December 11, 2018
Trend Micro today released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape.
The report, Mapping the Future: Dealing with Pervasive and Persistent Threats, highlights the growing threats faced by consumers and organizations that are exacerbated by the increasingly connected world.
“As we head into 2019, organizations must understand the security implications of greater cloud adoption, converging IT and OT, and increasing remote working,” said Greg Young, vice president of cybersecurity for Trend Micro.
“Cybercriminals will continue to follow a winning formula — exploiting existing flaws, social engineering and stolen credentials — to drive profits. As both the corporate attack surface and unknown cyber threats increase, it’s more important than ever for organizations to put more resources behind employee education to help protect against these growing attacks.”
The role of social engineering in successful attacks against businesses and individuals will continue to increase throughout the year.
Since 2015, the number of phishing URLs blocked by Trend Micro has increased by nearly 3,800%. This offsets the lessening reliance on exploit kits, which has decreased by 98% in the same time. Additionally, attackers will continue to rely on known vulnerabilities that remain unpatched in corporate networks for 99.99% of exploits, as this remains a successful tactic.
Trend Micro also predicts attackers will leverage these proven methods against growing cloud adoption. More vulnerabilities will be found in cloud infrastructure, such as containers, and weak cloud security measures will allow greater exploitation of accounts for cryptocurrency mining.
This will lead to more damaging breaches due to misconfigured systems, the firm said.
“Attackers will also implement emerging technologies like AI to better anticipate the movements of executives. This will lead to more convincing targeted phishing messages, which can be critical to BEC attacks. Additionally, it is likely that BEC attacks will target more employees who report to C-level executives, resulting in continued global losses.
“SIM swapping and SIM-jacking will be a growing threat to take advantage of remote employees and everyday users. This attack method allows criminals to hijack a cell phone without the user’s knowledge, making it difficult for consumers to regain control of their devices. Additionally, the smart home will be an increasingly attractive target for attacks that leverage home routers and connected devices.”