Looking Forward: Leap Security’s 2019 Cybersecurity Predictions

It’s time to kick off the new year with our Threat Predictions for 2019. Although we like to think we are Jedi, our predictions are based off last year’s trends and our team’s research — not the force. Here are five high impact threats and predictions to prepare for in the new year. Zero Days…

Posted by: Leap Security

It’s time to kick off the new year with our Threat Predictions for 2019. Although we like to think we are Jedi, our predictions are based off last year’s trends and our team’s research — not the force.

Here are five high impact threats and predictions to prepare for in the new year.

Zero Days

Late 2018 saw the improper disclosure of several zero days which left organizations vulnerable to attacks. Most recently, there have been at least five zero days disclosed by security researchers at random via Twitter, GitHub, and other outlets.

Usually these vulnerabilities are disclosed to the corresponding vendor to give them time to develop a patch and for organization’s to defend themselves by applying that patch. However, with the improper disclosure of the zero days organizations are forced to rely on strong perimeter configurations and patch management (and micropatches).

We expect this trend to continue into this year.

Cyrptomining and Web Skimmers

Mid 2018 saw the decline of cryptocurrency prices which made traders and cybercriminals alike withdraw from the scene. As a result, cybercriminals moved away from cryptomining and towards web skimmers in the second half of 2018. It is important to note that while most moved away from cryptomining we don’t expect this attack to go away. This is still a viable and profitable attack vector with most organizations moving to the cloud. With that said, let’s turn our attention to web skimmers!

Web skimmers (i.e., Magecart) played a big role in 2018. It’s fairly simple for cybercriminals, they purchase skimmers on the dark web for $5k-6k, look for misconfigured or unpatched servers and insert the malicious JavaScript code. Most scripts collect credit card data and exfiltrate it to remote servers.

Magecart source code
Skimmer code as seen by RiskIQ during Newegg investigation

While security vendors are publishing detection rules for most scripts in the wild, we can expect both cryptomining and web skimming scripts to become more complex this year to avoid detection. In addition, we expect web skimming to evolve and for cybercriminals to start going after more than just credit card data.

Social Engineering Evolves

It only takes one person to click on phishing email, or open an attachment to potentially compromise an organization. In 2017, Verizon noted that our security awareness is increasing and 78% of people are not clicking on spear phishing campaigns. However, there is still 4% that click on ANY phishing campaign.

4% of people will click on any given phishing campaign.

With the increased adaptation of Office 365 and Google Cloud, we’ve noticed an increase of attacks targeting cloud based services. Expect to see a rise in spear phishing scenarios that bypass two factor authentication as we saw in late 2018.

Ransomware

Let’s take a moment to revisit our old foe, Ransomware. The appearance of the SamSam ransomware in late 2015 marked the first time authors of ransomware moved away from typical mass distribution. SamSam authors decided to focused primarily on a targeted manual approach.

The results? SamSam’s revenue has surpassed over $6 million since early 2016.

SamSam Revenue
$6 million in revenue captured by SamSam. Source: Sophos

There are multiple groups now using the targeted manual approach to ransomware infection and we can expect this trend to become more popular in 2019.

New Technologies

In the past year we have seen several new technologies and protocols making their way to the main stage. While this is true of most years, 2019 is special in that some technologies we have been using for years, such as TCP for the web and WPA2 for wireless connectivity, are being pushed out in favor of newer, faster, and allegedly more secure alternatives such as QUIC and WPA3.

These new protocols certainly have their strengths, but don’t forget about the risks. As history has shown with the IoT landscape, new technology often comes with undiscovered security issues. If you choose to be among the first to embrace new technologies, ensure to harden their environment and don’t lose sight of their risks.

Final Thoughts

Most attack vectors can be thwarted with strong configuration and patch management. Here are some best practices to help.

  • Revise firewall configurations to ensure the minimal amount of services are exposed on the perimeter.
  • Perform routine penetration tests and configuration reviews.
  • Educate personnel within the organization to increase security awareness training and perform routine phishing exercises to see current risk levels within the organization.

With what seems like endless topics and areas to cover, we have highlighted some of the most challenging and high impact for the year. It will be exciting to see where the industry steers us in 2019.

Learn more about how Leap Security can help your team through 2019 and beyond.

Kapersky KSN Report: Ransomware and malicious cryptominers 2016-2018. Source: https://media.kasperskycontenthub.com/wp-content/uploads/sites/58/2018/06/27125925/KSN-report_Ransomware-and-malicious-cryptominers_2016-2018_ENG.pdf RiskIQ MageCart. Source: https://www.riskiq.com/blog/labs/magecart-newegg/
Sophos Labs Threat. Source: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-2019-threat-report.pdf
Verizon DBIR 2018 Report. Source: https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf