With every passing year, cybercriminals are getting smarter and are quickly adopting new and sophisticated technology to carry out cyberattacks innovatively. The intensity of the cybersecurity threats and attacks is also gradually increasing, making it more challenging for security admins to stay ahead of this cat-and-mouse game between the attackers and defenders. The global cybersecurity market has been booming over the past several years and is expected to grow from $127 billion in 2017 to $300 billion by 2024. Here are some of the key cybersecurity threats that you should watch out for the rest of 2019 to keep yourself informed about the latest threats.
Hacking artificial intelligence defense — using AI tools
Artificial intelligence is turning out to be a double-edged sword when it comes to cybersecurity. Organizations are trying to take advantage of AI technology to protect their systems. But at the same time, hackers are also equipping themselves with the novel capabilities to exploit the system with that same AI technology, turning what was believed to be a stout defense into yet another of our top cybersecurity threats. Cybercriminals have started creating advanced attacks using AI to compromise these defenses. AI-generated phishing emails are way more deadly than the ones generated by humans. These emails are developed having current security solutions in mind. They are capable of bypassing the spam filters and other gateway solutions, landing up straight into the end user’s mailboxes. Hackers can also develop highly realistic “deepfake” video and audio to fool individuals.
Another possible risk of the adversarial network is that hackers can infiltrate datasets used to train AI models. For instance, they may inject malicious code and modifying labels so that threats are marked as safe rather than as malicious. At the extreme end, it is even possible that if the hacker can identify the algorithm used by the defense system, they can develop an AI-based counter-model to bypass it. This is like having two neutral systems contesting each other to learn the AI algorithms the other is using (mostly found in generative adversarial networks).
Rise of cryptojacking attacks
Growing trend of mobile malware
Mobile devices are a top target for cybersecurity threats in 2019, an attack vector expected to get worse for the rest of this year and beyond. Cybercriminals are developing new tools and ways to spy on Android and iPhone devices. Banking Trojans turned out to be the most prominent threat vector for mobile devices in 2018, growing by 150 percent. In 2018, security and intelligence firm Talos discovered that a hacking group utilized the Mobile Device Management (MDM) protocol to exploit a few iPhones in India. It was found out that the hackers had gained access to the devices via social engineering attacks and physical access to secretly spy and steal the data. In addition, several fake apps were found that made their way to the Google Play app store and then to end user’s mobiles. This trend of fake apps posing as popular brands on the popular app stores like is one trend we may expect to grow further in 2019 and beyond.
More sophisticated supply chain attacks
In 2019, cybercriminals are continuing to focus on attacking critical software supply-chain infrastructure to conduct more extensive attacks. The hackers have started recognizing the advantages of supply-chain attacks, beginning with the June 2017 NotPetya campaign, which rapidly spread to wipe data from thousands of computers around the globe. Last year saw a notable amount of supply chain-targeted attacks, involving organizations like Best Buy and Delta Airlines. You may expect the cybercriminals using this approach to formulate more widespread attacks with deadlier possible impact in coming future.
Misuse of the insecure biometric data
Biometrics has moved to the top priority in 2018 as a way to authenticate people for institutions and banks. But at the same time, several incidents of the leak of biometric data have been observed globally. One such major incident includes the leak of Aadhar, India's national ID database, potentially impacting the biometric data of its 1.1 billion registered users. Using the compromised confidential data, attackers could attempt the next level of scams — forging fake identities for doing financial frauds, fake e-commerce transactions, or any other innovative use of biometric data to carry out malicious activities.
Blockchains are no more secure
Blockchain is used in several applications because it allows users to perform secure transactions, which can be verified via public ledgers, and are protected by encryption. But recently, new types of attacks and cybersecurity threats were identified that may render this advantage of blockchain useless. The attack, known as “privacy poisoning,” involves loading secure blockchain networks with some confidential data like names, addresses, and credit card numbers into a blockchain, thus creating a conflict with the laws of privacy. To remove unwanted content, the infected blockchain will require an enormous amount of time and effort. And due to lack of any central authority, there may be chances of entire blockchain losing out due to noncompliance with privacy laws. As per an estimate, over 75 percent of public blockchains will suffer the “privacy poisoning” issue by 2022.
Another important use case of blockchain technology is smart contracts — self-executing contracts that are intended to facilitate, verify, or enforce the negotiations digitally. These smart contracts are currently being used to carry out financial transactions. While smart contracts have possible use cases, this relatively new technology still has bugs, according to researchers. The main problem linked with making smart contract data private is with the built-in transparency of the blockchain. The hackers have already known this vulnerability. It will be a big challenge for organizations that will leverage smart contracts in 2019.
Using cloud computing infrastructure to carry out attacks
Hackers have been found using cloud services to mask their identities while carrying out attacks. We have seen hackers exploiting and abusing popular cloud-based services such as Google Cloud Platform, Microsoft Azure, Asus Cloud, Google Drive, Dropbox, and others to fool their victims. Hackers may use these services to spread malicious code or distribute macro-laden documents and spreadsheets or use them as command and control servers. Hackers were also found using cheap cloud services to host their entire DDoS and brute force infrastructure, and then targeting users and other cloud providers. And research showed that this was all possible with a cost as low as $6. And on top of it, attackers even get the agility to migrate this setup easily to another service and purge their entire cloud instance as soon as they get caught. Such niche advantages of cloud services may urge hackers to continue exploiting the cloud infrastructure to carry out cyberattacks.
How to avoid cybersecurity threats? Stay alert, stay proactive
The best defense against such innovative threats is often simply practicing good cyber-hygiene (like avoiding clicking on suspicious links or attachments from unknown users), and having a strong defense system (like using firewalls, intrusion detection, and prevention systems). Proper training and awareness sessions for the staff and the security teams can also help you turn away any intrusion attempts made by bad actors. Having a proactive threat intelligence system can help you keep your organization one step ahead of such cybersecurity threats.
Featured image: Pixabay