A look back through a volatile 2018 has seen the cyber security landscape move towards an even more complex picture. This has been driven by the increased volume and diversity of threats and breaches, tools and network evolution. Security professionals have faced significant challenges in attack detection and mitigation, operating to the necessary policy and legal guidelines and growing teams with suitably-skilled personnel. None of these advances show any signs of slowing in 2019.
However, home-field advantage is emerging with advanced defence strategies, tools and techniques becoming more readily available. Security-led intelligence and networking standards can now form the backbone of solid defensive operations. Attack-to-decision timeframes are being reduced enough to stop attacks in their tracks and in many cases a pre-emptive defence strategy can be issued.
This fundamental change in approach is a positive step forward for defender, but what does the future hold for the industry? These are our predictions for the cyber security landscape in 2019.
Operational Technology (OT) and IT convergence
2019 will likely see OT and IT convergence in the wild. For attackers, OT is such an attractive target because it encapsulates hardware and software that monitors and manages physical equipment and processes and, if compromised, it could have serious consequences. OT powers some of the world’s most essential systems, all falling under different branches of Critical National Infrastructure (CNI); smart cities, telecommunications, manufacturing sites, automotive facilities, power plants and utilities.
Securing these hugely important operating platforms from threats and ensuring operability is critical. Without security by design in place and applied from the ground up, accessible attack surface will emerge for attackers. Threats that were previously limited to only enterprise networks will now openly and intelligently adapt to OT and IT operational environments in 2019.
AI vs AI, ML vs ML
Artificial Intelligence (AI) and Machine Learning (ML) will continue to become more mainstream, especially when talking about ‘Big Data’, analytics and Infosec. Because of this, professionals are beginning to build them into cyber security plans and strategic decision-making. However, as defenders capitalise on these technical advances, so do attackers who are just as likely to adopt the use of AI and ML tools to make their illegal endeavours ‘do more with less’; automated botnets can do in seconds what would normally take days such as exploiting known vulnerabilities and scanning the network, creating a roadmap for human attackers.
New attack strategies such as AI Fuzzing and ML Poisoning will be two of many techniques for attackers to bypass defences or to simply collapse them next year. This will create direct (tool vs tool) and indirect (information vs information) conflict and machine vs machine scenarios. As Open Source tools that were once used by only sophisticated adversaries become more generally available, even novice attackers will have the potential capability to launch an AI or ML based attack.
Advanced defence techniques
Mesh networks and the movement to edge services mean holistic defences are needed to cover both bulk and single threats throughout physical/routing/application layers. Automated defence response will need to be in place to keep up with the latest, brutal attacks that are yet to come. Terabytes-per-second (Tbps) attacks will be the norm for 2019, so defenders need to be ready for these self-deciding, ultra-high-volume attacks.
Building tools that mitigate network protocols and standards such as STIX rules, BGP-FS and Openflow will help the blocking of single flow and bulk flow attacks. Security-as-a-service may emerge in and around carrier level to clean traffic on a per customer basis.
In 2019, it is predicted there will be approximately 26.66 billion IoT devices in total that are connected to the internet. Often seen as the ‘weakest link’, they generally don’t have the processing power or memory to include security on-board. As a result, this means the majority of IoT devices cannot be patched or updated. This leaves lackadaisical vulnerabilities such as weak authentication, insecure firmware/software, poorly designed connectivity, authorisation protocols and limited configuration.
IoT botnets or swarms will allow attackers to carry out ultra-high volume attacks (Tbps), due to the enormous amount of new IoT devices. IoT swarms will be highly astute in creating diverse attack methods for various scenarios with the herder in control of making quick and agile decisions, deciding optimal attack vectors based on an in-depth analysis of the target.
Unauthorised cryptomining/ cryptojacking
Unauthorised cryptomining or cryptojacking may not have yet yielded significant financial gains. However, they however still accumulate cash reward for anyone willing to put the effort in – especially when targeting carrier-scale infrastructure.
Cryptojacking is running unwanted applications on endpoints and infrastructure, specifically crypto currency mining software, and it’s hard to detect especially in extremely large networks. We predict that in 2019, attackers will hijack mobile and IoT platforms to increase their mining capacity and use automation to improve the efficiency of their mining efforts.