When it comes to realistic predictions for the year ahead, my philosophy is simple: there are certain trends that research shows will continue to move upward. With that said, in 2019, I believe we are going to see:
1. More Attacks With the Eventual Goal of Cryptocurrency Mining
We saw a huge uptick in this at the end of last year that continued throughout 2018. Cryptocurrency mining is the process through which currencies like bitcoin are created. The “mining” process involves racing to perform a series of calculations to solve a cryptographic problem. The person who wins the race is awarded a block of coins, and the more CPU power someone can throw at those calculations, the better their chance at winning. It has become too safe a way for attackers to make money. Although I don’t predict this will skyrocket, I do see it being a continuous point in the threat landscape of which people and businesses alike need to be aware.
2. An Increase in Business Email Compromise Attacks
We have done a lot of research on BEC attacks and observed a steady increase since 2013. In fact, we held a conference this summer for industry and government officials to learn more about them. For those unfamiliar, this is a class of attack where a cybercriminal targets a company or organization, typically small to mid-sized, with a relatively large bank account. The attacker targets the email account of a high-level executive through spear phishing or a malware-related email. Once they have access, they look at the account very closely to learn how this person might transfer money or might be impersonated. The attacker then tricks the victim or the victim’s business partners into transferring tens of thousands of dollars into a bank account. The FBI estimates there has been $12 billion in theft related to this type of attack between 2013 and now. It’s an area that hasn’t achieved the level of awareness it needs, especially in small to mid-sized organizations.
3. More Email-Based Attacks That Use Malicious Macro Code
We first started seeing this in October 2014 in WildFire. Instead of trying to exploit vulnerabilities in people’s software, attackers use malicious macro code in Word or Excel and ask users to click the “enable content button.” When the user does this, it infects the user’s computer with malware. This has been quite effective for attackers, and luckily for them, users have not become more aware. Unless something significant happens, like Microsoft disabling macros by default for everyone, we are going to keep seeing attackers use this because it’s just too easy for them.