IT threats: The trends 2019

Cyber criminals are developing new strategies to attack even the most modern IT environment. IT security specialists reveal the threats that can be expected in the coming months.

Encryption Trojans remain loyal to us

Just a few days ago, another Trojan horse struck. The Reporting and Analysis Centre for Information Assurance (Melani) of the Confederation has information that the Emotet Trojan specifically infects computers and servers in corporate networks with an encryption Trojan (ransomware) called "Ryuk". In the process, "Ryuk" encrypts files stored on the computer or server and, once the job is done, demands a considerable sum of ransom money from the affected company - Melani is talking about 200,000 francs and more.

According to experts, this potential threat will continue to occupy us over the next twelve months. "Encryption Trojans will be the central issue for the broad mass of users in the long term," says security specialist Thomas Uhlemann of Eset. On the one hand, a powerful security solution helps against this, but on the other hand, strengthening the security competence of the users is just as important. On the corporate side, Uhlemann sees the use of holistic and proactive approaches as imperative.

When the PC becomes slower and slower

Until now, attacks by ransomware (extortion software) were much more common than by cryptomining malware. But these attackers are on the rise. Illegal machines that are part of a botnet (group of automated Malicious programs) linked computers and smartphones are increasingly being misused for cryptomining (using other people's computing power), stresses BullGuard. Compared to ransomware, cryptomining malware can be seen as a comparatively harmless attack. Victims do not realize for a long time that they are part of an illegal botnet. Often, they only become aware of the attack when the performance of their computer drops sharply or the ventilation causes unnaturally loud noises. Cryptomining can be carried out undetected over a long period of time, are difficult to trace, and are lucrative, BullGuard said.

Will the classic password soon be obsolete?

With increasing digitization, the number of online accounts is also growing. But who can remember all those passwords, and how can they be managed? Password fatigue" is spreading. As a result, people use the same user name and password for several websites. Password misuse is also the cause of most data breaches," says Matthias Kess of Befine Solutions AG. As a reminder, the European General Data Protection Regulation (GDPR) has been in force since May 2018; it places greater obligations on companies in this regard.

Back to the "sloppy" use of passwords. There is a wide range of alternative authentication methods on the market: asymmetric cryptography, passwordless biometrics such as fingerprints or facial recognition, blockchain and other possibilities more.

More router-based attacks 

The router is seen as a gateway for all connected devices. "Companies that have many networked devices in use are particularly at risk from the increased use of router-based attacks," warns security provider Avast. "Cybercriminals in this framework infect a device and then launch a variety of communication commands to a command and control server, but without taking any immediate action." Once the devices have been infected, the malware programs can eavesdrop on network traffic, make digital fingerprints of the network and any connected devices, and allow the command & control server to send new payloads or instructions to the device, the cybersecurity vendor alerts.

Beware of data exfiltration

The private sector, the public sector and other institutions collect immense amounts of data. This remains a lucrative business for cybercriminals. Attackers will increasingly find creative ways to exfiltrate data (also called data extrusion) in the coming twelve months. Such data transfer can be done manually by someone who has physical access to the computer. However, the data transfer can also be automated by malware accessing the computer over the network. To prevent data theft, administrators should define strict controls for IT access, both in terms of physical and digital security. Once cybercriminals have successfully struck, they will demand a ransom for their destruction. Or they may blackmail the company and threaten to publicize that they have succeeded in the data coup. This can result in major damage to the company's image.

The trend cloud

Data in any form will continue to be moved to the cloud more than ever in the future - but this is associated with additional security risks (cf. also 7 tips for a safe step into the cloud). CyberArk points out that cloud users often fail to realize that cloud security is a shared responsibility: the provider is responsible for the infrastructure, including areas such as computing power, network and storage, and for sealing off the customer's environment. The cloud customer, on the other hand, is basically responsible for protecting all elements "above" the hypervisor, i.e. for the operating system, applications, data or access to external resources; and also for the central access data for managing the cloud resources. The outsourcing company must therefore ensure the secure use of cloud services, especially with regard to securing the privileged access data of IT administrators, applications and configuration files.

Securing the supply chain

Industry 4.0 means that a wide variety of companies are becoming increasingly interconnected. This harbors dangers. When securing the supply chain, two aspects in particular must be taken into account, emphasizes CyberArk: on the one hand, the protection of internal company systems, and on the other hand, the securing of networking and communication points, for example with strict authentication procedures and encrypted data communication. Securing and monitoring privileged user accounts and access data, as well as preventing unauthorized access, play a crucial role in this regard. This applies not only to IT administrators but also to privileged business users.

Attackers also use artificial intelligence

The topic of artificial intelligence (AI) - and machine learning technology linked to it - will come into sharper focus. Machine-learning algorithms can free IT security managers from repetitive tasks, especially the scanning of suspicious files. As a result, the technology will help identify threats more efficiently in the future, Eset says. However, AI technology is also being used by the other side, warns Udo Schneider of Trend Micro. For example, cybercriminals would use AI to better predict executive movement patterns. This will lead to more credible targeted phishing messages, which can be critical to business email compromise (BEC) attacks, he said. In addition, it is likely that BEC attacks will increasingly target employees who communicate directly with top-level executives, leading to further severe damage worldwide, Schneider believes.

A quick test helps

 "As we move into 2019, companies need to understand the impact that the increased use of the cloud, the merging of IT and OT (communication of networked machines), and the increasingly widespread ability to work from outside the office will have on security," emphasizes Udo Schneider.

It is not uncommon for cybersecurity to leave much to be desired, especially in SMEs. Thanks to a report published a few weeks ago Cybersecurity Quick Test IT or company managers can therefore quickly assess whether their technical, organizational and employee-related measures to protect against cyber risks are sufficient.