Singapore universities cyber attack
cyber attack (Representational picture) Pixabay

Internet security giant, McAfee has released a critical 2019 threat prediction report revealing sinister plans of cybercriminals, which will be used to make large-scale attack next year.

In 2018, we witnessed series of ransomware attacks such as Petya, WannaCry and others affecting large corporate and also government-run agencies including healthcare and now, we have come to understand that the cybercriminals will use advanced Artificial Intelligence (AI) technology to make their attacks severe in 2019.

"With access to increasingly effective tactics and strategies, bad actors will have the ability to focus their attacks on broader and more complicated targets. In 2019, cybercriminals are anticipated to target intellectual property, Internet of Things (IoT) in the home and identity credentials via the cloud, digital assistants, and social media platforms, respectively," McAfee said in the report.

Highlights Of McAfee 2019 Security Threat Predictions:

  • Artificial Intelligence for Improved Evasion: With an easy access AI-as-a-service, cybercriminals will be able to attack victims with increasingly sophisticated evasion techniques. With AI, cybercriminals can hand-pick targets, scan for target network vulnerabilities, and assess posture and responsiveness of infected environments to avoid detection before deploying later stages of attacks.
  • Nation-State Strategies Repurposed for Corporate Extortion: In the recent past, we have seen political campaigners using bots on social media sites swaying public opinion and now, cybercriminals will likely to repurpose the bots and leverage social media to extort organisations by threatening to malign their brands.
  • Synergistic Superthreats for Attack Success: Bad actors are expected to evolve their usual strategy centred on the use of a single threat, in favour of combining several attack types to bypass the defences.

For instance, cybercriminals can use multiple techniques such as phishing, steganography (a practice of concealing a file, message, image, or video within another file, message, image, or video.) and file-less malware for an attack with multiple goals. These synergistic super threats will work together and if the company is not well equipped with the latest Cybersecurity tool, it will be almost impossible to even identify and mitigate the attack.

  • Data Exfiltration Attacks via the Cloud: McAfee predicts a significant increase in targeted attacks on the large amounts of corporate data now residing in the cloud. It is believed that close to 21% of the content now managed in the cloud contains sensitive materials such as intellectual property, customer and personal data. So, cybercriminals use cloud-native attack mode to target weak Application Programming Interfaces (APIs) or ungoverned API endpoints, expanded reconnaissance and exfiltration of data in cloud databases, and leverage of the cloud as a springboard for cloud-native man-in-the-middle attacks to launch cryptojacking or ransomware attacks.
  • Home IoT Attacks via Smartphones, Tablets, and Routers: McAfee foresees that a new mobile malware will likely infiltrate smartphones, tablets, and routers to gain access to the digital assistants and home IoT devices they control. Once infected, these devices can serve as a picklock to consumer homes while supplying botnets, which can launch Distributed Denial of Service (DDoS) attacks or grant cybercriminal access to personal data and the opportunity for other malicious activities such as opening doors and connecting to control servers.
  • Identity Attacks via Social Media Platforms: All social media platforms, which have faced backlash over privacy concerns in recent times, are expected to be highly vigilant and implement additional measures to protect customer information in 2019.
    But, the growing number of users on social media is enticing enough for cybercriminals to focus their resources on attacking the data-rich environments. High-impact attacks, such as those targeting industrial control systems, have seen success in part due to static password use across environments. Successful social media and other identity platform and edge device breaches will provide the keys to adversaries to launch similar attacks in the future, the McAfee report concludes.

Going by McAfee's 2019 predictions, large corporations and government agencies have their task cut out to make the next year safer for consumers. Also, it goes without saying that the citizens should also exercise caution while doing digital transactions or participate in an online survey on social media sites or installing any software on to their phones or PCs.