• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Introducing WatchGuard’s 2019 Security Predictions

November 14, 2018 By The Editor

As we move into 2019, once again, it’s time to offer our annual security predictions. What threats could have the biggest impact on businesses? How will malware continue to evolve? Will we see a continued escalation of state-sponsored attacks?

Our predictions this year take a dystopian theme, and it’s no surprise following a year full of big security headlines. From the Panera and Facebook data breaches to the Mabna Institute spear phishing campaigns that stole $3B in intellectual property, cyber criminals have continued to wreak digital havoc on organizations and individuals around the world. In our 2018 Internet Security Reports, we’ve seen the rise of malicious cryptocurrency miners, Mimikatz emerged as the top malware variant and cyber criminals continued to use malicious Office documents to exploit old vulnerabilities.

As the threat landscape continues to be reshaped by new tactics from cyber criminals, our Threat Lab Team has come up with eight security predictions for 2019. Over the next two weeks we’ll dive into more detail about our predictions in daily individual posts for each. This year’s predictions are:

  1. AI Driven Chatbot Go Rogue. In 2019 cyber criminals and black hat hackers will create malicious chatbots on legitimate sites to socially engineer unknowing victims into clicking malicious links, downloading files containing malware, or sharing private information.
  2. Utilities and Industrial Control Systems Targeted with Ransomware. Targeted ransomware campaigns will cause chaos in 2019 by targeting industrial control systems and public utilities for larger payoffs. The average payment demand will increase by over 6500 percent, from an average of $300 to $20,000 per attack. These assaults will result in real-world consequences like city-wide blackouts and the loss of access to public utilities.
  3. The United Nations Proposes a Cyber Security Treaty.The UN will more forcefully tackle the issue of state-sponsored cyber attacks by enacting a multinational Cyber Security Treaty in 2019.
  4. A Nation-State to Take “Fire Sale” Attacks from Fiction to Reality. In the Die Hardmovie series, a “fire sale” was a fictional three-pronged cyber-attack, targeting a city or state’s transportation operations, financial systems, public utilities and communication infrastructure. The fear and confusion caused during this attack was designed to allow the terrorists to siphon off huge sums of money undetected. Modern cyber security incidents suggest that nation-states and terrorists have developed these capabilities, so 2019 may be the first year one of these multi-pronged attacks is launched to cover up a hidden operation.
  5. “Vaporworms” or Fileless Malware Worms Will Emerge. Fileless malware strains will exhibit wormlike properties in 2019, allowing them to self-propagate by exploiting software vulnerabilities. Fileless malware is more difficult for traditional endpoint detection to identify and block because it runs entirely in memory, without ever dropping a file onto the infected system. Combine that trend with the number of systems running unpatched software vulnerable to certain exploits, and 2019 will be the year of the Vaporworm.
  6. WPA3 Circumvented by a Layer 2 Threat Vector.
    Hackers will use rogue APs, Evil Twin APs, or any of the six known Wi-Fi threat categories (as defined by the Trusted Wireless Environment Framework) to compromise a WPA3 Wi-Fi network in 2019, despite enhancements to the new WPA3 encryption standard. Unless more comprehensive security is built into Wi-Fi infrastructure across the entire industry, users will be facing a false sense of security with WPA3 while still being susceptible to attacks like Evil Twin APs.
  7. Biometrics as Single-Factor Authentication Exploited by Attackers. As biometric logins like Apple’s FaceID become more common, hackers will take advantage of the false sense of security they encourage and crack a biometric-only login method at scale to pull off a major attack. As a result, 2019 will see strong growth in the use of multi-factor authentication (MFA) for added protection among groups with more security knowledge, particularly push-based authentication and MFA for cloud application defense.
  8. Attackers Hold the Internet Hostage. A hacktivist collective or nation-state will launch a coordinated attack against the infrastructure of the internet in 2019. The protocol that controls the internet (BGP) operates largely on the honor system, and a 2016 DDoS attack against hosting provider Dyn showed that a single attack against a hosting provider or registrar could take down major websites. The bottom line? The internet itself is ripe for the taking by someone with the resources to DDoS multiple critical points underpinning the internet or abuse the underlying protocols themselves.

You may recall our 2018 predictions, which included a major cryptocurrency falling, SDRs becoming the new Wi-Fi Pineapples, cyber insurance driving ransomware, IoT botnets spurring government regulation, and much more. If you’re interested in grading our performance, no need, we did it for you, just check out the 443 podcast “Scoring Last Year’s Security Predictions.”

Stop by again tomorrow for a closer look at our prediction about the rise of rogue AI chatbots! You can read the full predictions list for 2019 here: https://www.watchguard.com/2019Predictions

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: 2019 Security Predictions, information security, security

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use