Malware-as-a-service families to strengthen, predicts the McAfee Labs 2019 Threats Predictions Report. As a result, corporate data, home IoT devices and brand reputations will be under siege, with cybercriminals largely using social media, the cloud and mobile phones as increasingly prominent attack vectors, the IT security product firm says.
Raj Samani, chief scientist at McAfee, pictured, said: “In 2018, we witnessed even greater collaboration among cybercriminals through underground alliances. This collaborative mentality has allowed for efficiencies in underground technologies and tactics, and the evolution of bad actors into some of the most organised and agile adversaries in the world. However, while we expect the underground market collaboration to continue, the year 2019 will also see cybersecurity alliances of defenders continuing to mature and further fortify defences.”
The report reflects the opinions of McAfee Labs, McAfee Advanced Threat Research, and members of McAfee’s Office of the CTO. It examines trends in cybercrime and the evolution of IT, and anticipates what the future may hold.
It suggests that cybercriminals are quickly fortifying the malware-as-a-service market by aligning to sell modular attack components. These one-stop shops make it easier for criminals of all experience and skills to execute attacks. This market consolidation will continue in 2019 and cybercriminal enterprises are expected to flourish as established cyber gangs partner with other top-level services such as money laundering, evasion techniques, and vulnerability exploits. An increase is expected in mobile malware, botnets, banking fraud, ransomware, and attempts to bypass two-factor authentication.
As security gets stronger, bad actors need to be inventive. With artificial intelligence, cybercriminals will have the ability to automate target selection, scan for target network vulnerabilities, and assess the posture and responsiveness of infected environments to avoid detection before deploying later stages of attacks. Bots used to amplify deceitful messaging have already been created and are available for sale on the cybercriminal underground. Following in the footsteps of recent infamous nation-state campaigns to sway public opinion, cybercriminals will likely repurpose bots and leverage social media to extort by threatening brands.
Bad actors are expected to evolve their usual strategy centred on the use of a single threat, in favour of combining several attack types to bypass defenses. For example, by combining phishing, steganography and fileless malware for an attack with multiple goals. These synergistic threats will work together, blurring traditional defences and complicating the process to identify and mitigate the attack.
McAfee foresees a significant increase in targeted attacks on the large amounts of corporate data now residing in the cloud. As much as 21pc of the content now managed in the cloud contains sensitive materials such as intellectual property, customer and personal data. Possible scenarios include cloud-native attacks targeting weak APIs or ungoverned API endpoints, expanded reconnaissance and exfiltration of data in cloud databases, and use of the cloud as a springboard for cloud-native man-in-the-middle attacks to launch cryptojacking or ransomware attacks.
New mobile malware will likely investigate smartphones, tablets, and routers to gain access to the digital assistants and home IoT devices they control. Once infected, these devices can serve as a picklock to consumer homes while supplying botnets, which can launch DDoS attacks or grant cybercriminal access to personal data and the opportunity for other malicious activities such as opening doors and connecting to control servers.
In 2019, large-scale social media platforms will take extra measures to protect customer information. However, as the platforms grow in numbers, cyber-criminals will be further enticed to focus their resources on attacking the data-rich sites. High-impact attacks, such as those targeting industrial control systems, have seen success in part due to static password use. Social media and other identity platform and edge device breaches will provide the keys to adversaries to launch similar attacks.
