AI-assisted imposters, IoT and crypto-jacking: cyber security in 2019

With the cyber security industrial complex in full swing for 2019, Computerworld wonders what horrors this dystopian hell world will spew forth next

Credit: Photo 44744660 © Weerapat Kiatdumrong -

Commenting, Rich Campagna, CMO for Bitglass said that we can expect to see "a lot more of this in 2019 and beyond".

"This technique combines two commonly used types of attacks: crypto-jacking, when malicious individuals appropriate devices' compute power in order to mine for crypto currency, and cloud-jacking, when illegitimate third-parties hijack enterprise cloud resources," Campagna says.

"Together, the two hacking methods can be used to mine crypto currency at a highly-accelerated rate."

More ransomware

Ransomware has persisted for so long both because it can be used to such devastating effect and for its relative simplicity. Indeed, scripts are available to buy on the dark web for mere pennies in many cases, just point and shoot.

According to John Fokker, head of cyber investigations at McAfee, the ransomware underworld will "consolidate", creating "fewer but stronger malware-as-a-service families that will actively work together".

"We also predict a continuation of the strongest ransomware 'brands' using affiliate structures to increase their threat," he adds.

Good old blackmail

According to enterprise architect at Carbon Black's threat analysis unit, Paul Drapeau, compromised data sets could very easily enable a new path to traditional blackmail.

"Breaches in Facebook and other social media platforms represent a wealth of data to be mined by bad actors," he says. "This data could be used to correlate activities between people to find illegal, scandalous or compromising behaviour and then leverage that for traditional blackmail at scale."

What could that look look? "'Pay me the bitcoins or your spouse/employer gets copies of these direct messages' an example note might read," he explains.

"We can fight ransomware with anti-malware tools or backups but we depend on giant companies to protect our more personal details.

"The breach doesn't even have to be real to result in extortion attempts, as was seen in 2018 with the mass email scam purporting to have compromising video and passwords of the victims. Imagine an attacker building on data from a breach and fabricating message contents, and then demanding ransom be paid.

"This type of attack is definitely more work, more targeted and difficult, but the payoff could be there. Victims may be willing to pay more money and pay up more readily when it is their real lives and reputations at stake versus their digital lives."

That could look like a 'spearphishing' attempt but rather than tricking a high-worth individual like a CFO into transferring money - it's a lot more personal.

APT groups, nation states, state-sponsored attacks

Kaspersky believes that the advanced persistent threat groups (think Fancy Bear, Shadow Brokers) might do more to cover their tracks - less outspoken branding or signature attacks, in short, which would make detection and attribution "extremely difficult".

The vendor adds that one of the most likely scenarios in this new approach would be building tools catered to highly specific targets.

According to Priscilla Moriuchi, director of strategic threat development at Recorded Future, state-sponsored groups are likely to place an increasing focus on telecommunications companies and ISPs.

"Telecoms and ISPs are woven into the fabric of the internet and provide threat actors with access to trusted infrastructure to enable secondary attacks or intrusions," she says.

"They also are the midpoints for global telecommunications and intrusions into these types of companies can expose not just user data, but phone calls, text messages, geolocational history, contacts, and more.

"Telecommunications companies and ISPs are the crown jewels for hostile foreign intelligence services and I expect to see a proliferation of operations targeting these companies from a wider variety of nation-state actors in 2019."

She adds that non-traditional attacks and access points are also likely to become more widely used, including attacking the supply chain, hardware vulnerabilities and such, while state-directed influence campaigns that use social media will expand.

According to the former DHS Under Secretary Suzanne Spaulding, and current Nozomi Networks adviser, the USA will become more aggressive in naming hackers.

"Until recently the US did not publicly attribute various cyber incidents to specific nations, despite public pressure to do so," she says. "It can be difficult to attribute cyber activity with 100 percent certainty but US officials were also concerned about public demands to respond if they were to attribute an attack."

The US is "already less afraid of attribution," she says, pointing towards sanctions against Russia in response to perceived threats on American infrastructure.

Encrypted traffic malware

The increased understanding of the importance of encryption could well be exploited by groups that hide malware itself within encrypted traffic.

Omar Yaacoubi, founder and CEO of Barac, points out Google research that suggests 80 per cent of all traffic will be encrypted in 2019, and a PwC study that says 60 per cent of attacks will occur on encrypted traffic.

"The downside of encryption is that security tools can't inspect encrypted traffic for malware, making it the perfect place for a threat actor to hide any kind of malicious traffic," he says.

"A recent Vanson Bourne survey of 500 CIOs found that 90 per cent of firms had experienced or expected to experience a network attack using SSL/TLS, and 87 per cent believed their defences were less effective because of this emerging trend to bury malware in encrypted traffic.

"The challenge for organisations is how to detect this malware without decrypting the traffic – which opens a whole new can of worms about privacy and also has a massive impact on network performance.

"One solution is to look at the metadata associated with these traffic flows, using AI and machine learning to accurately detect the difference between bad and good flows.

"This allows businesses to identify and block bad traffic without going through the pain of decrypting and examining the contents of each and every data packet, and to be compliant with data privacy laws."

AI-assisted imposters

Nvidia just this month unveiled extremely lifelike human face rendering, and there's no reason that this technology won't end up in the hands of bad actors, whether they're hacking groups or nation states.

Could facial rendering technologies like these be used to create entirely new personas, perhaps for the spreading of disinformation - in a country like the USA that under the Obama administration made propaganda against its own population entirely legal?

That might sound paranoid, but fifteen years ago you'd be paranoid for suggesting people were watching you through your webcam, until that, well, happened.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about APTBitglassBritish AirwaysCarbon BlackCheck PointCMOFacebookGoogleKasperskyMalwarebytesMcAfeeMikroTikNvidiaRadwareUberWebrootWickes

Show Comments