CYFIRMA's Cyber Threat and Risk Prediction for 2019
TOKYO & SINGAPORE, Nov. 29, 2018 /PRNewswire/ -- Kumar Ritesh, CYFIRMA Chairman and CEO says, "While 2018 was a year of financially motivated threat actors having a free run against individuals, organizations, institutions and countries, we have noticed an increasing trend of state sponsors interested in arming threat actors to pursue defined geopolitical objectives. Cryptocurrency exchanges, healthcare companies, the energy sector, and traditional financial institutions were at the brunt of cyber attacks this year. What has been very interesting to witness is the shift in the hackers' intention to use emerging technologies, increasing the difficulty to defend an expanding attack surface."
CYFIRMA's cyber analytics platform demonstrated its predictive capabilities by releasing 16 Early-Warning Threat Reports detailing imminent cyber threats to various technologies, across organizations industries and countries, out of which 11 to date are active threats in the wild.
As we enter 2019, cyber attacks and breaches will continue to increase in intensity and frequency. Based on our research, we believe we will see the following trends and shifts:
-- Hackers will unleash rejuvenated attacks by leveraging emerging
technologies: In 2019, threat actors will show a greater affinity for
emerging technologies by exploiting them handsomely. Multi-pronged
cyberattacks will be operationalized with increased usage of AI/ML. This
will lead to breaches in humanoid systems alongside blockchain
ecosystems and other autonomous systems.
-- Tokyo 2020 Olympics will be a prime target for threat activities:
Countries that are antagonistic to Japan will target the upcoming Tokyo
Summer Olympic Games to cause reputation damage. The fact that these
games will massively leverage new-age technologies and digitalization
will serve as a beacon for malicious actors.
-- State-sponsored/ corporate-sponsored espionage will take center-stage:
The next leg of the global trade wars will be fought online - involving
state-sponsored actors and intelligence agencies initiating corporate
cyber attacks. In 2018, the North Korean, Chinese and Russian
state-sponsored attacks on nations and organizations have made global
headlines. In 2019, additional countries will join the fray in a bid to
highlight their own political power and technological might to meet
their proxy objectives.
-- Hackers will place the highest value for personal behavioral data:
Threat actors will exponentially leverage social engineering techniques
to attack and mine behavioral data from individuals, societies,
organizations and nations. Malicious actors will identify potential
targets, recruit them inconspicuously, and exploit their access levels
to penetrate government or corporate target systems in a seamless and
highly camouflaged operation.
-- Cloud security will be repeatedly attacked for vulnerabilities: In 2018,
AWS and Azure cloud assets were a favorite target for hackers' intent on
disrupting the public cloud security layer to unearth an assortment of
individual and corporate data. In 2019, this trend will continue as
hacker communities reiterate their inclination to this favorite prize.
Unfortunately, most organizations are still not trending towards
employing a comprehensive security policy for their cloud-based data
assets and footprints, inadvertently playing into the hands of these
threat actors.
-- Internet of Things (IoT) must contend with the hackers' curiosity: In
2018, as many as 10 new variants of the infamous Mirai botnet were
discovered, each employing the old attack vectors. Almost every IoT
product manufacturer has exhibited device vulnerabilities, yet this
industry is booming away. In 2019, renewed variants of legacy threats
will be unearthed, and coupled with the lack of standardization amongst
the manufacturers of IoT devices, cyber attacks on IoT sensors is going
to ramp up at a never seen before scale. Further possibilities include
IoT weaponization, centralized collection units, and transaction
ecosystems to support it all.
-- Identity Theft will be an extremely common phenomenon: Globally, both
individual and business data will continue to suffer enormous breaches
courtesy of privileged attack vectors. Identity theft, as always, will
continue to be the mainstay campaign for threat actors who will now
intently look towards the east for their exploits. In 2019, expect Asia,
and especially Japan, to be severely tested by this problem, almost on a
daily basis.
-- Multi-homed malware attacks on the rise: In 2019, multi-homed and
multi-magnitude variants of crypto malware, variety of banking trojans,
ransomware, etc. will expand into some of the biggest challenges to be
faced by the cybersecurity professionals. 2018's examples of SamSam and
GandCrab, behavior mapping malware that showed uncanny adapting and
evolution skills on the target system whilst mimicking legitimate
software, offers some insights into what's coming up in 2019, and
beyond!
-- Hackers will be drawn to the vulnerabilities posed by Supply Chain
Systems: The latest trend is supply chain attacks with embedded malware.
In 2019, an increasing number of attacks impacting corporate strategies
and supply chain systems are anticipated requiring additional layers in
cybersecurity strategy and policy considerations. This could be the
first of many upcoming corporate attack strategies by way of supply
chain systems.
-- DoS attacks will not lose its potency or applicability: Distributed
Denial of Service (DDoS) has always been a favorite with threat actors
and the affection is only going to grow in 2019. Attributes such as the
low campaign cost and associated rewards will continue to inspire
hackers to plot and deploy DDoS attacks. Japan is and will continue to
be one of the top 10 countries to be targeted by DDoS outbreaks.
-- GDPR based theft will gain the organizations' undivided attention: In
2019, with organizations needing to adhere with GDPR, they are exposed
to any non-compliance related eventualities. One of the facets being
fines dished out for not complying, thus opening up avenues for hackers
to exploit remediation and regulatory procedures. Data being playing
field worth billions of dollars, even a small attack could cost
organizations as hackers see opportunities to earn millions.
-- AI and ML will power the next salvo of cyber attacks: As high as 70% of
the companies will encounter botnet attacks with a flavor of AI/Machine
Learning in the immediate future, with the cost of restitution running
into an estimated USD 0.4 M per company. CYFIRMA's research highlights
the changing composition of these attacks- multi-variant, altering
behavior and multi-intent being the common signatures.
-- State-sponsored cyber attacks on critical infrastructure will be the
norm: Operational technologies like PCI, HMI, Control and Workflow
Systems will be high on the cybercriminals' bucket lists. CYFIRMA's
research has indicated that threat actors are developing new attack
methods featuring complex malware to accomplish tasks such as passive
asset discovery and control instruction hijacking.
-- The most common attack vector will continue to be Social Engineering and
Phishing/Smishing: In 2019, organizations will finally figure out that
employees are the weakest link in their cybersecurity posture. This will
likely lead to the reassessment and redefinition of core internal
security strategies, as the fact that the most prevalent attack vector
isn't the network, but the user becoming part of the conventional threat
landscape.
-- Cryptocurrency exchanges and trading platforms will need fortification:
As institutional capital progressively flows into the cryptocurrency
market, thefts will correspondingly increase. The growing necessity for
cryptocurrency mining will lead to renewed attacks on mining resources
and unsuspecting victims. Already, the Japanese cryptocurrency exchanges
and trading platforms have enticed great interest from hackers based out
of China, North Korea, Russia, and Ukraine. More are likely to follow
suit, soon!
Kumar Ritesh reiterates that "the cybersecurity landscape of Japan and South East Asia is changing dramatically, due to the aggressive involvement of state-sponsored hackers and an expanding attack surface. Nations will also continue to acquire and build their cyber warfare capability to strengthen their national interests. Digital proliferation will continue to outpace the speed with which defense mechanisms are being invented and applied to protect emerging technologies. Organizations need to balance the need for new technologies to enable business efficiency, expansion, and flexibility while defending against the increasing complexity and variety of new attacks created by emerging technologies."
About CYFIRMA
CYFIRMA defends against cyber attacks by supplying organizations with real-time threat intelligence that enables them to take a more proactive security approach. By aggregating, correlating and analyzing information from hundreds of thousands of sources on the open and dark web, CYFIRMA, helps companies anticipate what types of attacks are most likely to occur and provide the most effective response. CYFIRMA is a business division of Antuit, a global analytics firm.
For more information about CYFIRMA, please visit: www.cyfirma.jp ; www.cyfirma.com
About Antuit
Antuit is global analytics solutions provider primarily serving the retail & eCommerce, consumer products, and manufacturing & logistics industries. Since 2013, Antuit has been on a mission to help leading multi-national, and high-growth companies predict, shape and fulfill demand. Combing deep domain expertise with proprietary solutions and technologies like machine learning and AI, Antuit delivers revenue and margin growth, improved supply chain efficiency, and enhanced customer experience.
For more information about Antuit, please visit: www.antuit.com
Related Images
cyfirma-logo.jpg
CYFIRMA Logo
kumar-ritesh.jpg
Kumar Ritesh
Chairman and CEO
View original content to download multimedia:http://www.prnewswire.com/news-releases/cyfirmas-cyber-threat-and-risk-prediction-for-2019-300757772.html
SOURCE CYFIRMA
