AI-assisted imposters, IoT and crypto-jacking: cyber security in 2019

AI-assisted imposters, IoT and crypto-jacking: cyber security in 2019

With the cyber security industrial complex in full swing for 2019, Computerworld wonders what horrors this dystopian hell world will spew forth next

Credit: Photo 44744660 © Weerapat Kiatdumrong -

With the cyber security industrial complex in full swing and good business for all the major players, from governments and state sponsored groups, to criminal attackers and the vendors as well as their shareholders, we wonder what horrors this dystopian hell world will spew forth next.

It was arguably 2017's devastating WannaCry and NotPetya ransomware variants that brought cyber security into mainstream focus, taking it from the idea of banking scams and into the realm of hobbling hospitals and businesses that depended on critical systems with real-world physical consequences.

Then 2018, just as GDPR came into effect, brought with it data breach after data breach, affecting millions of customers across industries, including customers of household names like Reddit, Facebook, Uber, British Airways and the Marriott hotel chain.

But it won't be just consumers that pay the price of these incidents. When GDPR was implemented in May this year, the regulation meant companies that were found to have allowed a breach due to malpractice would face hefty fines.

State-sponsored breaches or attacks continued throughout the year, and it will be intriguing to see where these 'advanced persistent threat' groups head next - perhaps further underground, according to some commentators.

And while the majority of attackers are still going for the low-hanging fruit, there are methods of attack that are becoming increasingly more sophisticated.

Here's what 2019 might hold in cyber security.

Better, smarter IoT botnets

The first truly global case of a powerful Internet of Things (IoT) botnet was Mirai in 2016. It was achieved with a few lines of quite simple code, but was so effective because it targeted objects like IP cameras that were connected to the internet but rarely secured or updated, and managed to bring down a decent chunk of the internet.

The internet providers and DNS companies have buffeted their defences since Mirai, but the IoT market - which could reach $6.5 trillion by 2024 - is only going to increase dramatically.

Some manufacturers may have sharpened up their products to be updatable but certainly not all will have, especially when these things become interwoven into the fabric of everyday life.

Malwarebytes' lead malware analyst Chris Boyd notes that in 2018 several thousand MikroTik routers were compromised to quietly be transformed into crypto coin miners.

"This is only the beginning of what we will likely see in the new year, with more and more hardware devices being compromised to serve up everything from coin miners to malware," he says.

"Large-scale compromises of routers and IoT devices are going to take place and they are a lot harder to patch than computers. Even just patching does not fix the problem if the device is infected."

Kaspersky adds that IoT botnets will keep growing at an "unstoppable" pace, in what is becoming a recurring warning that shouldn't be underestimated.

Mike O'Malley, VP for carrier strategy and business development at Radware, adds that hackers will attempt to turn IoT devices into a 'swarm' network of self-sufficient bots that can make semi-autonomous decisions, pool their collective intelligence together to solve problems, or "opportunistically and simultaneously target vulnerable points in a network".

"'Hivenets' take this a step further and are self-learning clusters of compromised devices that simultaneously identify and tackle different attack vectors," he adds.

"The devices in the hive can talk to each other and can use swarm intelligence to act together, and recruit and train new members to the hive."

A 'hivenet' that can identify and compromise more devices would be able to grow "exponentially" and "thereby widen its ability to simultaneously attack multiple victims".

"This is especially dangerous as we roll out 5G," he adds, "as hivenets could take advantage of the improved latency and become even more effective."

According to VP of IoT at Sectigo, Damon Kachur, it's important to consider the role of digital certificates.

"From an end user perspective, the slow uptake of security in IoT devices has prompted governments to regulate," Kachur says.

"Nations and more US states will follow California's lead and enact legislation requiring security for IoT networks. This is particularly important for healthcare, transportation, energy, and manufacturing sectors, which face the highest risk.

"The legislation stops short of prescribing strong forms of authentication, but thankfully consortium groups such as the Open Connectivity Foundation and AeroMACS have championed the use of strong certificate-based authentication in their best practice standards for IoT.

"The attack vectors and threat actors to the IoT are constantly evolving, warranting best practice device provisioning and the ability to quickly and proactively manage current cryptographic algorithms with those that will supersede them in the future.

"This will be vital within the lifespan of the devices being deployed to customers."

Attacks on critical national infrastructure

A recent parliamentary committee warned that critical national infrastructure is at risk from cyber attackers. The National Cyber Security Centre also recently warned that states hostile to Britain would likely target the infrastructure of Britain.

While high profile real-world examples of these sorts of attacks have been relatively scarce (especially in Britain - with only WannaCry and NotPetya coming close to date) some experts are warning that 2019 could see intra-state rivalries become more realised in the cyber realm.

Even taking hostile states out of the equation, attackers motivated by money might see weakness in the country's current approach to critical national infrastructure and hit it for financial reasons before it's fixed.

James Wickes, CEO and cofounder of Cloudview, said that attacks on infrastructure could also be linked to the increase in internet-connected devices.

"Many of these devices are poorly secured, posing serious risks to individuals, businesses, utilities, and ultimately national security," Wickes says.

"Experts have already identified that new smart energy meters, which the government wants installed in millions of homes, will leave householders vulnerable to cyber attacks.

"Cyber criminals could artificially inflate meter readings, making bills higher, but ultimately this could lead to a catastrophic attack on our electricity grid.

"The National Grid was put on alert in March 2018 by officials from the NCSC amid fears of a Russian cyber attack, and given advice on how to boost its defences to prevent power cuts."

Former DHS Under Secretary and Nozomi Networks adviser Suzanne Spaulding adds that the electric grid in America has a "fair amount of physical redundancy" to back cyber controls, but as virtual infrastructure becomes embraced, those physical redundancies are abandoned, which would make it easier for an attacker to have "cascading impacts that can cause real damage".

"With fewer physical controls in place it will be harder to regain control of systems, minimise damage, and stop an attack from progressing," she adds.

"Given the benefits of the networked world the move to digitalisation isn't going to slow down. It's important we realistically asses our dependence upon cyber and the potential consequences of a disruptive attack.

"Maintaining physical backups or other redundancies, changing operational processes, and even keeping less data can reduce the impact of a successful attack."


If 2017 saw the Tulip-mania style boom and bust of crypto currencies, 2018 saw a significant uptick in crypto-jacking, the process of taking control of a device or network of devices to use the additional compute for crypto mining.

Webroot went as far as to claim in its mid-year threat report that crypto-jacking accounted for as much as 35 percent of all threats - and that its customers attempted to visit websites running crypto-jacking scripts three percent of the time.

The most popular crypto mining domain was for 31 per cent of traffic while accounted for 38 per cent of traffic. Check Point, meanwhile, said that the global impact of crypto miners had doubled in the first half of 2018.

Read more on the next page...


Show Comments