Magecart Strikes Again
Ticketmaster, British Airways, and Newegg have all been compromised. Who’s next? Read our research to see how we discovered the breaches.
IDG Connect: 2017 State of Enterprise Digital Defense Report
Findings quantify the security management gap and business impact of external web, social, and mobile threats.
Get the Research Report
RiskIQ Digital Threat Management Platform Datasheet
Learn about our platform and products.
Read the Datasheet
Frost & Sullivan: The Digital Threat Management Platform Advantage
The material benefits of a platform-based approach to security outside the firewall.
Read the Report
Rackspace Accelerates External Digital Threat Investigation with RiskIQ PassiveTotal
Download Case Study
EMA Radar™ Q4 2017 Report
RiskIQ ranked a technology and value leader in digital threat intelligence management.
Get the Analyst Report
November 29, 2018, Team RiskIQ
From more federal indictments to adversarial machine learning to serverless computing, the RiskIQ team looked ahead and forecasted what we think will be the most important trends in cybercrime and cybersecurity in 2019. These are our predictions.
Hackers will continue to capitalize on the weakening of the corporate perimeter caused by customer and partner interactions moving online. An organization’s attack surface—everything it needs to worry about defending—begins inside the corporate network and extends all the way to the outer reaches of the internet. As a result, hackers are becoming increasingly sophisticated at collecting external data about their targets, and are using it to discover and exploit assets online that security teams are unaware of, or lack the resources to protect.
I’m expecting to see the same frequency of breaches occur across the market with a slight twist: organizations who are adopting new technologies such as containers and serverless computing will run into problems preserving the necessary information to make an incident response successful. Without key data traversing the network such as the location, time, browser, and domain attributes of a threat, analysts cannot hone in on the crucial information needed to confirm or dismiss the incident. Malicious actors will be able to use this to their advantage to hide in plain sight and cause more destruction.
The ‘attribution game,’ with governments now confirming private industry research and outing state-sponsored operations from other countries with indictments is only going to expand. Espionage operations have always been treated very publicly over the years, but recent indictments of Russian, Chinese, and Iranian actors have brought it to the next level. With heightened tension in Eastern Europe and Asia, expect state-sponsored attacks to increase in intensity and governments to become more aggressive in their response.
Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. The good guys’ machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches, which use models that can learn incrementally from data scientists providing frequent feedback. The world changes all the time, and it’s important that your model changes with it. If you need your model to keep up with current trends, selecting an instance-based model or a model that can learn incrementally is critical. Just as providing frequent feedback helps an employee learn and grow, your model needs the same kind of feedback.
Adversaries will continue to evolve their tactics to steal personally identifiable information (PII) from individuals and intellectual property (IP) from organizations. During the last 12 months, we’ve seen compromised java scripts skimming credit card data from payment forms. During 2019 we expect the depth and breadth of this approach to expand to target PII and IP data as well.
I’m expecting new variants in web skimming attacks, especially as we observe the different Magecart actors staying active longer and becoming broader and more expansive. While payment data is currently in focus, because web skimming can skim any information entered into a website, Magecart groups will expand to skimming more than just credit card data to login credentials and other sensitive information.
The investments in securing corporate infrastructure have not worked, and companies will continue to be overwhelmed by the scale and tenacity of modern digital threats originating outside the firewall. As these organizations struggle to manage their digital presence, adversaries will grow more sophisticated and leverage data stolen from breaches in precise, finely-targeted attacks. They will also leverage machine-learning and artificial intelligence to drive high-powered attacks against businesses and to penetrate critical infrastructure.
In today’s world of digital engagement, users sit outside the perimeter along with an increasing number of exposed corporate digital assets—and the majority of the malicious actors. As such, companies need to adopt security strategies that encompass this change. With proper investment in a Digital Risk Management strategy—one that provides the tools that help you discover your entire attack surface, and alerts your security team as threats materialize in the wild and provide the proper workflow and relevant data for quick and decisive incident response.
Learn more about how RiskIQ can help prep your security team for 2019 and beyond.