Looking Ahead: RiskIQ’s 2019 Cybersecurity Predictions

From more federal indictments to adversarial machine learning to serverless computing, the RiskIQ team looked ahead and forecasted what we think will be the most important trends in cybercrime and cybersecurity in 2019. These are our predictions.

Lou Manousos, CEO: Attackers will continue to discover and target organizations’ blind spots outside the firewall

Hackers will continue to capitalize on the weakening of the corporate perimeter caused by customer and partner interactions moving online. An organization’s attack surface—everything it needs to worry about defending—begins inside the corporate network and extends all the way to the outer reaches of the internet. As a result, hackers are becoming increasingly sophisticated at collecting external data about their targets, and are using it to discover and exploit assets online that security teams are unaware of, or lack the resources to protect.

For example, attackers will continue to modifying third-party code employed in a digital asset—shopping cart software or data collection tools, for instance. It is relatively easy to change code to redirect traffic, download files and programs onto a visitor’s computing device, or intercept payment data on an e-commerce site. In the widely publicized hack of British Airways, Magecart operatives modified a small snippet of javascript to steal the credit card information of as many as 380,000 customers. This type of activity will only continue through 2019 and get even more sophisticated.

Brandon Dixon, VP Product: New trends will introduce more places for threat actors to hide

I’m expecting to see the same frequency of breaches occur across the market with a slight twist: organizations who are adopting new technologies such as containers and serverless computing will run into problems preserving the necessary information to make an incident response successful. Without key data traversing the network such as the location, time, browser, and domain attributes of a threat, analysts cannot hone in on the crucial information needed to confirm or dismiss the incident. Malicious actors will be able to use this to their advantage to hide in plain sight and cause more destruction.

Yonathan Klijnsma, Head Threat Researcher: Governments will continue to call out state-sponsored hacking

The ‘attribution game,’ with governments now confirming private industry research and outing state-sponsored operations from other countries with indictments is only going to expand. Espionage operations have always been treated very publicly over the years, but recent indictments of Russian, Chinese, and Iranian actors have brought it to the next level. With heightened tension in Eastern Europe and Asia, expect state-sponsored attacks to increase in intensity and governments to become more aggressive in their response.

Adam Hunt, CTO: Threat actors will be using machine learning, so businesses need to be continuously improving theirs

Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. The good guys’ machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches, which use models that can learn incrementally from data scientists providing frequent feedback. The world changes all the time, and it’s important that your model changes with it. If you need your model to keep up with current trends, selecting an instance-based model or a model that can learn incrementally is critical. Just as providing frequent feedback helps an employee learn and grow, your model needs the same kind of feedback.

Fabian Libeau, VP, EMEA: PII will be a primary target for threat actors

Adversaries will continue to evolve their tactics to steal personally identifiable information (PII) from individuals and intellectual property (IP) from organizations. During the last 12 months, we’ve seen compromised java scripts skimming credit card data from payment forms. During 2019 we expect the depth and breadth of this approach to expand to target PII and IP data as well.

Yonathan Klijnsma, Head Threat Researcher: More Magecart but with a different goal

I’m expecting new variants in web skimming attacks, especially as we observe the different Magecart actors staying active longer and becoming broader and more expansive. While payment data is currently in focus, because web skimming can skim any information entered into a website, Magecart groups will expand to skimming more than just credit card data to login credentials and other sensitive information.

Dan Schoenbaum, President & COO: Those who ignore their internet-facing attack surface will continue to falter

The investments in securing corporate infrastructure have not worked, and companies will continue to be overwhelmed by the scale and tenacity of modern digital threats originating outside the firewall. As these organizations struggle to manage their digital presence, adversaries will grow more sophisticated and leverage data stolen from breaches in precise, finely-targeted attacks. They will also leverage machine-learning and artificial intelligence to drive high-powered attacks against businesses and to penetrate critical infrastructure.

Prepare for 2019

In today’s world of digital engagement, users sit outside the perimeter along with an increasing number of exposed corporate digital assets—and the majority of the malicious actors. As such, companies need to adopt security strategies that encompass this change. With proper investment in a Digital Risk Management strategy—one that provides the tools that help you discover your entire attack surface, and alerts your security team as threats materialize in the wild and provide the proper workflow and relevant data for quick and decisive incident response.

Learn more about how RiskIQ can help prep your security team for 2019 and beyond.