In 2019, cyber criminals and black hat hackers will create malicious chatbots that try to socially engineer victims into clicking links, downloading files or sharing private information.
A hijacked chatbot could misdirect victims to nefarious links rather than legitimate ones. Attackers could also leverage web application flaws in legitimate websites to insert a malicious chatbot into a site that doesn’t have one. For example, an attacker could force a fake chatbot to pop up while a victim is viewing a banking website, asking if they need help finding something. The chatbot might then recommend that the victim click on malicious links to fake bank resources rather than real ones. Those links could allow the attacker to do anything from installing malware to hijacking the bank’s site connection.
In short, next year attackers will start to experiment with malicious chatbots to socially engineer victims. They will start with basic text-based bots, but in the future, they could use human speech bots to socially engineer victims over the phone or other voice connections.
Can’t wait to see what other emerging threats and security trends might surface next year? Watch a special video edition of The 433 – Security Simplified podcast or read the full list of WatchGuard’s 2019 Security Predictions.