Story image

Top cybersecurity threats of 2019 – Carbon Black

23 Jan 2019

In every intelligence industry, there’s often a central aim: predicting the future.

Organisations collect and analyse, dissect and interpret, looking for that essential nugget that will give them the edge over adversaries by indicating what they’ll do next.

Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists to give some insight into the threats and sectors likely to be top of the list for cyberattackers in 2019.

Destructive attacks and nation-state activity continue to ramp up

Geopolitical tension remained high throughout 2018, bringing with it an associated uplift in cyber insurgency.

The US trade war with China is undoubtedly a factor behind the recent resurgence in Chinese cyber espionage and this is set to continue.

As well as espionage targeted at infiltration and data theft, Carbon Black detected an escalation of attacks where the primary objective was destruction.

Its recent Quarterly Incident Response Threat Report (QIRTR) depicted widespread adoption of C2 on sleep cycles and a high prevalence of attack victims experiencing island hopping and counter incident response.

In 2019, Kellermann is predicting there will be more instances of island hopping, particularly via public cloud infrastructure.

There will also be a wave of destructive attacks as geopolitical tension continues to manifest itself in cyberspace.

Counter-detection gets more sophisticated

In 2019, attackers will attempt to counter detection in the form of Vapor worms – fileless attacks that display worm characteristics and propagate through networks - and IoT worms.

As attackers become more sophisticated in their methods, defenders will need to get more adept at spotting evidence of incursions through proactive threat hunting and analysis.

Breach to extortion will become common

Carbon Black threat analysis unit enterprise architect Paul Drapeau believes that peoples’ habits of putting their private lives online in the hands of third parties will come back to haunt us in 2019.

He says, “Attackers have been actively using ransomware to make a quick buck by locking systems and encrypting files, but this activity could move from the compromise of systems to compromise of personal lives.

“Breaches of social media platforms present a wealth of data to be mined by bad actors. This data could be used to correlate activities between people to find illegal, scandalous or compromising behaviour and then leveraged for traditional blackmail at scale.

“Pay up or your spouse/employer gets copies of these direct messages,” an example note might read. We can fight ransomware on our own networks with anti-malware tools or backups, but we depend on giant companies to protect our more personal details.”

The breach doesn’t even have to be real to result in extortion attempts, as was seen in 2018 with the mass email scam purporting to have compromising video and passwords of the victims.

Imagine an attacker building on data from a breach and fabricating message contents and then demanding “ransom” be paid.

This type of attack definitely takes more work to pull off, it’s more targeted and difficult, but the payoff could be there.

Victims may be willing to pay more money and pay up more readily when it is their real lives and reputations at stake versus their digital files.

Supply chain attacks in healthcare

When it comes to the sectors facing the highest risk, Carbon Black security strategist Stacia Tympanick expects to see a lot more supply chain attacks occur within the healthcare industry.

Healthcare is a tough attack surface to protect and could be a tempting target for nation-state actors bent on disrupting critical national infrastructure (CNI).

There is so much focus on just making sure that devices are discovered and protected on networks, that managing medical devices on top of this opens up a large attack surface.

The trend toward remotely managing patient conditions via IoT devices increases that surface still further – this vector could be weaponised by bad actors.

Healthcare is also starting to move to the cloud, so cloud providers should be evaluated under a stern eye to ensure that proper and secure procedures/processes are in place to protect patient data.

Steganography makes a comeback

Steganography is the technique of hiding secret information within innocuous images or documents and it’s an ancient practice – think Da Vinci hiding codes in the Mona Lisa.

Examples of steganography are just as hard to detect in the cyber world, with code being masked in legitimate files designed to make it past scanners and firewalls.

We could see steganography being used in combination with other attack vectors to create persistence and control mechanisms for malware that’s already running on a compromised network.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.