Threat landscape in Cyber Security 2019? We list the most focused one so far that have been acknowledged.
Follow the money
Cyber criminals main objective is to make money, while declining BitCoin price, crypto mining and ransomwares are still the main purpose by cyber criminals. Shifting trend is the targeted focus on large corporations. Besides smaller examples, earlier this year one of the world’s biggest aluminum producers Norsk Hydro was targeted, it has so far costed them up to $40m and still counting.
Cloud security
Cloud environments not only improve operations, but also increase exposure of services and customer data. Poor security measures: misconfigurations, weak credentials or stolen credentials are common cause of data breaches.
Social engineering
Business email compromise increase, the sender of the email impersonates an executive member and ask for sensitive information or tries to execute financial orders. FBI estimates USD 12.5 billion losses as of 2018
Email are still the biggest attack vector by far for spreading malware.
According to ENISA 92% of all malware are spread through email (spam and phishing). There are no indications of reverse trend.
Espionage and cyber operations
Capabilities and motivation of countries and involved groups increase. The likelihood of being either direct target or collateral damage therefore increase. NotPetya malware intended disrupt Ukraine but caused Maersk USD 300 million.
Supply chain attacks
Firms fall victim of collateral damage of attacks on companies in their supply chain. Symantec reveals increase of attacks by 78% between 2017-2018. Example is computer component manufacturer ASUS, which was used to deliver malware to their customers.
Mobile attacks
Attacks on mobile platforms have increased. The mobile endpoints are usually not as secure as traditional clients such as PC and nearly all employees within a company have some access to corporate data which makes it a target. Fake apps or modified original apps have increased, social engineering through SMS are still a working method to collect data or spread malware. Privacy concern such as GPS data for example are also in focus in 2019.
IoT
No one has missed what value IoT can bring for both companies and the customer while being used in homes, medical devices, cars etc., the threat landscape is an increased area of focus. The security in these devices can be compared to the early era of internet when security was poor and immature. The 2nd biggest DoS attacks ever recorded called Mirai happened in 2016 which consisted of hacked IoT devices, through bad design and default passwords the malware scanned the internet with known credentials and created a huge botnet to attack different targets. The cybersecurity company Palo Alto have seen a new version of Mirai in 2019 being used in the wild, the overall trend is more focus on similar attacks to be used both to attack companies and or to steal the data because of the immature security on different IoT devices.
Trend spotting by Christoffer Söderlund and Tomas Beinaravicius
