sb-eu logo
Story image

Raising the stakes: McAfee’s predictions for cybersecurity

19 Feb 2019

Article by McAfee Asia Pacific cyber defence director David Allott

Cyber attacks at the start of 2019 have shown that cybercriminals are set to become even more sophisticated and collaborative this year.

Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.

These trends are set to complicate matters for enterprises in Asia Pacific, where the region's status as a global forerunner in digital transformation efforts is bound to provide cybercriminals with more digital loopholes to exploit.

Here are seven predictions on how the cybersecurity landscape will evolve.

A stronger, more effective cybercriminal underground

The cybercriminal underground will consolidate, creating fewer but stronger malware-as-a-service families that collaborate to drive more sophisticated forms of cyber attacks.

With more resources at cybercriminals’ disposal, the length of a vulnerability’s life, from detection to weaponisation, will grow shorter.

As the development process becomes more agile, cybercriminals may require a day or merely hours to mount attacks against the latest weaknesses in software and hardware.

As evidenced by conversations within the underground community, McAfee expects to see increased attacks exploiting mobile platforms, Remote Desktop Protocols, and sophisticated cryptocurrency mining.

Synergistic threats for attack success

Cybercriminals have been observed to adapt and pivot their tactics swiftly for devastating effect. In 2019, attackers will more frequently combine various cyber attack tactics to create multifaced, or synergistic, threats to bypass defences.

For example, combining phishing, steganography and fileless malware for an attack with multiple goals.

These synergistic threats will blur the traditional defence panorama and complicate the tried and tested processes to identify and mitigate the attack.

Growing use of artificial intelligence in cybercrime

The accessibility of technologies such as artificial intelligence-as-a-service will enable cybercriminals to develop cyber attacks with increasingly sophisticated evasion techniques.

With artificial intelligence, cybercriminals will have the ability to automate target selection, scan for target network vulnerabilities, and assess the posture and responsiveness of infected environments to avoid detection before deploying later stages of attacks

Nation-state strategies repurposed for corporate extortion

Bots used to amplify deceitful messaging exist and are available for sale on the cybercriminal underground.

Following in the footsteps of recent infamous nation-state campaigns to sway public opinion, cybercriminals will likely repurpose bots and leverage social media to extort organisations by threatening their brands.

Data exfiltration attacks via the cloud

There will be a significant increase in attacks targeted at cloud platforms in 2019, exploiting misconfigured platforms that provide threat actors with an easy entry into the system.

As Software-as-a-Service models such as Microsoft Office 365, Amazon Web Services, and Azure become mainstream among enterprises, a significant volume of corporate data now resides on cloud platforms.

21% of data in the cloud is sensitive—such as intellectual property, and customer and personal data. With a 33% increase in users collaborating on this data during the past year, cybercriminals know how to seek more targets.

Home IoT attacks via smartphones, tablets, and routers

New mobile malware will likely exploit vulnerabilities in smartphones, tablets, and routers to gain access to digital assistants and home IoT devices on the same network.

Once infected, these devices can serve as a lockpick to consumer homes while supplying botnets, which can launch DDoS attacks or grant cybercriminal access to personal data and the opportunity for other malicious activities such as opening doors and connecting to control servers.

Identity attacks via social media platforms

In 2019, large-scale social media platforms will implement additional measures to protect customer information. However, as the platforms grow in numbers, cybercriminals will be further enticed to focus their resources on attacking the data-rich environments.

High-impact attacks, such as those targeting industrial control systems, have seen success in part due to static password use across environments. Successful social media and other identity platform and edge device breaches will provide the keys to adversaries to launch similar attacks in the future.

Dependency on technology has become ubiquitous, and it is placing the unaware and unprepared at real, tangible risk.

With virtually all technology being interconnected in some form, a security breach no longer remains limited to a single platform.

In the future, unless individuals and corporations alike are more aware of the evolving threat landscape, and deploy collaborative and comprehensive countermeasures from device to cloud, it is not a matter of if, but when the weakest links will be compromised. 

Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Bitglass receives US patent for SAML technology
Bitglass designed its SAML relay to allow a cloud access security broker (CASB) to be inserted into the traffic flow between users and cloud services during the login process.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More