We asked our top analysts to compile a cyber threat forecast for the year ahead. Here are the top emerging trends to watch for in 2019.
1. Information Warfare Targeting Companies
From data leaks to troll armies, the private sector may soon be caught in the crosshairs of information warfare campaigns meant to inflame public relations and legal controversies. States could wreak havoc by leaking harmful internal communications and spreading fake and embellished stories on social media accounts.
2. Using IoT Devices to Broaden State Espionage Operations
Connected TVs, webcams, and printers have already been used to mine cryptocurrency and launch distributed denial of service (DDoS) attacks, and their abuse will likely increase in 2019. Though state-linked activities will focus on creating communications proxies, they could also use IoT botnets to conduct widescale intelligence collection or search for weak network endpoints to exploit.
3. Secure Chip Cards May Fall Short
Now that credit card authentication chips have finally reached widespread adoption in the U.S., they will likely become a larger target for cybercriminals. Attackers have already successfully infected EMV readers with malware to skim money from ATMs. This year, attackers may evolve to use this technique at retail points of sale as well.
4. The Weaponization of Adware Networks
Recent technological advances in adware are transforming it from a minor nuisance to a real threat. With new in-memory, file-less techniques, more sophisticated adware versions will become highly resistant to forensic analysis. And it’s only a matter of time until adware owners recognize the sale value of the large volumes of user profile data they've collected.
5. AI-enhanced Information Warfare
AI generated video, or ‘deep fakes’, will grow in popularity this year as apps that generate false video and audio content become more available. Advances in research are also laying the groundwork for increasingly realistic forgeries. Deep fakes will increase the potency of influence operations that mix stolen data with false content.
6. The Expanding Wireless Attack Surface
More IoT device makers are turning to proprietary and non-WiFi wireless protocols, paving the way for threat actors to discover new—sometimes completely insecure—attack vendors. In addition to expanding the attack surface on enterprise networks, these systems may leave openings for criminals to attack customers directly via their devices.
7. State-Sponsored Threat Actors Double Down on Deception
Nation-state actors will increasingly exploit weaknesses in current attribution trends to muddy the waters when an attack strikes. This return to the shadows by state groups will result in a guessing-game among cybersecurity experts, resulting in low-confidence assessments and speculative reporting that will complicate tactical-level detection, strategic threat forecasting, and threat modeling.
8. Water Utility Targeting Bubbles to the Surface
Though industrial control system attacks focused on the U.S. energy sector for the past decade, water utilities are a prime target for state-sponsored attacks this year. At a minimum, U.S. water companies should expect reconnaissance activity by foreign state-backed groups attempting to gain insight about, and access to, these systems.
