2018 was a banner year in cyber security. New, destructive attacks emerged, and old concerns blossomed into full on threats against both society and the individual. Below is DigitalStakeout’s top 10 threats that appeared in 2018 and are likely to continue well into 2019 and beyond, especially as our lives are increasingly interconnected throughout cyberspace and the speed of information only increases.
1. 3rd Party Data Collection and Use
Since most people are either unaware, or unperturbed, by this tracking, it will continue well into the future, even despite novel privacy approaches offered by the EU’s GDPR laws. In addition, the algorithms used to ingest and make sense of this data, and subsequently push ads and other services to us and our devices, will only mature, further sharpening these pushes.
2. Privacy and Encryption
On the flip side, partly in response to the above points, among other myriad reasons, public awareness of the best practices in online privacy has steadily grown. Privacy conscious communities have built and raised awareness of several tools to assist us in becoming invisible to online trackers, and their popularity is growing, albeit slowly.
Encryption, especially regarding our chats and SMS communications, also became and major point of contention in 2018. From Russia’s battle with Telegram to the rise of apps such as Signal, to the widespread use of WhatsApp, despite being owned by Facebook, end-to-end encrypted chat platforms have grown significantly and are now even being targeted by democratic governments.
3. Phishing and Greater OSINT Capabilities + AI
The proliferation of Open-Source Intelligence (OSINT) techniques through the use of AI grew significantly in 2018, with a greater number of podcasts appearing to teach and understand the inner workings of internet footprints, and new tools developed for quicker and easier access to information hidden just beneath public-facing interfaces.
While this has been fantastic for investigators and security-minded professionals, these techniques also enable attackers better than ever before to weaponize social media data and more. Phishing continues to provide the primary means of infection for attackers, and OSINT techniques only make initial contact vectors easier and more convenient to the attacker.
4. Scams, Social Networks, and Hyper-Sonic Social Media
Scams are not new, but with social networks playing an ever-larger part of our lives, new scams employing these modes of communication and connectivity have developed quickly and ferociously. With all the interconnectivity promised by these networks, the proliferation of a single scam is now faster than ever before.
Plus, the speed with which media is produced and subsequently consumed has also accelerated. We now find ourselves in an environment where information is expected to be available immediately, and any attacker who can play into that expectation is able to reap the benefits of his attack almost immediately – even before it is known to be an attack.
5. Dorking on Steroids
Google dorking has long been a favorite OSINT technique for hackers, but 2018 saw benefits reaped on a scale previously not observed. New OSINT scanning and exploitation tools have allowed for mass searching and data analysis for even moderately-skilled attackers, resulting in major cloud breaches all year. Brand protection will have to become more proactive with IT departments and developers will need to integrate threat mitigation into devops methodologies across the development cycle. Otherwise, distributed dorking, scanning and brute force discovery of improperly secured and over-shared cloud data will continue to allow attackers to discover and steal these data across the internet with minimal effort and low risk of detection.
6. Greater IoT Connectivity and Threats
The Internet-of-Things (IoT) has also blossomed considerably in 2018, with our homes and offices filled with little things strewn about, all of which happen to be connected to the internet. Of course, as with all devices attached to a connected network, if that network is compromised, each of those devices are potentially vulnerable to capture and enslavement.
Attackers have already begun developing other types or malware and spyware to infect IoT devices in order to steal sensitive information. As these devices are new and the operating systems are relatively available to those who seek to exploit them, attackers are likely to discover new vulnerabilities quickly and steadily.
The State of California took steps to address the base level of these vulnerabilities in 2018 by passing legislation to ban default passwords in an effort to make the initial infection step that much more difficult, if not near impossible, in the first place.
7. DDoS Attacks Grow Larger
2018 saw a significant rise in Distributed-Denial-of-Service (DDoS) attacks, largely due to unsecured IoT devices. An attacker can compromise an entire network of things (of course, not all “things”, but a significant number of them) and install his malware, enslaving those devices to send request packets at his or her bidding. Indeed, in 2018 GitHub was the victim of the largest DDoS attack ever seen, and the Memcached bug allowed attackers to stage massive attack with fewer resources than before.
DDoS is only the tip of the iceberg in terms of distributed attacks. Recent attacks against WordPress sites highlighted that even webpages can be hijacked and used to attack others. This trend is likely to continue, even bringing IoT devices into the fold to attack each other in a sort of “botnet wars”.
8. The Rise of Cryptocurrency Mining
Cryptocurrency mining has become a gold mine for online bad guys. In 2018, the primary method of attack was to implant a miner on webpages, though the growing sophistication of IoT devices will likely provide greater opportunities moving forward, with attackers seeking to install either enslaving bot or cryptomining malware on these devices, making money and staging DDoS attacks at will.
This unauthorized cryptocurrency mining on an unsuspecting user’s machine or IoT device is known as cryptojacking, and its popularity is increasing. The use of someone else’s CPU to mine for cryptocurrency is a tempting proposition, as it most often goes unnoticed by the victim, especially in the case of IoT devices.
9. Large Scale Breaches
How many millions of people’s personal data were stolen in 2018? Hundreds of millions. This almost incomprehensible number only strengthens the theorem, “Just go ahead and assume your data has been stolen and is for sale somewhere out there on the internet.”
State-sponsored Advanced Persistent Threats (APTs) have paved the way for massive data breaches, with individuals also developing the requisite skills to get in on the action. The attacks almost always begin with a simple phishing campaign, if not some basic Google dorking, and then, once inside, internal controls are insufficient to prevent the attacker from gaining access to the database’s most sensitive information.
This trend is guaranteed to continue, especially under the belief that, it’s not a matter of “if”, but of “when” and who simply hasn’t announced it publicly yet.
10. Destructive and Disruptive Malware
Finally, destruction has played a key role in 2018’s marque malware offerings. Ever since the sheer power of Stuxnet showed the world just how powerful and alluring digital destruction could be, malware has developed a nasty bite, with ransomware even quickly transforming into wiperware before its initial novelty had worn off. The discovery of Meltdown and Spectre, and the spread of Shamoon, have taken destructive malware to new levels, leaving victims completely helpless as their systems imploded.
Destruction does not only mean physical destruction. It can also imply devastation and chaos, as witnessed when ransomware infected Baltimore’s 911 dispatch system and almost the entirety of the City of Atlanta. Even hospitals have faced unrelenting attacks. At this point, it is only a matter of time before a piece of critical infrastructure, such as an airport, is infected, plunging thousands of people and services into chaos.
The world got a small glimpse of this destructive potential with the infections of power plants and other critical pieces of infrastructure in Ukraine, leaving only guesses as to how powerful an attack against large scale targets may be.