This article was originally written and posted on CSO by Michael Nadeau on December 18, 2018.
Data breaches are inevitable at any organization. But what form will those breaches take? How will the attackers gain access? What will they steal or damage? What motivates them to attempt the attacks? CSO has gathered predictions from industry experts about where, how and why cyber criminals will attempt to break into networks and steal data during the coming year. 1. Biometric hacking will rise
The growing popularity of biometric authentication will make it a target for hackers. We will likely see breaches that expose vulnerabilities in touch ID sensors, facial recognition and passcodes, according to the Experian Data Breach Industry Forecast. “Expect hackers to take advantage not only of the flaws found in biometric authentication hardware and devices, but also of the collection and storage of data. It is only a matter of time until a large-scale attack involves biometrics either by hacking into a biometric system to gain access or by spoofing biometric data. Healthcare, government, and financial industries are most at risk,” said the report’s authors.
2. A cyber attack on a car will kill someone
The ability to hack and take control over a connected vehicle has been proven. Such a hack can not only turn off the car’s engine but disable safety features like antilock brakes or the airbags. “As cars become more connected and driverless cars evolve, hackers will have more opportunities of doing real harm,” says James Carder, CISO at LogRhythm Labs.
3. Attackers will hold the internet hostage
Someone—likely a hacktivist group or nation-state will take distributed denial of service DDoS to a whole new level in 2019 and attempt to take down a large part of the internet in an extortion attempt. A DDoS attack in 2016 against DNS hosting provider Dyn took down many popular websites including Twitter, Reddit and Amazon.com. Security expert Bruce Schneier noted that attackers were probing other critical internet services for potential weaknesses.
“A DDoS attack of this magnitude against a major registrar like Verisign could take down an entire top-level domains (TLD) worth of websites,” WatchGuard’s Threat Lab team wrote in a blog post. “Even the protocol that drives the internet itself, Border Gateway Protocol (BGP), operates largely on the honor system. Only 10 percent of the internet addresses have valid resource public key infrastructure (RPKI) records to protect against route hijacking. Even worse, only 0.1 percent of the internet’s autonomous systems … have enabled route origin validation, meaning the other 99.9 percent are wide open for hostile takeover from route hijacking. The bottom line, the internet itself is ripe for the taking by someone with the resources to DDoS multiple critical points on the internet or abuse the underlying protocols themselves.”
4. A DevOps doomsday breach is upon us
The popularity of the DevOps methodology increases the number of environments where security risks are raised, undetected and unmitigated. "The once well-oiled Kubernetes/DevOps machine will start to rust as organizations set unrealistic goals, improperly train employees and lack consideration for monitoring or control tools, giving external threats easy access to an enterprise’s core IT system," says Jackson Shaw, vice president of product management at One Identity. "In 2019, malicious actors will use these gaps in security to infiltrate sensitive data and generate one of the biggest breaches we’ve seen to date."
5. API breaches will become the most costly
Wide adoption of APIs will expose more sensitive company information, and attackers will target API vulnerabilities to steal data and personally identifiable information (PII), resulting in high cost and damaged reputations. “Because of an overreliance on legacy IT security and insecure API management frameworks and toolkits, most customers will be unaware of these breaches until well after the attacks are executed,” says Jason Macy, CTO at Forum Systems.
6. A top cloud vendor will be breached
So far, big data breaches involving cloud service providers like Amazon Web Services (AWS) have been the result of customer error. It’s only a matter if time, according to the Experian report, before one of those cloud service providers suffers a breach directly. “[Those earlier breaches raise] questions about overall security on the vendor side and how long it will take hackers to skip the middleman and go straight to the cloud source, which would affect the world’s largest companies and potentially billions of pieces of data,” said the report.
7. A significant breach will be launched through a printer
A bored hacker recently took over 50,000 printers and instructed them to print documents supporting YouTube personality PewDiePie. This showed how easy it is to take control of enterprise printer and copier networks. While this hack was relatively harmless, printers and copiers can be a launchpad for more damaging attacks. With a proof of concept in hand, someone will successfully exploit printer networks for a significant breach in 2019.
“IoT-type security vulnerabilities on connected printers will become a more common attack vector," says Louella Fernandes, director at Quocrica. "Complexity – particularly with mixed fleets of old and new devices, models and brands – makes it hard to protect the print environment, but there is a lot more that could be done. Better print security processes are a start, but overall this is an area that needs more focus. The onus is not just on end user organizations, but also printer manufacturers, managed service providers and security solution vendors to give print security the same priority as the rest of the IT infrastructure."
8. An attack on a major wireless carrier will affect both iPhones and Android
Such an attack will steal personal information from millions of consumers and possibly disable all wireless communications in the United States, according to the Experian report. Similar to an attack on critical infrastructure, a serious disruption to a wireless network would halt the nation. “Let’s face it – sometimes attackers just look to cause wide-scale chaos and, similar to infrastructure, focusing on the wireless environment would halt the nation. It could effectively shut down communication across the country, harming business operations and putting emergency services at risk,” wrote the report’s authors.
9. Terrorists will use off-the-shelf crimeware to launch cyber attacks.
Most cyber criminals get their tools of the trade via the internet from crimeware peddlers. Expect terrorists to do the same in 2019 with more destructive intent than your average hacker. ”Instead of breaking systems with ransomware, adversaries will leverage new tools to conduct harmful assaults on targeted subjects and organizations. From attacks on data integrity that essentially kill computers to the point of mandatory hardware replacements, to leveraging new technology for physical assaults such as the recent drone attack in Venezuela, attack surfaces are growing and enemies will take advantage,” says Malcolm Harkins, chief security and trust officer at Cylance.
Similarly, Watchguard sees a nation-state launching a “fire sale” attack. The fire sale concept, which comes from a plot device in the Die Hard movie series, is a three-pronged cyber attack targeting a city or state’s transportation operations, financial systems, public utilities and communication infrastructure. In the film, terrorists used the the fear and confusion caused by the attack to siphon off huge sums of money undetected. “Modern cyber security incidents suggest that nation-states and terrorists have developed these capabilities, so 2019 may be the first year one of these multi-pronged attacks is launched to cover up a hidden operation,” said the Watchguard Threat Lab team in a blog post.
10. Financial institutions will continue to be attack targets, with a few twists
Hidden credit-card skimming devices are commonly used to steal card information and passcodes, but criminals will start to go after bank networks for a bigger payout. They will bypass attacking individual ATMs by loading malware into computer systems, similar to what Magecart did with sites like Newegg and Ticketmaster. The advantage of this type of skimming malware is that it can blend unnoticed into the organization’s infrastructure, according to the Experian report. “This allows them to do a lot of damage before there is any sign of a problem. Using malware to skim financial and personal information is still in its early stages and cybercriminals are just beginning to see the value in this type of attack. Right now there are few criminal players in the game, but expect malware-based skimming to continue to evolve,” said the report’s authors.
Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, believes mid-size banks will remain a favorite target of criminals in 2019, because they hold large amounts of money but might not invest heavily in security. However, attackers might focus more on small banks as links in an attack chain. A hacker can send phishing emails from a computer of a smaller banks' employee to larger banks. “Criminals will continue using phishing to penetrate bank infrastructure. The tools and malware used will become more intricate. Hackers are likely to invest considerable sums into unpublished exploits for zero-day vulnerabilities sold on the dark web,” she says.
11. Cybercriminals will pose as gamers to breach online gaming systems
Experian sees the the online gaming community as an emerging hacker target, with cybercriminals posing as gamers and gaining access to the computers and personal data of trusting players. “It isn’t just the personal PII or credit cards that are of value in the gaming world; there are the tokens, weapons, and other game pieces that are worth a lot of money within a gaming community. With a single password—and gamers tend to practice poor password protections—a hacker can take over someone else’s avatar and identity within a game without detection and walk away wealthy,” said the Experian report authors.
12. A third-party compromise will shut down critical infrastructure
In today's inter-connected business environment, a company's security is only as good as the weakest link in its supply chain and partner network. That's why attackers often target those weaker networks to gain access to a bigger prize. That's why Jake Olcott, vice president at BitSight, expects a cyber compromise of a vendor or supply chain partner to cause an outage that slows or halts the delivery of service at a critical infrastructure company in 2019. "A major defense contractor will also experience a highly public breach of sensitive national security information. In response, the Department of Defense will increase enforcement actions and require additional cybersecurity controls and requirements for defense contractors," he says.
13. More nation-state technology and know-how will trickle down to cyber criminals, leading to more sophisticated attacks
Successful cyber criminals are students of those who best practice the craft: government-employed or state-sponsored hackers. Not only have they copied their techniques, but some of their tools have become available to common criminals. They also leverage leaked zero-day exploits that governments hoard, and this could present problems in 2019.
"One of the challenges these increasingly advanced attacks pose to big cloud providers is that they now could be attacked through vulnerabilities that are so new, they cannot be patched before they are exploited," says Nigel Tozer, senior director of solutions at Commvault. "While none have been successfully exploited to date, the cyber ‘cold war’ taking place between rogue nation-states and our own means it’s likely to happen at some point."