The last three years in IT innovation have laid the foundation for even greater changes within the technology sphere. While some of these changes will simply build on developments in IoT, AI, smart industries and smart homes as well as the cloud, others such as the impending rollout of 5G will herald in even newer innovations and introduce even greater security concerns.
If we look beyond just technology and turn our attention to large scale global events where technology plays a major role, 2019 is set to bring out the cybercriminals in their droves as we are poised to see the finalisation of Brexit, a number of international sporting events such as the 2019 World Cup Rugby and a host of country elections, not to mention national elections right here in South Africa. All of these create a prime hunting ground for cyber criminals.
We may not think that cyber attacks and the World Cup Rugby are in anyway connected, but they are. Cyber criminals use world events to disperse fake news, which is particularly damaging during political events and elections. One way in which these are used as a tool by cyber criminals is that major sports events are often leveraged to send out emails with malicious links, or to extort money from their victims.
According to research we’ve done at Trend Micro, exploit kits were widely used in 2018 to distribute malware, however, there has also been an increased return to the old tried-and-tested methods of social engineering and phishing. Building on this, in 2019 we will most likely see a rise in SMS phishing as hackers try to obtain banking and other personal details from users. Notably, accounts used for cloud storage and cloud services will also be targeted in 2019.
Click here to read more about chatbots used in phishing, compromised business email, and other cyber security issues.
What we will also start seeing is the use of chatbots for phishing. Users have become increasingly accustomed to making use of chatbot services that are hosted on websites as a means of support. This will make it easier for malicious actors to use this method to extract personal information or log in details from a user in order to gain access to bank accounts or as a means to send the user malware.
Looking ahead we predict that we will see an increase in hackers exploiting home networks as a way into an enterprise network. With more companies adopting remote working as an option for employees, we anticipate that we will see more breaches that come from unsecured home networks as organisations don’t have visibility on the threats that may affect staff at home.
Staying with businesses, it is also predicted that business email compromise (BEC) will continue to be employed by cybercriminals, however, targets will be managers a little lower down in the hierarchy. Previously, BEC has focused on those responsible for making payments, such as CFOs. However as this management layer becomes more security aware, malicious actors will start to set their sights on people like the CFO’s assistant or secretary instead.
As far as governments are concerned, the battle against fake news will continue into 2019. The goal for the cybercriminal here is to sway public opinion in a specific direction, and with so many countries holding elections this year, as well as the Brexit finalisation, we anticipate that we will see an increase in this sphere.
It is quite likely with these possible developments that there may be a stronger push for stricter regulation of data and security. Compliance has been a hot topic throughout 2018, and will continue to be an influencer in 2019 and the coming years, particularly as we navigate the digital age and big data.
If hackers are going back to basics, as it appears that they are, then so must we as a security industry. We need to look beyond the systems we deploy, continue to place extensive emphasis on the education of the end user, look at ways in which we can deploy intrinsic security – namely from the edge – through the network and into the cloud, and ensure that our security policies follow every user, every connection and every device.
If 2018 was anything to go by then 2019 is going to be exceptionally interesting for all security professionals. As an industry we need to be more vigilant in staying abreast of nefarious activity and developing tools to assist in stopping attacks, as end users you are going to be required to secure more with less. Ultimately we have the tools to help but we need to continually innovate in order to stay one step ahead.