Story image

Top cybersecurity threats of 2019 – Carbon Black

23 Jan 2019

In every intelligence industry, there’s often a central aim: predicting the future.

Organisations collect and analyse, dissect and interpret, looking for that essential nugget that will give them the edge over adversaries by indicating what they’ll do next.

Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists to give some insight into the threats and sectors likely to be top of the list for cyberattackers in 2019.

Destructive attacks and nation-state activity continue to ramp up

Geopolitical tension remained high throughout 2018, bringing with it an associated uplift in cyber insurgency.

The US trade war with China is undoubtedly a factor behind the recent resurgence in Chinese cyber espionage and this is set to continue.

As well as espionage targeted at infiltration and data theft, Carbon Black detected an escalation of attacks where the primary objective was destruction.

Its recent Quarterly Incident Response Threat Report (QIRTR) depicted widespread adoption of C2 on sleep cycles and a high prevalence of attack victims experiencing island hopping and counter incident response.

In 2019, Kellermann is predicting there will be more instances of island hopping, particularly via public cloud infrastructure.

There will also be a wave of destructive attacks as geopolitical tension continues to manifest itself in cyberspace.

Counter-detection gets more sophisticated

In 2019, attackers will attempt to counter detection in the form of Vapor worms – fileless attacks that display worm characteristics and propagate through networks - and IoT worms.

As attackers become more sophisticated in their methods, defenders will need to get more adept at spotting evidence of incursions through proactive threat hunting and analysis.

Breach to extortion will become common

Carbon Black threat analysis unit enterprise architect Paul Drapeau believes that peoples’ habits of putting their private lives online in the hands of third parties will come back to haunt us in 2019.

He says, “Attackers have been actively using ransomware to make a quick buck by locking systems and encrypting files, but this activity could move from the compromise of systems to compromise of personal lives.

“Breaches of social media platforms present a wealth of data to be mined by bad actors. This data could be used to correlate activities between people to find illegal, scandalous or compromising behaviour and then leveraged for traditional blackmail at scale.

“Pay up or your spouse/employer gets copies of these direct messages,” an example note might read. We can fight ransomware on our own networks with anti-malware tools or backups, but we depend on giant companies to protect our more personal details.”

The breach doesn’t even have to be real to result in extortion attempts, as was seen in 2018 with the mass email scam purporting to have compromising video and passwords of the victims.

Imagine an attacker building on data from a breach and fabricating message contents and then demanding “ransom” be paid.

This type of attack definitely takes more work to pull off, it’s more targeted and difficult, but the payoff could be there.

Victims may be willing to pay more money and pay up more readily when it is their real lives and reputations at stake versus their digital files.

Supply chain attacks in healthcare

When it comes to the sectors facing the highest risk, Carbon Black security strategist Stacia Tympanick expects to see a lot more supply chain attacks occur within the healthcare industry.

Healthcare is a tough attack surface to protect and could be a tempting target for nation-state actors bent on disrupting critical national infrastructure (CNI).

There is so much focus on just making sure that devices are discovered and protected on networks, that managing medical devices on top of this opens up a large attack surface.

The trend toward remotely managing patient conditions via IoT devices increases that surface still further – this vector could be weaponised by bad actors.

Healthcare is also starting to move to the cloud, so cloud providers should be evaluated under a stern eye to ensure that proper and secure procedures/processes are in place to protect patient data.

Steganography makes a comeback

Steganography is the technique of hiding secret information within innocuous images or documents and it’s an ancient practice – think Da Vinci hiding codes in the Mona Lisa.

Examples of steganography are just as hard to detect in the cyber world, with code being masked in legitimate files designed to make it past scanners and firewalls.

We could see steganography being used in combination with other attack vectors to create persistence and control mechanisms for malware that’s already running on a compromised network.

Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide. 
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Oracle Cloud whips up a breeze for Sydney yacht races
If data can help a boat go faster, racing teams and fans alike at this year’s SailGP in Sydney will get a front-row seat.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
Gartner debunks common AI misconceptions
“With AI technology making its way into the organisation, it is crucial that business and IT leaders fully understand how AI can create value for their business and where its limitations lie."
How Red Hat aims to accelerate business value with container technologies
Red Hat announced that leading global companies are creating, extending and deploying integration services across hybrid and multicloud environments using agile integration architectures based on Red Hat technologies.
IT employers having to up salaries and bonuses to attract talent
As the modern economy relies increasingly on data, it’s certainly a good time to be working in IT.