HOW HACKERS WILL THINK IN 2019: LOW HANGING FRUIT AND SOPHISTICATION IN FUTURE CYBER ATTACKS
December 27, 2018
As CISOs and other security professionals prepare to slam the door on 2018, the question, unfortunately, must be asked: what does 2019 likely have in store for organizations when it comes to cyberattacks?
Trend #1: a rise in ‘cryptojacking’ and the infection of crypto-miners
Sometimes called “cryptojacking,” we unfortunately predict a continued rise in infection rates of targeted computers to mine for cryptocurrency. This process, which can generate a steady stream of illicit revenue for hackers, is effective precisely because it’s not immediately apparent. A person knows that they have been hacked if they’re the target of a ransomware attack. Victims of cryptojacking, on the other hand, may not know that their machine has been infected and monetized because the process runs quietly in the background — leaving usual computer operating processes intact. In some cases, the mining will only take place outside of regular office hours. This renders it even more stealthy.
Trend #2: spear phishing attacks get even more personal
The Nigerian Prince style of phishing emails have been a punchline for a good few years now. But you know what no one is laughing about? Spear phishing. The 2018 Symantec Internet Security Threat Report found that 71% of targeted cyberattacks on networks started with spear phishing.
Spear phishing has become a go-to attack method because it’s so effective, with attackers able to design infected files that appeal to targeted individuals, ones crafty enough to trick even security savvy people. For those reasons, we’re likely going to see attackers continue to lean on spear phishing for targeted attacks, with attackers able to further tailor their attacks to specific employees within an organization thanks to the enormous amount of personal information available online. Not only do attackers have access to the information many willingly put on public social media accounts, but they can also comb through the data leaks from social media sites like Facebook for even more details to create perfectly engaging and innocent looking infected files.
Trend #3: low-level ransomware attacks increase due to the monetization of unpatched vulnerabilities
For many organizations, the biggest cybersecurity risks don’t come from professional attackers cooking up the next ingenious zero day exploit or hacking technique. Instead it’s the not-so-skilled baddies buying up cheap cyberattack tools on the dark web to try and make a bit of money that present the biggest or at least the most prevalent risk.
In 2019 that risk is likely going to take the form of widespread low-level ransomware attacks. This is because the last two years have seen major success for ransomware attackers, with both high-profile attacks like WannaCry and less famous attacks like Shrug raking in the bitcoin for the people behind them as ransomware protection failed. It would follow logically that with ransomware attacks gaining so much success and attention, improved ransomware protection would be a trend in and of itself. The problem is that so many forms of ransomware, especially those purchased for cheap on the dark web, target very old vulnerabilities that have been long forgotten…until they allow someone to lock up a company’s files. Even so-called improved ransomware protection can’t cover the unimaginable number of forgotten vulnerabilities.
Trend #4: major government hacking tools keep getting leaked and ending up in hackers’ hands
A government-designed hacking tool ending up in the wrong hands and becoming a go-to exploit for hackers the world over might sound like the plot of a dystopian novel, but it’s actually a reality in our dystopian digital world. Case in point: EternalBlue, a zero day exploit designed by none other than the National Security Agency to take advantage of a Windows OS vulnerability, and leaked to the public in 2017.
A versatile hacking tool, EternalBlue allows hackers to execute code on targeted computers. Since the leak, EternalBlue has been used by cryptojackers, a Russian state-sponsored hacking group named Fancy Bear, and perhaps most famously the massive WannaCry and NotPetya ransomware attacks.
While EternalBlue likely ranks as the most famous government-created zero day exploit or hacking tool, it isn’t the first and it isn’t the last. Other famously leaked hacking tools include the potentially devastating EternalRocks malware, which contains seven different NSA-leaked exploits, and a slew of CIA hacking tools leaked by a former employee in the Vault 7 documents.
Whether government hacking tools are a bounty sought by hacking groups looking for access to the world’s best exploits, are leaked by ex-employees looking to be the next Edward Snowden, leaked by rival nation states looking to embarrass a government, or even revealed by accident, the trend towards government exploits ending up online isn’t slowing down, and hackers are only going to have increased access to these powerful malicious tools. What this means for organizations in 2019 is that they’ll be regularly going up against malware and exploits originally designed to allow powerful governments to spy and infiltrate at will.
Trend #5: a focus on neutralizing potential attacks instead of detecting, containing or monitoring
Threat research and threat detection, containment and monitoring all have their place in security, of course. But in 2019 their place is going to have to be complementary to threat prevention. With the high level of sophistication in the upcoming year of cyberattacks thanks to targeted spear phishing and government hacking tools as well as the widespread nature of ransomware assaults targeting any and all vulnerabilities, prevention needs to have a starring role in any organization’s security.
Proactive, leading prevention solutions are the only ones capable of stopping everything from exploits targeting ancient vulnerabilities to the newest zero day attacks. Without this layer of impenetrable prevention, footholds can be gained, privileges can be escalated, and data can be stolen before detection solutions even realize an attack is underway. Solutions such as leading content disarming and reconstruction programs that are capable of ensuring a fully sanitized data stream by finding and destroying any malicious element in any incoming file are going to be more essential than ever in 2019.
The best threat research and fastest detection just can’t beat stopping an attack before it can start – you’re welcome to try our Disarmer for free and keep attackers from gaining a foothold in your organization.