Malwarebytes Releases 2019 Security Predictions

Malwarebytes 2019 Security Predictions

  1. New, high-profile breaches will push the security industry to finally solve the username/password problem. The ineffective username/password conundrum has plagued consumers and businesses for years. There are many solutions out there—asymmetric cryptography, biometrics, blockchain, hardware solutions, etc.—but so far, the security industry has not been able to settle on a standard to fix the problem. In 2019, we will see a more concerted effort to replace the password solution all together.
  2. IoT Botnets—will come to a device near you. In the second half of 2018, we saw several thousand MikroTik routers hacked to serve up coin miners. This is only the beginning of what we will likely see in the new year, with more and more hardware devices being compromised to serve up everything from coin miners to malware. Large scale compromises of routers and IoT devices are going to take place and they are a lot harder to patch than computers. Even just patching does not fix the problem, if the device is infected.
  3. Digital skimming will increase in frequency and sophistication. Cybercriminals are going after websites that process payments and compromising the checkout page directly. Whether you are purchasing roller skates or concert tickets, when you enter your information on the checkout page, if the shopping cart software is faulty, information is sent in clear text, allowing attackers to intercept in real time. Security companies saw evidence of this with the British Airways and Ticketmaster hacks.
  4. Microsoft Edge will be a prime target for new Zero Day attacks and Exploit Kits. Transitioning out of IE, Microsoft Edge is gaining more market share and we expect to see mainstream Edge exploits as we segue to this next generation browser. Firefox and Chrome have done a lot to shore up their own technology, making Edge the next big target.
  5. EternalBlue or a copycat will become the de facto method for spreading malware in 2019. Because it can self-propagate, EtnernalBlue presents a particular challenge for organizations and cybercriminals will exploit this to distribute new malware.
  6. Cryptomining on desktops, at least on the consumer side, will just about die. Again, as we saw in October (2018) with MikroTik routers being hacked to serve up coin miners, cybercriminals just aren’t getting value out of targeting individual consumers with coin miners. Instead, attacks distributing cryptominers will focus on platforms that can generate more revenue (servers, IoT) and will fade from other platforms (browser-based mining).
  7. Attacks designed to avoid detection, like soundloggers, will slip into the wild.  – Keyloggers that record sounds are sometimes called soundloggers and are able to listen to the cadence and volume of tapping to determine which keys are struck on a keyboard. Already in existence, this type of attack was developed by nation-state actors to target adversaries. Attacks using this, and other new attack methodologies designed to avoid detection are likely to slip out into the wild against businesses and the general public.
  8. Artificial Intelligence will be used in the creation of malicious executables – While the idea of having malicious artificial intelligence running on a victim’s system is pure science fiction at least for the next 10 years, malware that is modified by, created by and communicating with an AI is a very dangerous reality. An AI that communicates with compromised computers and monitors what and how certain malware is detected can quickly deploy countermeasures to create a new generation of malware. AI controllers will enable malware built to modify its own code to avoid being detected on the system, regardless of the security tool deployed. Imagine a malware infection that acts almost like “The Borg” from Star Trek, adjusting and acclimating their attack and defense methods on the fly based on what they are up against.
  9. Bring your own security grows as trust declines. More and more consumers are bringing their own security to the work place as a first or second layer of defense to protect their personal information. Malwarebytes recently conducted global research and found that nearly 200,000 companies had a consumer version of Malwarebytes installed. Education was the industry most prone to adopting BYOS, followed by software/technology and business services.