Every year, we at Secnic Consultancy Services (SCS) like to stare into our crystal ball and foretell the future of malware.
Okay, maybe we don’t have a crystal ball, but we do have years and years of experience in observing trends and sensing shifts in patterns. When it comes to security, though, we can only know so much. For example, we guarantee there’ll be some kind of development that we had zero indication would occur. We also can pretty much assure you that data breaches will keep happening—just as the sun rises and sets.
And while all hope is for a malware-free 2019, the reality will likely look a little more like this:
New, high-profile breaches will push the security industry to finally solve the username/password problem. The ineffective username/password brain-teaser has overrun shoppers and businesses for years. There are several solutions out there—asymmetric cryptography, biometrics, blockchain, hardware solutions, etc.—but to this point, the cybersecurity business has not been able to choose a customary to repair the matter. In 2019, we are going to see a additional combined effort to exchange passwords altogether.
IoT botnets will come to a device near you. In the second half of 2018, we tend to saw several thousand MikroTik routers hacked to serve up coin miners. This is often solely the start of what we are going to doubtless see within the new year, with additional and additional hardware devices being compromised to dish up everything from cryptominers to Trojans. Massive scale compromises of routers and IoT devices are progressing to turn up, and that they are plenty tougher to patch than computers. Even simply mending doesn’t fix the matter, if the device is infected.
Digital skimming will increase in frequency and sophistication. Cybercriminals are going when websites that method payments and compromising the checkout page directly. Whether or not you’re buying roller skates or concert tickets, once you enter your data on the checkout page, if the shopping cart software system is faulty, data is distributed in clear text, permitting attackers to intercept in real time. We saw proof of this with British people Airways and Ticketmaster hacks
Microsoft Edge will be a prime target for new zero-day attacks and exploit kits. Transitioning out of IE, Microsoft Edge is gaining more market share. We expect to see more mainstream Edge exploits as we segue to this next generation browser. Firefox and Chrome have done a lot to shore up their own technology, making Edge the next big target.
EternalBlue or a copycat will become the de facto method for spreading malware in 2019. Because it will self-propagate, EtnernalBlue and others within the SMB vulnerability gift a selected challenge for organizations, and cybercriminals can exploit this to distribute new malware.
Cryptomining on desktops, at least on the consumer side, will just about die. Again, as we saw in October (2018) with MikroTik routers being hacked to serve up miners, cybercriminals just aren’t getting value out of targeting individual consumers with cryptominers. Instead, attacks distributing cryptominers will focus on platforms that can generate more revenue (servers, IoT) and will fade from other platforms (browser-based mining).
Attacks designed to avoid detection, like soundloggers, will slip into the wild. Keyloggers that record sounds are typically known as soundloggers, and that they are able to hear the cadence and volume of sound to see that keys are stricken on a keyboard. Already existing, this sort of attack was developed by nation-state actors to focus on adversaries. Attacks victimization this and different new attack methodologies designed to avoid detection are possible to slide out into the wild against businesses and also the general public.
Artificial Intelligence will be used in the creation of malicious executables While the concept of getting malicious AI running on a victim’s system is pure science fiction a minimum of for successive ten years, malware that’s changed by, created by, and communication with an AI could be a dangerous reality. An AI that communicates with compromised computers and monitors that and the way bound malware is detected will quickly deploy countermeasures. AI controllers can modify malware engineered to switch its own code to avoid being detected on the system, notwithstanding the protection tool deployed. Imagine a malware infection that acts virtually like “The Borg” from Star Trek, adjusting and acclimating its attack and defense ways on the fly supported what it’s up against.
Bring your own security grows as trust declines. More and more consumers are bringing their own security to the workplace as a first or second layer of defense to protect their personal information.