The new year is upon us – and if one can be sure of anything it’s that threats will not cease – but rather increase and multiply. Avira has looked at the patterns, numbers, and trends from last year and come up with a couple of things that you can expect this year:
Looking ahead: 2019
- Smart risks reach critical mass – The wide spread adoption of smart devices has the greatest potential impact on personal security and the internet as a whole. “We’ve got a dangerous combination of low device security and high consumer demand for these gadgets, we expect cyber-criminals to step into this breach in new and innovative ways,” pointed out Travis Witteveen, Avira CEO. “The conditions are ripe for this to explode in three ways: Hit the overall internet with a Mirai-type botnet, strip away user privacy with the semi-legal monitoring of user activities, and parasite on user and network vulnerabilities with cryptomining activities. All three scenarios could happen.”
- Cryptomining pulls further ahead of ransomware – Despite the drop in cryptocurrency values, cryptomining is not going away. We expect an increase in cryptominer attacks focusing on smart devices as these devices become more numerous and remain unprotected. Ransomware threats will largely focus on larger-scale organization-level attacks such as targeting municipalities and hospitals.
- AI goes to the Dark Side – Cyber-criminals will start using AI for attacks, making the battlefield environment more tough. AI will help attackers create more stealthy and targeted attacks. These AI-driven attacks will combine a variety of techniques and increase the pace of potential cyber-assaults. .
- Mobile threats get organized – We will see the emergence of more sophisticated mobile malware campaigns. Look out for some interesting new banking trojans and personal data stealers.
- Consumer devices are pulled into click fraud schemes — Click-fraud (especially targeting online advertising) will not just be a problem for advertisers, publishers and advertising networks any more. Look out for an increase in special proxy software installed on consumer devices. These apps were previously distributed via malicious code and potentially unwanted applications (bundles), but recently the cyber-criminals have switched to “dual-purpose” software such as “web proxy” or “easy profit” applications.
- Stolen data goes to work – Email vector attacks will remain a big issue, fuelled by the growing piles of stolen and breached personal data. Since the data is available, we expect ever-more targeted social engineering and spear phishing attacks used in a wide range of economic crimes.
- It’s not on your hard drive but it’s there — Fileless malware that resides in a device’s memory instead of the hard drive will keep on increasing. Its attack nature makes harder to track and hence highly favourable for attackers. Look out for a new wave with a self-propagation ability.
- It’s not so clear anymore – The line between the bad and good guys will blur as the misuse of OS legitimate tools and administrator tools grows. From the security perspective, it can be problematic to differentiate between legitimate and illegitimate usage of these tools. In addition, look out for more encrypted cyber-attacks using SSL/TLS as a medium of communication.
- Pulling money from the cloud – As more companies keep more of their data in the cloud, this infrastructure will be an increasingly attractive target for cyber criminals. Data is money and attackers will be following the money. Companies have shown an alarming ability to not protect their main assets.
- It’s a world of mass surveillance and manipulation – There will be more examples unveiled of surveillance and manipulation on individual level for different types of campaigns – both on a political and commercial level. In addition, look for more nation state-sponsored attacks, crime and espionage with a subsequent impact on the political and economic worlds.