Other issues in this category (7)
Scare the bejesus out of us
The New Year is coming, and that means it’s time to sum things up and take a look at predictions for 2019. Why are we interested in forecasts? Well, they let us compare our personal viewpoint with that of other companies and security researchers.
In 2019, cybercriminals and black hat hackers will create malicious chatbots powered by artificial intelligence and machine-learning technologies.
Criminals have long been using underground call centres to contact the targets of their scams or render "technical support" to organisations. Such services are offered on hacker forums on a regular basis. Contacting people by phone is way more effective than sending them spam emails because the attack can be truly personalised, and the imposter can quickly make changes to whatever it is they are proposing to their would-be victim in order to best persuade them to fall for their scam.
However, a lone hacker can't set up a call centre and perform all the tasks by themselves. A call centre requires premises and human resources and involves staff recruitment and dismissal. Essentially, one has to establish a company even though it would be operating in violation of the law. And that means someone may get arrested.
Bots are devoid of such shortcomings. Crooks can upload these software programs on compromised servers and discard them when necessary with no regret whatsoever. It is teaching the robots how to maintain a long meaningful conversation that remains problematic. But it is quite possible that smarter programs will appear in the coming years, and then we'll witness a sharp increase in the number of phone scams. This prospect is not particularly pleasant.
Machine learning also opens up new opportunities for blackmailing and intimidation. And it can be hard to punish those responsible.
Alas, no anti-virus can protect one from such attacks.
Forty-five percent of all ransomware attacks in 2017 targeted health care organizations, such as the NHS in the UK. In 2016, the Hollywood Presbyterian Medical Center paid a ransom of $17,000 to regain control over its computer networks.
Next year, targeted ransomware campaigns will focus on utilities and industrial control systems.
Attacks on industrial facilities aren’t yet a trend, even though many experts were talking about them this year and in previous years. Despite their predictions, a sharp increase in the number of attacks remains unlikely. Why? Because large companies don't like to pay a ransom—recall what happened during the WannaCry and NotPetya outbreaks. Orchestrating an attack of this sort may require a lot of resources, whilst a positive outcome is very unlikely.
Meanwhile, attacks on routers and adware numbers are guaranteed to increase. The ability to easily compromise network devices offers excellent opportunities for criminals to display ads without any personal computers showing signs of compromise.
In 2019, the United Nations will address the issue of state-sponsored cyber attacks by enacting a multinational Cyber Security Treaty.
The growing number of civilian victims impacted by these attacks will compel the UN to more aggressively pursue a multinational cyber-security treaty that establishes rules of engagement and impactful consequences around nation-state cyber campaigns.
Russia actually proposed such a treaty, but the proposal was declined. So, in general, we’re sceptical.
You may remember the fictional concept of a “fire sale” attack from the 4th Die Hard movie, in which a terrorist group planned a coordinated cyber attack against the USA’s transportation, financial, public utility, and communications systems and services. The terrorists wanted to use the fear and confusion caused by the attack to siphon off huge sums of money and then disappear without a trace. In 2019, we will see a version of this fictional attack become a reality.
Next year, a hacktivist organization or nation state will launch a coordinated attack against the infrastructure of the Internet.
Attacks targeting infrastructures and designed to cause panic. An unlikely outcome, too, because such actions could spark a war. However, precedents exist—just recall the attack carried out against root DNS servers, with the goal of disrupting the Internet.
But jokes being played? That’s entirely possible. Abuse a city infrastructure to post a fake message, or hack into a competitor’s traffic control system to ruin their reputation—things like that have already happened.
In 2019, new worms will appear that can propagate themselves via vulnerable systems and avoid detection.
As you know, WannaCry is a conventional worm of this type, and it is still active. Companies and ordinary users are still neglecting to install updates. So, as for that prediction, we say it is entirely possible. The number of outbreaks isn’t likely to be great, but even one such species can cause turmoil.
It’s highly likely that we’ll see at least one of the threat categories utilised to compromise a WPA3 network in 2019.
For years, experts have been frightening people with talk of impending attacks over wireless networks, but in reality attacks of this kind are few. The reason is simple: expensive hardware is required to mount the attacks, while the number of potential victims is relatively small. So it is possible, but unlikely.
As biometric logins become more common, hackers will take advantage of their use as a single-factor method of authentication to pull off a major attack in 2019.
Mounting an attack of this kind is difficult, so we probably won't witness many of those. However, one-off attacks involving biometric markers are possible.
Making information security-related predictions is a thankless task. For example, who could have expected that vulnerabilities would be found in CPUs? True, no one has taken advantage of them yet because doing so is tricky business.
But we are confident that adware and rogue miners will remain with us in 2019. The latter will probably lose some ground but persist nonetheless.
Now, how many of our readers are ready to unleash their imaginations and come up with their own predictions for 2019?