Cyber security’s 2018 megatrends and myriad emerging threats have created the perfect storm for a tumultuous 2019. From never-before-seen attacks on newly engineered biometric markers and the broad embrace of blockchain, to expanded risks posed for “new” critical infrastructure and the transfer of trust, organizations must look to the threat horizon, and accelerate and collaborate to out-innovate and out-maneuver the attackers.
As we head into 2019, here are five security predictions to prepare for:
1. Emerging ‘Unique Human Identities’ Under Attack
We’ll see a new wave of attacks against emerging ‘unique human identities’ – or newly engineered biometric markers for digital and physical authentication. Biometric fingerprint, voice and face ID authentication controls have proven effective in consumer devices, and organizations will look to new authentication methods – like embedded human microchips, for example. Attackers will increasingly target these identities to gather massive amounts of biometric data for future modeling purposes and nefarious use. Genetic consumer-services, biometric stores within organizations and more will become key targets, further elevating privacy concerns.
2. Government Social Media Becomes Regulated as Critical Infrastructure
Governments will start counting government-sanctioned social media accounts – both for elected officials and agencies – as critical infrastructure. Much like government text messages are regulated in numerous ways, social media will become regulated as well.
Social media has emerged as a critical tool for governments to communicate with citizens. Whether it’s individual politicians and elected officials, or the official accounts of government agencies and organizations, social media is quickly emerging as one of the top pathways for a government to communicate with citizens.
While social media allows for the rapid dissemination of critical information, it also has a dark side, illustrated in the past year by the false missile alerts that sent residents of Hawaii and Japan into a panic. This provides a glimpse of how attackers could use official social accounts to spread chaos.
3. Trade Wars Trigger Commercial Espionage
Government policies designed to create ‘trade wars’ will trigger a new round of nation-state attacks designed to steal intellectual property and other trade secrets to gain competitive market advantages. Nation-state attackers will combine existing, unsophisticated, yet proven, tactics with new techniques to exfiltrate IP, as opposed to just targeting PII or other sensitive data.
While these attacks will predominantly be carried out by malicious external attackers, we’ll also see an uptick of insider attacks, especially in cutting-edge industries like autonomous cars (much like occurred at Apple in June 2018). We’ll see attacker dwell times extend as nation-states spend more time conducting reconnaissance and carrying out these trade-driven attacks. We’ll also see the emergence of nation-state weapons commercialized on the black market. This same phenomenon happened after Stuxnet, Petya and NotPetya – where cybercriminals take pieces of code from massive nation-state attacks and incorporate them into their attacks.
4. Supply Chain Meets Blockchain
Blockchain will transform the supply chain in 2019. Following allegations of nation-states targeting the supply chain at the chip level to embed backdoors into both B2B and consumer technologies, organizations will embrace blockchain to secure their supply chains. The distributed nature of blockchain makes it well suited to validate every step in the supply chain – including the authenticity of hardware and software. We’ll continue to see increased attacks early on in the supply chain, and there will be a greater need for this level of validation.
5. Enterprises Transfer Trust and Risk…to Google and Facebook?
The embrace of Google’s BeyondCorp strategy – shifting access controls from the network perimeter to individual users and devices without the need for a traditional VPN – will expand the attack surface in 2019 if the necessary controls are not put in place. This ‘zero trust’ approach can open up several attack vectors. First, it transfers risk and trust to third parties, like Google or Facebook, with velocity. Identity providers are exposed to an expanding attack surface through the use of authentication protocols and short-lived tokens or temporary API keys that can be compromised. This transfer of trust also opens up the very real possibility of attackers weaponizing identity provider assets or services to expose credentials or allow privileged access.
Second, the BeyondCorp approach requires an organization to expose some of its infrastructure in order to allow employees to use applications or access the network. Anytime organizations expose assets to the outside world, they also expose the mistakes they’ve made. Whether they are ports that are open that shouldn’t be or misconfigured security settings, for example, attackers will look to exploit these visible weaknesses.
This article was contributed by Lavi Lazarovitz, CyberArk Labs Team Leader in Research.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.