understanding about securing the cloud remains low, we can expect to see an increasing number of attacks aimed there to specifically achieve account takeovers.
We expect to see threat actors targeting specific company departments and employees, also known as spear phishing, to reap more lucrative rewards. For example, account payables/receivables mailboxes are tempting to hack as they offer an opportunity to manipulate invoices, transfer funds or send intellectual property to the attacker. All this can be achieved from a trusted and genuine hijacked email account.
While more organizations move to the cloud, the awareness that they are still responsible for the security of data held there is still lagging. While it is true that there is less control over the cloud, this doesn’t mean there is less to do from a security perspective. For while the cloud may be somewhat more secure against attack methods that were used in the past, this means we are likely to see attacks more focused on the business logic of the cloud.
49% of organizations will increase their cloud security budget in the next year. -Source: 2018 IT Professionals Security Report Survey
The introduction of GDPR in May last year helps address this issue of data theft by protecting the rights of EU customers. As a result of this step, we may well see other global authorities the following suit and introducing further regulations to protect data privacy.
Cryptojacking also proved to be a profitable form of attack in 2018. With so many organizations still unaware of its potentially crippling effect, we will likely continue to see cryptojackers prevalent across IT networks. What’s more, we may well see cryptojackers being used against more lucrative targets and more low profile methods to allow for longer infection times.
When more and more decisions are being made by artificial intelligence and machine learning algorithms, it is only a matter of time before threat actors turn their attention to the potential for havoc these mechanisms hold. After all, we have already seen how voting patterns can be manipulated by big data and the algorithms used by social networks.
AI is gradually being incorporated into many industries, often disrupting them to make them more automated. The Finance sector, for one, is increasingly using it to facilitate insurance policies and claims. Were a threat actor, either independent or nation-state backed, to target these mechanisms and manipulate the results they produce, the fallout could be catastrophic. As the 2008 economic crash reminded us, the financial system is fragile. When sensitive decisions are being made by mere algorithms, it is these decision making systems themselves that could well become a target of attack. Indeed they serve as an attractive target for threat actors potentially manipulate how highly impactful decisions are made.
The main issues associated with insecure IoT devices as far as consumer privacy and safety is concerned is that standard IoT devices, from wireless routers to smart fridges and toasters, may be undermined by vulnerabilities within them.
For enterprises though, IoT devices will remain the weakest link in security and we predict that more attacks will make use of them as their point of entry as well as them being the targets in and of themselves. This is due to them being harder to secure and yet are being adopted into the corporate infrastructure at an ever-increasing rate, thus enlarging the attack surface.
As a result, we expect more authorities will follow the example set by California which recently introduced a new state law to improve cybersecurity. By 2020, to sell products in California, manufacturers will need to ensure that devices, such as home routers, have a unique pre-programmed password or an enforced user authentication process as part of the setup. Default passwords such as ‘password’ or ‘default’ will be deemed weak and in breach of new state law. This positive step should encourage manufacturers to produce products with greater built-in security that can then be rolled out to the wider global market.
In the last few years governments have become highly concerned by cyber threats that target critical infrastructures, such as the power grid. As a result, many countries have formed entities such as CERTs to oversee their national cybersecurity (committees, agencies, authorities, etc.).
However, CERTs are more of an advisory nature as well as serving to support regulations and investigations. This can leave governments and their citizens exposed. And if citizens do not think the digitally connected world is safe, this could weaken many world economies.
While we have yet to see non-state actors use cyberattacks to inflict mass damage and even loss of life, nation-states will most certainly continue and increase their use of cyber warfare. Critical infrastructure will continue to be a target of choice though international cyber-espionage will offer greater rewards for those who manage to successfully carry it out and greater losses for those who fail to protect against it.
Citizen data privacy will become an even hotter topic of contention, especially due to such data being well proven to impact so greatly on voting patterns and election outcomes. With the analysis of big data now a mainstream discipline, the protection of that data will continue to be paramount to avoid fraudulent activity and the abuse of it.
A Unified Security Architecture
Today’s cyber-attacks are more deceptive than ever. They can shift seamlessly between vectors while targeting organizations of all sizes. Countering aggressive threats requires an advanced security strategy.
A holistic approach to your security architecture is what’s required to tackle known and unknown threats across your organization’s entire IT network. You need to take a prevention-first view to block attacks before they happen, not just detect them. By doing so, your organization can remain one step ahead of today and tomorrow’s cyber threats.
A unified security architecture is the recommended solution. By implementing a solid, unified, and interconnected architecture, your business can eliminate single points of failure by providing the necessary strength and resiliency to maintain operations and security under any circumstances. Anything less exposes your organization to infiltration due to communication gaps with disparate systems that fail to integrate and communicate with each other.
When being able to monitor mobile, cloud and network, and leverage real-time threat intelligence from a shared intelligence platform, you can dynamically and seamlessly apply a security policy that prevents attacks and keeps your business operations running smoothly.
A unified and advanced multi-layered threat prevention environment offers essential capabilities. These include CPU-level sandbox prevention, threat extraction, anti-phishing and anti-ransomware solutions to defend against known and unknown ‘zero-day’ attacks.
When it comes to protecting businesses from cyber-attacks, we know threat actors will always exploit weak links. One of the softest targets and universally overlooked are your mobile devices. While granting your staff access to company information via mobile has many benefits, it also exposes your business to great risks.
New threats on mobile platforms are being discovered all the time. Take the Manin-the-Disk vulnerabilities, for example, which were shortly noticed in the Android version of the massively popular Fortnite game shortly after their discovery by Check Point Research. Also, traditional attacks like man-in-the-middle attacks over Wi-Fi and smishing attempts over SMS can all be used to steal sensitive information such as emails, texts, photos, calendar appointments, and attachments.
As a result, Android and iOS mobile devices must include a threat defense solution to prevent advanced cyber attacks. This technology protects the operating system, apps, and network, without impacting performance or user experience.
What’s needed is a technology that offers on-device network threat prevention, improved usability, and data privacy feature to:
- Prevent phishing attacks on all applications: email, messaging, and social media.
- Prevent browsing to malicious sites where devices may become infected.
- Block infected devices from sending sensitive data to botnets.
- Keep infected devices from accessing corporate applications and data.
- Mitigate threats without relying on user action or mobile management platforms. To protect against OS vulnerability exploits, this requires the use of both static and dynamic techniques to monitor all configuration changes at a device’s root level and the use of a behavioral analysis engine to detect unexpected system behaviors.
Prevention of malware delivered through fake apps should include a solution that captures apps as they are downloaded and runs each app in a virtual ‘sandbox’ environment to analyze its behavior. Also, amongst other variables, it should aggregate and correlate intelligence about the app’s source and reputation of the app’s servers as well as reverse-engineer the app for code-flow analysis.
In sum, mobile malware is no longer rare. Organizations should protect their mobile devices just as they do with endpoints and network, and not leave themselves exposed to potentially painful attacks.
Businesses come in all shapes and sizes: big and small, public and private, local, and global. But most have one thing in common: the cloud. The cloud is ushering in a new era of business. From software and platforms to infrastructure as a service, the cloud is revolutionizing modern IT networks, enhancing agility and efficiency.
But not all clouds have a silver lining. Naturally, clouds are always connected, so they’re an attractive target for cyber attackers. Anything placed in the cloud is potentially at risk. As a result, cloud security must be a shared responsibility between cloud service providers, who cover the infrastructure, and cloud customers who must protect their assets hosted in the cloud.
Once a threat is introduced, be it ransomware, account takeovers, or cryptominers, there is nothing in the cloud to natively protect your applications, platforms, data, or infrastructure. Nor is there anything to prevent such malware from propagating among cloud applications, attack virtual segments, or even ride unimpeded back to corporate networks.
And yet the cloud is here to stay and it is constantly evolving. Dynamic clouds, therefore, require dynamic security that’s elastic, empowers agility, and stays ahead of the most sophisticated attacks. This security must deliver proactive protection for cloud infrastructures and SaaS applications while supporting auto-scaling and one-click deployments.
To avoid account takeovers, a growing menace in cloud security that has led to many data breaches, solutions should include identity protection technologies. This will prevent unauthorized users and compromised devices from accessing your SaaS applications hosted in the cloud. By intercepting any unauthorized access and limiting data exposure through user behavior engines and shared intelligence of malware, OS exploits, and network attacks and APIs across all other network devices, organizations can protect their sensitive cloud-hosted information.
The ongoing move toward private clouds and a Software-Defined Data Centre (SDDC), where all the infrastructure elements (networking, storage, CPU, and security) are virtualized and delivered as a service, also raises new security challenges. Such challenges include ensuring security is not compromised when new applications are instantly deployed and move around the data center as well as keeping internal traffic growth visible and network security policies enforceable.
Therefore, organizations should adopt a private cloud security solution that protects dynamic virtual environments from external and internal threats, including those propagating via inter-VM traffic. Comprehensive security protections should also include firewalls, IPS, anti-bot, anti-malware, and be designed to protect communications between applications in the private cloud through tight integration with leading private cloud platforms such as VMware NSX and Cisco ACI.
Advanced features such as auto-provisioning and auto-scaling along with automatic policy updates will also ensure security protections keep pace with all changes to your cloud. Additionally, a single unified console that offers consistent visibility, policy management, logging, reporting, and control across all cloud environments will allow IT professionals to manage these systems with greater confidence and ease.
While threat actors try hard to keep a lower profile for their menacing activities, they do not escape our watchful eye. Indeed, never does a day go by that we do not see organizations under constant attack from the ever-growing number of malware spreading at higher rates than ever.
As we have seen through the latest threat trends, malware has evolved to be more stealth-like than ever and open to almost anyone to carry out an attack. Indeed, the democratization of the cybercrime ecosystem paves the way for new, unskilled attackers to enter the malware distribution arena. Anyone willing to pay can easily obtain the suitable tools and services needed to launch any kind of cyber attack.
In the fifth generation of the cyber threat landscape, as technology has evolved, so too do threat actors’ adapt and abuse such technologies for their malicious ends. The cloud environment has changed the way companies manage, store, and share their data, applications, and workloads. Along with a wide range of benefits, though, the cloud infrastructure also introduces a new, fertile, and attractive environment for attackers who crave the enormous amount of available computing resources and sensitive data it holds.
While we consider the cloud to be an organization’s weakest link, should they be using such services, threats posed to them via their employees’ mobile and IoT devices are also ones to seriously take into account as one of many attack vectors from which sensitive data can be stolen or leveraged to launch an attack.
Despite the ever-growing number of malware, however, infiltrating IT networks from an increasing number of entry points, there are advanced threat prevention solutions available. Indeed, the specific advantages these technologies hold over more traditional solutions must be implemented if organizations are to stay ahead of cybercriminals in today’s threat landscape.
Source: Check Point Software Technologies: 2019 Cyber Security Report: Learn How to Survive Today’s Targeted Cyber Attacks