2019 Cyber Security Threat and Vulnerability Predictions
This report outlines our predictions regarding cyber threats and vulnerabilities for 2019. We base those on the trends Wapack Labs were observing during 2018. The main topics are artificial intelligence, IoT and mobile, cryptocurrency cybercrime, APT activity, and eCommerce targeting.
- Smarter Computing: Swarm, AI and Quantum
IBM-Q allows access to its quantum computer for research and testing. Quantum computing will revolutionize the world of encryption. As more countries develop and employ quantum computers, current methods of encryption will be obsolete. We expect to see more companies and countries make advancements in quantum computing. APT groups will use it to break password hashes and decrypt encrypted traffic.
- IBM-Q now offers 20 qubits of quantum processing power.
- Google, NASA and Lockheed Martin already using quantum computing.
The implementation of AI and machine learning into automated systems continues to grow. These systems are taking over a larger role in decision making and often have access to large amounts of data so that it can continue to trend and learn. With this proliferation, we expect to see AI systems targeted by attackers and used by attackers to aid in vulnerability detection and malware distribution.
- 15 % of enterprises use AI currently.
- 31% of enterprises will use AI by the end of 2019.
- 3 largest in-demand skills on monster.com are ML (Machine Learning), deep learning and NLP (Natural Language Processing).
In future, nearly every weapon system is turning to swarm attacks – unmanned, peer-to-peer communication, hitting like a flock of blackbirds swarming from the trees by the thousands, moving in sync. Similarly, micro instances of autonomous computers will operate like blackbirds hitting every possible vulnerability presenting itself on a network, crippling the target.
- This technology is being implemented by scientists at PNNL (Pacific Northwest National Laboratory) where they use “digital ants” that wander computer networks looking for threats like “self-replicating worms”. When a digital ant detects a threat an army of ants converge on that location to drawing attention to human operators to investigate. This technology will have huge implications for cyber defenders and attackers.
- Abusing Weak Links: IoT, Mobile and Physical Security
Vulnerable IoT and Automation
IoT devices are easy targets for botnets, and when desired, those botnets can be used for other, more nefarious things. Without some kind of security service protecting your homes and businesses, this computing power that you install for simplicity could be badly abused by hackers.
- Wapack Labs have tested and installed Nest, Wink, Hue, Ring, and Chamberlain consumer-based home automation systems. Every one of them instructs users to connect into the back of a home internet router, with no firewall present.
- Foreign intelligence services used Samsung Smart Televisions to spy on home users (and broadcast election propaganda) during the Ukrainian Parliamentary Elections a few years ago.
Physical security systems are vulnerable.
The very physical security systems are often produced and/or deployed in unsecure manner. 2019 will bring exploitation of physical security systems to the forefront.
- Wapack Labs researched cases of HikVision, popular surveillance camera systems: they were operating on VOIP, meaning every camera had some kind of server built in (likely open source, possibly Apache). With credentials that allow it to be controlled by non-IT personnel from security monitoring centers.
Malware on Android phones and the use of mobile phones in botnets continues to grow. Mobile malware is difficult to track and mitigate making it attractive to cybercriminals. With more people using their mobile phone for banking and shopping mobile malware will continue to be a growing threat in 2019.
- In December 2018, Wapack Labs increased efforts to stop mobile malware and Wapack Labs Cyber Threat and Analysis Center (CTAC) added 157 new instances of mobile malware botnet IPs targeting specifically banking operations.
Mobile Proxy Botnets
An emerging trend that is expected to increase in 2019, is the use of mobile proxy botnets. Beginning in June 2018, Wapack Labs observed the use of mobile device proxies in various botnet activities and large-scale industrial fraud. A compromised mobile device offers several advantages for attackers; malware removal on mobile devices is far less common and much more difficult than regular computers. This means an attacker can get more mileage out of a single mobile device, mobile devices are more likely to change IP addresses making IP blacklisting an unrealistic defense strategy.
As of this report, there are only a few providers of compromised mobile device proxies. One the primary vendors distributes Android malware that appears to be a legitimate application but is actually malware designed to turn the device in a proxy. Mobile device proxy rental is currently a lucrative business model, since a newly recruited mobile device has very little chance of being blocked. This is a feature and many hackers will pay top dollar to get it. Wapack Labs also predicts the emergence of a ‘premium market’ of compromised mobile devices with the roll out of 5G as botnet herders can capitalize on the additional bandwidth.
- Cryptocurrency Abuses
In 2018, we saw an increase in cryptocurrency mining and fraud as the price of bitcoins continue to decrease. The price of a bitcoin dropped from US$ 14,000 in January of 2018, all the way down to its current level around US$ 3-4,000. While the price of bitcoin remains low, some cybercriminals will attempt to cash in before the coin rebounds. Other cybercriminals find cryptocurrencies easy to steal, move and launder.
- Traditional banking trojans like Trickbot began targeting cryptocurrency exchanges and bitcoin sites this year and we expect to see this trend continue and increase.
- Crypto mining surpassed Ransomware as top malware threat in 2018.
- Mining attacks up 1000% in 2018.
Six figure ransoms are quickly becoming the norm, not the exception. Ransomware will continue to be a threat to all types of businesses and organizations, with no easy solution.
- In 2018, Wapack Labs helped to mitigate a growing number of targeted ransomware attacks.
- Cybersecurity Ventures predicts ransomware damages will cost the world $5 billion in 2017 and climb to $11.5 billion in 2019.
- Global Trends: Geopolitical Influences and eCommerce Targeting
Cyber activity from China and Russia will increase this year as tensions increase. Tensions between the US and China will continue over trade relations and influence, as the US attempts to counter Beijing’s growing influence globally through investment and infrastructure and communications construction. We expect to see an increase in cyber activity from China targeting US technology, universities, and eCommerce companies.
In 2017-2018, Russia was holding back some of its cyber potential, as it was hoping the US and EU would drop some of the economic sanctions. But as sanctions remained in effect and new sanctions are being levied, the cyberattacks are likely to follow. The Russian cyber campaigns of the last few years were successful at seeding political unrest and will continue in size and scope.
- China was named the worst abuser of internet freedom in 2018.
- Xi Jinping wants China to be a “cyber superpower”.
As Internet commerce continues to grow so will cybercrime targeting eCommerce platforms. More people continue to make purchases online with eCommerce growing 16% per year. Credential stuffing tools continue to refine their capabilities causing tremendous losses to online marketplaces. We expect to see an increase in the use of 2-factor authentication by eCommerce sites in 2019 to mitigate credential fraud.
- 29% of eCommerce traffic is malicious.
- 50% of small business report an increase in fraud.
- Future Malware Pandemic
No new Spectre and Meltdown?
Our analysts forecast more attacks of these types in 2019 and beyond. Hardware, the great unknown factor, allows insertion of code directly to a motherboard, at the physical layer, operating independently of the operating system. How much additional capability lies on a CPU that’s not being used today? Interface chips? Memory?
- First malware samples that exploit Meltdown and Spectre came to light in January-February 2018.
Prepared by: Jeff Stutzman, Scott Hall, Yury Polozov
Approved by: J. McKee
 Wapack Labs Technical Intelligence Report “Trickbot New Password Module” https://files.slack.com/files-pri/T71KHUTDM-FEE372WTV/download/tir-18-331-001_trickbot_pwgrab.pdf
 Wapack Labs Intelligence Report “China’s Vision of Cyber Sovereignty” https://files.slack.com/files-pri/T71KHUTDM-FF5UGQ59U/download/ir-19-001-001cns_vision_of_cyber_sovereignty_1910101.pdf
 Credential stuffing is the practice of testing stolen credentials against a website or API using automated account verification mechanisms, and it is one of the most common forms of attacks facing online companies today. See Wapack Labs Intelligence Report “Sentry MBA Credential Stuffing” https://files.slack.com/files-pri/T71KHUTDM-FDRT8N679/download/tir-18-298-001_sentry_mba.pdf