A look back at a volatile 2018 has seen the cyber security landscape move toward an even more complex picture. This has been driven through the increased volume and diversity of threats and breaches, tools and network evolution. Security professionals have faced significant challenges in attack detection and mitigation, operating to the necessary policy and legal guidelines and growing teams with suitably-skilled personnel. However, home field advantage is emerging with advanced defence strategies, tools and techniques becoming available. Security-led intelligence and networking standards can now form the backbone of solid defensive operations. Attack-to-decision timeframes can be reduced enough to stop attacks and in many cases a pre-emptive defence strategy can be issued. This fundamental change in approach is a positive step forward for defender, but what does the future hold for the cyber security industry? Check out our predictions for 2019 below.
Operational technology (OT) and IT convergence. 2019 will likely see OT and IT convergence in the wild; for attackers, OT is such an attractive target because it encapsulates hardware and software that monitors and manages physical equipment and processes, and if compromised it could have serious consequences. OT powers some of the world’s most essential systems, all falling under different branches of Critical National Infrastructure: smart cities, telecommunications, manufacturing sites, automotive facilities, power plants, and utilities. Securing these hugely important operating platforms from threats and ensuring operability is critical. Without security by design in place and applied from the ground up, accessible attack surface will emerge for attackers. Threats that were previously limited to only enterprise networks will now openly and intelligently adapt to OT and IT operational environments.
AI vs AI, ML vs ML. As Artificial intelligence (AI) and machine learning (ML) become more mainstream especially when talking about big data, analytics, and Infosec; security professionals are beginning to build them in to cyber security plans and strategic decision making. However, as defenders capitalise on these technical advances, so do attackers who are just as likely to adopt the use of AI and ML tools to make their illegal endeavours do more with less; automated botnets can do in seconds what would normally take days such as exploiting known vulnerabilities and scanning the network, creating a roadmap for human attackers. AI Fuzzing and ML Poisoning will be two of many techniques for attackers to bypass defences or to simply collapse them. This will create direct (tool vs tool) and indirect (information vs information) conflict and machine vs machine scenarios.
Advanced defence techniques. Mesh networks and movement to edge services means holistic defences are needed to cover bulk and single threats throughout physical/routing/application layers. Automated defence response will need to be in place to keep up with the latest and most brutal attacks that are yet to come. Tbps attacks will be the norm for 2019; thus, defenders need to be ready for these self-deciding ultra-high volume attacks. Building tools that mitigating network protocols and standards such as STIX rules, BGP-FS, and Openflow help the blocking of single flow and bulk flow attacks. Security as a service may emerge in and around carrier level to clean traffic on a per customer basis.
IoT botnets/swarms. In 2019 it is predicated there will be approx. 26.66 billion total IoT devices connected to the internet. Often seen as the weakest link, they generally do not have the processing power or memory to include security on-board. As a result, this means the majority of IoT devices cannot be patched or updated which leave lackadaisical vulnerabilities such as: weak authentication, insecure firmware’s/software, poorly designed connectivity, authorization protocols, and limited configuration. IoT botnets or swarms will allow attackers to carry out ultra-high volume attacks (Tbps), due to the enormous amount of new IoT devices.
Unauthorised cryptomining/cryptojacking. Unauthorised cryptomining or cryptojacking may not yield significant financial gains though they still accumulate cash reward for anyone willing to put the effort in, especially when targeting carrier scale infrastructure. Cryptojacking is running unwanted applications on endpoints and infrastructure, specifically crypto currency mining software, and it is hard to detect, especially in extremely large networks. We predict that over the year 2019, attackers will hijack Mobile and IoT platforms to increase their mining capacity and use automation to improve efficiency.