Search
  • Videos
  • Windows 10
  • 5G
  • Best VPNs
  • Cloud
  • Security
  • AI
  • more
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Windows 10
    • 5G
    • Best VPNs
    • Cloud
    • Security
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

Cybercrime and malware, 2019 predictions

15 of 15 NEXT PREV
  • 2019 Predictions

    2019 Predictions

    It has now become a tradition among cyber-security firms to issue a series of predictions for the upcoming year. While some companies have their malware analysts or their CEOs put out small lists of predictions, others go completely overboard with podcasts and 100-page reports that are just a few pages short of a full book.

    ZDNet's Zero Day security blog has taken a look over most of these reports, has even reached out to some selected researchers, and has compiled a list of predictions we also agree are most likely to happen next year.If users would like to take a deeper dive into these predictions, here's a list of the reports we've pooled for this gallery: McAfee, Forrester, RiskIQ, Kaspersky Lab [1, 2, 3], WatchGuard, Nuvias, FireEye, CyberArk, Forcepoint, Sophos, and Symantec.

    Also, we have skipped APT, cyber-espionage, and cyberwar predictions, as we have dedicated a special article for those.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • In-browser crypto-mining (Cryptojacking)

    In-browser crypto-mining (Cryptojacking)

    "The concept of in-browser mining was almost shattered overnight by ill-intended threat actors taking advantage of Coinhive and other similar services," Jérôme Segura, malware analyst for Malwarebytes told ZDNet in an interview this week.

    "While 'cryptojacking' or 'drive-by mining' dominated the threat landscape in late 2017 and early 2018, it took a backseat for the rest of the year, with the notable exception of some campaigns powered by a large number of compromised IoT devices (i.e. MikroTik exploits)," he said.

    "As it stands, the profits generated from in-browser mining are not what they used to be, due to the decline in the value of cryptocurrencies. Our telemetry shows a sharp decrease in Coinhive related traffic, although one of its competitors, CoinIMP, has gained traction during the past few months.

    "For 2019, we can expect to see fewer campaigns where Content Management Systems are injected with coin miners but instead see other web threats become more prevalent, in particular web skimmers."

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Web skimmers (Magecart attacks)

    Web skimmers (Magecart attacks)

    Web skimmers, also known as Magecart attacks, have been 2018's most dangerous threat. This threat isn't going anywhere in 2019, according to Yonathan Klijnsma, Head Threat Researcher at RiskIQ, and the author of an expansive report on Magecart groups and their past activities.

    "I'm expecting new variants in web skimming attacks," Klijnsma said. "While payment data is currently in focus, because web skimming can skim any information entered into a website, Magecart groups will expand to skimming more than just credit card data to login credentials and other sensitive information."

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Botnets

    Botnets

    Botnets can stand to mean many things, but we're solely referring here to botnets made of routers and Internet of Things (IoT) devices, which are currently being used for DDoS attacks, primarily, and lately, also for proxying bad traffic. This latter trend is expected to intensify, according to Ankit Anubhav, Principal Security Researcher at IoT security firm NewSky Security.

    "IoT threats in 2019 are expected to further move in different directions like cryptojacking or proxy changers," Anubhav told ZDNet. "However Mirai and it's variants, used for DDoS attacks, are not going to go away anytime soon, as they have their relevance and market among script kiddies."

    The researcher also told ZDNet that these botnets will move away from infecting devices via Telnet and SSH password-guessing attacks, as the router and IoT scene has reached a saturation point. Instead, the expert sees most botnets being built using vulnerability exploits.

    "An exploit which can infect IoT devices will be used as soon as it becomes public," Anubhav told us. "Furthermore, attackers are now also facing increased attention from a number of whitehats tracking IoT botnets. So I expet to see more techniques for honeypot evasion or payload encryption next year."

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • DDoS attacks

    DDoS attacks

    Despite DDoS attacks being a pretty ancient threat, companies are still having a hard time protecting their online resources against them.

    "New protocols being abused to conduct DDoS attacks," Troy Mursch of Bad Packets LLC told ZDNet when asked about where he sees the DDoS landscape going in 2019. "This kind of stuff is the 'frontier' of DDoS attacks," he added.

    Mursch pointed ZDNet to the CoAP protocol as the next big thing on the DDoS scene. More on this procotol in a dedicated article, here.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Ransomware

    Ransomware

    Ahh, ransomware, our old foe. After being everyone's favorite "prediction" for the past few years, ransomware appears to be slowly declining, or at least the major mass-distribution campaigns.

    In an email from Chester Wisniewski, principal research scientist, at Sophos, the expert he sees ransomware becoming more targeted, and attackers only focusing on major targets, like businesses and government agencies, the ones most likely to pay ransom demands.

    "The authors of opportunistic ransomware operate similar to a penetration tester in the way they scope out the network, looking for vulnerabilities and weak entry points. However, unlike penetration testers, cybercriminals then act on their findings in a methodical way to inflict maximum damage. They stake out victims, move laterally throughout the network, manipulate internal controls, and more," the expert told ZDNet.

    "This human-centered approach has proved successful, with the authors of SamSam ransomware collecting $6.7m over the course of almost three years. Other cybercriminals have taken note, and in 2019 we will see more and more copycat attacks. In particular, Matrix, which appears to be constantly approved upon with new versions, and Ryuk, which is geared toward enterprises and large organizations that have the funds to pay up, will be strains to watch out for," the expert told us.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Financial crime

    Financial crime

    For the financial crime sector, which refers to cyberattacks on the banking sector, were going to massively quote Kaspersky's "Cyberthreats to financial institutions 2019" report, which is, in our opinion, a must read, and the one that presented the most believable and sensible predictions. The accuracy of this report might have something to do with the fact that the company is often called upon to investigate these types of bank cyber-heists, some of which have gotten really wild in the past two years.

    • The emergence of new groups due to the fragmentation of Cobalt/Carbnal and Fin7.
    • Continuation of the supply-chain attacks: attacks on small companies that provide their services to financial institutions around the world.
    • The emergence of new local groups attacking financial institutions in the Indo-Pakistan region, South-East Asia and Central Europe. Until now, groups have focused mainly on the former Soviet space and Latin America.
    • Traditional cybercrime groups that have focused on PoS malware in the past will shift towards web skimmers, as collecting payment card data from web stores is much easier than creating and infecting victims with PoS malware.
    • Attacks on mobile banking for business users.
    • Advanced social engineering campaigns targeting operators, secretaries and other internal employees in charge of wires. Attackers will be using data from publicly leaked data breaches.
    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • The cloud

    The cloud

    Cloud servers are in big trouble in 2019. Cloud servers have slowly become the favorite target of cryptocurrency mining trojans ever since the start of 2018, but attacks are expected to explode in 2019, according to predictions made in almost all the reports we've read. The reason is cryptocurrency mining, which will remain profitable for crooks despite cryptocurrency exchange rates going down. When you have so many free (other people's) resources at your disposal, it doesn't really matter if Monero's price is slashed in half.

    With the first major security flaw being discovered in Kubernetes this month, attacks at scale have already started and are expected to intensify. Attackers won't focus on Kubernetes only, but also Docker instances, MongoDB servers, ElasticSearch, AWS, Azure, and any other cloud-capable system that isn't properly secured.

    In an email to ZDNet, Tim Jefferson, VP of Public Cloud at Barracuda Networks, said that cloud providers have seen the writing on the wall already, hence the reason why some cloud providers have started adding security features to their respective services. But the Barracuda exec says that attackers will adapt too, in 2019.

    "Cyber criminals will also get more clever at using compromised accounts in ways that will be difficult to detect. Instead of using a massive amount of new resources for cryptomining, which causes a noticeable spike in usage, they're starting to use already-approved resources and stealing some cycles from those instead, which is easier to hide. I expect to see more attacks like that in 2019," the exec told us.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Email attacks

    Email attacks

    But just because it's a new year, this doesn't mean attackers will stop using old techniques. Email spam will remain a daily occurrence. Nobody sees email spam exploding or declining, mainly because email spam numbers have been at the same levels for years.

    But what experts do see is an increase in email social engineering attacks, also known as BECs, or Business Email Compromises.

    "We will see all sorts of phishing and spear phishing tactics being leveraged in targeted attacks, but more specifically, we expect to see more cases of CEO fraud, or business email compromise (BEC)," said FireEye in its predictions report. "BEC is expected to spike significantly, so employees should be extra vigilant when it comes to emails from key individuals in their organizations."

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Hackers and the cybercriminal underground

    Hackers and the cybercriminal underground

    "In 2019, we expect to see less-skilled actors gain access to better social engineering, better tools, and broader targets," FireEye said in its predictions report.

    The company's assessment comes after more and more hacking tools are becoming available with each day, released either by crooks trying to sabotage other gangs or released by security researchers, as penetration testing tools.

    These tools have been massively adopted in 2018, and very few criminal operations still rely on custom-made malware. Even nation-state groups have started shifting towards open source hacking tools in the past two years, and in 2019 experts expect to see low-skilled, expert hackers, and nation-state hackers all use the same advanced tools, making attack attribution nearly impossible.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • The Dark Web

    The Dark Web

    As for the Dark Web, things are murky here, but it's the Dark Web, and they've always been murky.

    Over the past few years, authorities have started to have success in cracking down on Dark Web actors, regardless if they were involved in child abuse, drugs trading, weapons sales, or your regular cybercrime operations like data selling, ransomware, and hacking forums.

    Large cyber-crime marketplaces have died down in recent years, especially after European and US authorities cracked down on the three biggest Dark Web marketplaces last year.

    In 2019, we'll see a continuation of what happened in 2018, with cybercrime operations hiding in closed and tightly guarded communities. Hackers have always hidden their forums and marketplaces, but after the AlphaBay, Hansa, and RAMP takedowns, the secrecy and paranoia surrounding these portals have gone up considerably.

    Most cyber-criminal operations moved to Telegram, Jabber/XMPP, and other encryption-capable clients in late 2017, and because of law enforcement's continued focus on the Dark Web, they'll continue to remain there, with little cyber-criminal activity still being carried out via Dark Web sites.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Malware

    Malware

    As Ankit Anubhav pointed out a few slides back, evasion techniques are all in rage right now.

    Predicting that malware authors will add "evasion techniques" to malware source code is... kind of lazy... but we're not the experts here.When NewSky Security, McAfee, RiskIQ, and FireEye all predict that "evasion techniques" will be popular in 2019, they're not just mailing a prediction in. Making malware invisible to antivirus has always been a main preoccupation for malware authors, but now, more than ever, cyber-criminals appear to be interested in these techniques.

    Over the past years, these "evasion techniques" have been small malware components that make a few clever checks to detect sandbox environments. But in 2019, cyber-security firms see "evasion techniques" go to another level.

    "Think the counter-AV industry is pervasive now? This is just the beginning," McAfee said in its predictions report. "We predict in 2019, due to the ease with which criminals can now outsource key components of their attacks, evasion techniques will become more agile due to the application of artificial intelligence."

    The same thing is also echoed in FireEye's predictions report, and in RiskIQ's report, where CTO Adam Hunt says that "threat actors will be using machine learning" too, and not just the cyber-security industry.

    These predictions are not a surprise, as machine-learning-based security products have been popping up left and right. It's no stretch of the imagination to hear that malware authors are also exploring machine learning and AI in search of methods of evading their competition.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Exploit kits

    Exploit kits

    Exploit kits are web-based applications that redirect users to malicious sites where they attempt to exploit a browser vulnerability to infect the user with malware. Exploit kits have been on their death bed since 2015-2016, but have continued to drag along, albeit making far fewer victims in the past few years. The reason is that browsers have become much harder to hack, due to browser makers investing in bug bounty programs, but also because the market share of older, more vulnerable browsers has almost died out.

    In 2019, a security researcher tells ZDNet that he sees cyber-crime groups giving up on exploit kits altogether. The researcher says that the infrastructure behind these exploits kits, the servers which redirect traffic through countless of internet domains will continue to live on as separate services. Former exploit kit developers will focus their main energy on improving this infrastructure and renting it to other crooks.

    Unless someone --white, grey, or black hat-- dumps a free exploit on the market, the researcher doesn't see exploit kit developers working on coming up with new exploits, but rather sees these threat actors focusing on hacking legitimate sites to steal traffic from them or to host malicious redirection scripts (as part of their traffic distribution systems).

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Malvertising

    Malvertising

    "Malvertising will continue to gain sophistication in 2019," Jerome Dangu, Confiant co-founder and CTO, told ZDNet in an email, "heavily focusing on evasion/obfuscation to hit a large user base, with techniques like steganography and leveraging protocols like WebRTC and WebSocket."

    "The ad industry has a clear plan to curb 'forced redirects' but its deployment has been harder than anticipated. Expect attackers to continue to innovate."

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

  • Data breaches and data leaks

    Data breaches and data leaks

    Data breaches and data leaks are gonna happen. It's not a matter of when, but how.

    In the past three-four years, data leaks have happened mainly due to companies leaving MongoDB or AWS servers exposed on the Internet without a password. But in the past years, companies have been learning from their mistakes and the number of exposed servers has gone down, slightly, albeit not to zero.

    But according to conversations ZDNet had with experts from Hacken Proof and Risk Based Security over the course of the last year, ElasticSearch will be the technology at the heart of most data leaks in the coming year.

    While some data breaches will occur after orchestrated hacks, a large number will also occur because someone forgot to set up a password for a server. No, we're not joking. This is actually a real problem, as stupid as it sounds. Servers, accidentally or intentionally, left exposed on the Internet without a password will plague 2019 just like they did 2018, 2017, and all the prior years.

    Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

    Caption by: Catalin Cimpanu

15 of 15 NEXT PREV
Catalin Cimpanu

By Catalin Cimpanu for Zero Day | December 9, 2018 -- 10:39 GMT (02:39 PST) | Topic: Security

  • 2019 Predictions
  • In-browser crypto-mining (Cryptojacking)
  • Web skimmers (Magecart attacks)
  • Botnets
  • DDoS attacks
  • Ransomware
  • Financial crime
  • The cloud
  • Email attacks
  • Hackers and the cybercriminal underground
  • The Dark Web
  • Malware
  • Exploit kits
  • Malvertising
  • Data breaches and data leaks

Experts weigh in on what they believe will happen to the world of cybercrime, malware, and botnets in the coming year.

Read More Read Less

Data breaches and data leaks

Data breaches and data leaks are gonna happen. It's not a matter of when, but how.

In the past three-four years, data leaks have happened mainly due to companies leaving MongoDB or AWS servers exposed on the Internet without a password. But in the past years, companies have been learning from their mistakes and the number of exposed servers has gone down, slightly, albeit not to zero.

But according to conversations ZDNet had with experts from Hacken Proof and Risk Based Security over the course of the last year, ElasticSearch will be the technology at the heart of most data leaks in the coming year.

While some data breaches will occur after orchestrated hacks, a large number will also occur because someone forgot to set up a password for a server. No, we're not joking. This is actually a real problem, as stupid as it sounds. Servers, accidentally or intentionally, left exposed on the Internet without a password will plague 2019 just like they did 2018, 2017, and all the prior years.

Published: December 9, 2018 -- 10:39 GMT (02:39 PST)

Caption by: Catalin Cimpanu

15 of 15 NEXT PREV

Related Topics:

Security TV Data Management CXO Data Centers
Catalin Cimpanu

By Catalin Cimpanu for Zero Day | December 9, 2018 -- 10:39 GMT (02:39 PST) | Topic: Security

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • iVerify: Added security for iPhone and iPad users

    I'm usually wary of security apps, but iVerify by Trail of Bits is different. It comes highly recommended and offers a lot of features in a small download. ...

  • iStorage datAshur BT hardware encrypted flash drive

    FIPS 140-2 Level 3 compliant storage drive with wireless unlock feature and remote management. IP57 rated for dust and water resistance.

  • Netgear BR200 small-business router

    The Netgear BR200 Insight Managed Business Router has been designed to be easy to set up, and features a built-in firewall, VLAN management, and remote cloud monitoring, and can be ...

  • YubiKey 5C NFC: The world’s first security key to feature dual USB-C and NFC connections

    The YubiKey 5C NFC can be used across a broad range of platforms -- iOS, Android, Windows, macOS and Linux -- and on any mobile device, laptop, or desktop computer that supports USB-C ...

  • Apricorn Aegis Secure Key 3NXC

    The new Aegis Secure Key 3NXC builds on Apricorn's Secure Key 3z and Aegis Secure Key 3NX, taking the same proven form-factor and physical keypad, and adding something that users have ...

  • YubiKey 5Ci Clear Limited Edition

    Transparency in security.

  • Certo AntiSpy iPhone Spyware Detection

    Certo AntiSpy is not an app. Instead, it is a utility that you download and install on a Windows or Mac, and you use that to scan a backup of your iOS or iPadOS for subtle signs of intrusion. ...

ZDNet
Connect with us

© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

  • Topics
  • Galleries
  • Videos
  • Sponsored Narratives
  • Do Not Sell My Information
  • About ZDNet
  • Meet The Team
  • All Authors
  • RSS Feeds
  • Site Map
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums