Cyber-attacks and data breaches continue to increase in both frequency and in many cases complexity, and organisations can expect more of the same in 2019.
The threat landscape is expanding, attack techniques are constantly evolving, and nation-state attacks are increasing in terms of scope and sophistication. In 2018, OAIC reported that Australians have been targeted in more than 300 major data breaches - with hackers and criminals getting access to the private data of hundreds of thousands of people. Security and data protection will continue to be high on the agenda for many Australians.
With the start of a new year, CrowdStrike have shared their top six cyber security predications based on the trends and incidents tracked in 2018.
1. North Korea will continue their financially-motivated attacks on banking institutions and destructive attacks in South Korea.
Despite being on the charm offensive for most of 2018, behind the scenes North Korea continued their financially motivated attacks on banking institutions in terms of engaging in theft of funds. This year they will continue to fund their regime through illegal activities, the financial sector, including cryptocurrency should be concerned about North Korea having gone after cryptocurrency exchanges in the past as a way to launder money and get funds with not much traceability. We also believe they will continue destructive attack next year on South Korea. For almost a decade North Korea have been on a regular cycle of attacks against South Korea, this year was one of the few years we have not seen any attacks that were destructive in nature.
2. Supply chain attacks will continue to rise as attackers will leverage this route to carry out targeted intrusions
Over the last 18 months, supply chain attacks become one of the biggest threat vectors as organisations struggled with vulnerabilities. Software supply chain attacks have grown in frequency because of the high number of organisations that depend on third-party software for business operations and this shows no sign of slowing down. Supply chain attacks are a threat with significant potential for acquiring large numbers of victims and are often tied to well-resourced adversaries. Supply chain attacks will not only grow in frequency, but also in sophistication.
3. China will continue to ramp up commercial cyber espionage efforts as trade war escalates
We saw an increase in espionage activity last year that will continue into 2019. China will ramp up efforts to steal intellectual property and trade secrets as the trade war with the US escalates. While in the longer term both countries will most likely come to an agreement, this is unlikely to be resolved this year and we’ll see more intrusions into the US and broader western commercial sector. Locally in Australia there may also be retaliatorily attacks in in protest against state owned enterprise being excluded from large western government projects.
4. Cyber insurance rates will go up because of the increased payouts and risk
This is the golden age of cyber insurance, it will never be this good! Insurance providers are writing policies simply to get market share that may not make a lot of financial sense in the long term. The deals that you can get today because of the relative novelty of this market and the lack of data that insurance companies are using to under right the policies are an opportunity for business, so get in quick because by the end of this year prices will be significantly higher.
5. Attackers will start to leverage adversarial machine learning in their attacks to bypass security products reliant exclusively on machine learning for detection of malware
AI has been in use for years now on the defensive side – leveraging AI to proactively identify threats before they’re known. This year we may see attackers leveraging AI and a certain part of AI which is called adversarial machine learning that is used to bypass security products that rely exclusively on AI. We’ll see adversary machine learning beating other machine learning algorithms.
6. Final one I think will also be significant this year is enterprise ransomware and continued attacks similar to SamSam attacks.
While most ransomware is spread indiscriminately, usually via spam emails or exploit kits, recently we’ve seen ransomware being used in a targeted fashion. A great example of this was the SamSam attacks. The SamSam group’s modus operandi is to gain access to a network, perform reconnaissance to map out the network, before encrypting as many computers as possible and presenting the organisation with a single ransom demand. This is concerning as it shows that the group behind this attack are skilled and resourceful, they are using tactics and tools more commonly seen in espionage attacks. This year we’ll see more targeted enterprise ransomware of this nature.