[German]At the end of 2018, the provider of security solutions, Malwarebytes, has given an outlook on IT security in 2019 and publishes some predictions.
Cyber criminals will continue to target users’ IT systems in 2019. According to Malwarebytes, the following security issues can be expected in 2019:
- New high-profile breaches will force the security industry to address the common problem of usernames and passwords for signing up for online services. There are already many solutions for securing logins today: asymmetric cryptography, biometrics, blockchain, hardware solutions, etc., but the cyber security industry has not been able to agree on a common standard to solve the security problem. In 2019, we will be making greater efforts to completely replace traditional passwords.
- IoT botnets will expand significantly. In the second half of 2018, Malwarebytes detected several thousand MikroTik routers that were hacked to implement Coin Miner. However, this is only the beginning: more and more hardware devices are being compromised to infiltrate everything from cryptominals to Trojans. There will be large-scale attacks on routers and IoT devices, and they will be much harder to patch than computers. Simple patching does not fix the problem when such device classes become infected.
- Digital skimming will increase in frequency and sophistication. Cybercriminals are going after websites that process payments and compromising the checkout page directly. If the shopping cart software is faulty and users enter their data on the checkout page, it is likely that their information will be sent in plain text so that attackers can intercept it in real time. Examples in 2018 were the hacks to British Airways and Ticketmaster websites.
- Microsoft Edge, the proprietary browser included with Windows, will be a key target for new zero-day attacks and exploit kits. By switching from the often disdained Internet Explorer, Microsoft Edge is gaining significantly more market share compared to other browsers. Malwarebytes expects there to be more mainstream edge exploits in the transition to this next-generation browser. However, Firefox and Chrome have already done a lot in comparison to secure their own technology, which makes Edge the next big target. Note: With regard to Edge, the Malwarebytes outlook is no longer up to date. Edge will have a chromium core in 2019.
- EternalBlue or a variation thereof will become the most widely used method for spreading malware in 2019. Since EternalBlue malware can spread on its own, it poses a particular challenge to businesses.
- Cryptomining on desktop PCs, at least on the side of commercial users, will practically die out. As was seen in October, when MikroTik routers were hacked to transfer miners, cyber criminals simply do not get value by attacking individual consumers with cryptominers. Instead, cryptominig attacks will focus on platforms that can generate more revenue (servers, IoT).
- Soundloggers, which are among the types of attacks that aim to avoid their own detection, will become more common. Keyloggers that record sounds are called sound loggers. They are able to hear the frequency and volume of the click to determine which keys have been struck on a keyboard. Attacks of this kind were originally developed by government agencies for attack purposes.
- Artificial intelligence will be used to create malicious executable files. While the idea of running malicious AIs on a victim’s system will remain science fiction at least for the next 10 years, malware that is modified by, created by and communicates with an AI is already a dangerous reality. AI controllers allow malware to modify its own code to prevent it from being detected on the infected system, regardless of the security tool used. One can imagine a malware infection that behaves almost like the Borg people of Star Trek, spontaneously adapting and assimilating its attack and defense methods according to what it is dealing with.
Further details of those predictions may be found within the Malwarebytes blog.
Cookies helps to fund this blog: Cookie settings