Demo Free trial Request quote
30January
Cyber security predictions 2019
There’s no question about it, the number of cyber security related threats are increasing drastically and cyber crimes i becoming more and more advanced which makes them more complex to fight. During 2018 we have seen some trends in a relatively small scale. We believe that some of these trends will increase in scale 2019. Here are our cyber security predictions for 2019. Stay safe!
By Jonas Lejon Topics: Trends, Vulnerability assessment

Web scraping of credit cards

Last year, a number of different e-retailers' credit card forms, on their web pages, were hijacked. Where JavaScript was injected, reading the credit card information.

We all know that thieves follow the money and we will most probably see more attacks in the chain prior to the credit card provider authentications being attacked or replaced by an attacker's fictitious form.

Active defence

More people realize that active and fast action is crucial in preventing an attacker from gaining ground in an organization. Therefore, more products and systems appear that can prevent an attacker from escalating their rights or moving within the network (lateral movement). But to make rapid countermeasures, of course, the attacker must first and foremost be discovered, which places demands on traceability and logging.

An active defence can also involve introducing honey traps and systems that are virtualized but not part of the real network or planting information that confuses the attacker or leads it into the wrong track and causes incorrect conclusions to be drawn.

Artificial Intelligence

Will 2019 be the year where we will see real AI within cyber security? Many security products we use everyday have relatively little AI built in and there is probably a huge development potential where cyber security meets AI. Imagine for example Nmap with a little intelligence? Instead of only scanning the 1.000 most common ports that a system exposes, dynamic ports are also added based on those identified.

Vulnerable products

In recent years, we have seen that connected products, like IoT, contain vulnerabilities and can be used to attack others by, for example, being part of a bot network. However, what we have seen less of is how the gadgets' own functions can be used for malicious purposes to a great extent. In this area I believe we will see more and more startling cyber attacks, let’s just hope they don’t affect people's lives.

Net fishing and multi-factor authentication

As an increasing amount of logins are done using multifactor authentication (MFA), tools and methods are also being developed to attack multifactor authentication. With a targeted email message lurking a user, the attacker can bypass multi-factor authentication and escalate their rights and become the domain administrator on the organization's network in just a few minutes. It’s no longer a fictitious scenario but something that is performed both by malicious attackers and by Red Team exercises where companies are hired to test the security.

About the author
Jonas has worked for more than 10 years at FRA (the Swedish National Defence Radio Establishment) and the Swedish Armed Forces . Jonas is a member of the Holm Security Advisory Board and runs Sweden's largest blog about cyber security called kryptera.se.

Jonas Lejon
jonas@triop.se
Website: kryptera.se