19 Dec 2019 Could Be the Worst Year Yet for Cyber Breaches
RSAConference | By Bob Ackerman | December 14, 2018
Three months ago, it happened again – a high profile company with sophisticated cybersecurity was breached, compromising the credit card details of 565,000 customers. The victim was British Airways. Hackers managed to work around the airline’s encryption, among other protective measures, and siphoned the data over a two-week period ending in early September.
What set this cyber episode apart was not the sophistication of the culprit, which is increasingly common, but that the attacks occurred during an unusually quiet period for cyber breaches in the second half of 2018. Earlier this month, Marriott International reported the multi-year heist of the personal information of far more customers, but most of that occurred in prior years.
This raises three questions. Why the prolonged lull, was it just temporary and if so, why? All can be answered in one simple sentence: Major cyber attacks typically come in random waves. Past years have also seen quiet periods.
What is important now is that this lull is similarly temporary, and 2019 is likely to be the worst year for cybersecurity yet. Chronically improving malware will be deployed more aggressively on more fronts, including at the highest nation-state level.
Here, sophistication makes a gigantic leap. Russia, which intervened extensively online in the 2016 presidential election campaign in a bid to help elect President Trump, has led the way in employing actions as a means to a larger end. Many other nation-states are likely to follow in its wake.
Take China, whose relations with the U.S. are deteriorating on multiple fronts. China was the country that in 2014 breached the federal Office of Personnel Management (OPM) and stole nearly 22 million government employee records. China is widely believed to have stolen more secret and confidential data from business and governments than any other country.
Covert Chinese espionage has been the main cyber threat to the U.S., but the Chinese could also become overt. Fourteen months ago, for example, the U.S. charged a Chinese national with conspiring with two other Chinese nationals to hack the computer networks of three unnamed U.S. companies. One of the charged Chinese – Yu Pingan – was accused of using malicious code connected to the attack on OPM.
Nation-state cyber threats, of course, will hardly be the only major challenge in the U.S. in 2019. There will also be a rebound in the use of ransomware, acceleration of the weaponization of data, and most likely an increase in cyber attacks on satellites.
Here is some detail on the biggest looming threats:
- A resurgence in ransomware. The introduction of ransomware made its debut as serious malware following the global WannaCry ransomware attack in 2017. According to the FBI, total ransomware payments in the U.S. last year exceeded $1 billion. There were few high-profile ransomware victims in recent months, but the problem is expected to resurface in 2019. Ransomware, like nation-state attacks, comes in waves, and the next one is due.
- Acceleration of data weaponization. This already huge problem is certain to worsen. Plagued by compromised privacy, tens of millions of web users have begun to seriously question the net benefit of the internet.
One good example is Facebook — not long ago it was a highly respected giant of social media and now it’s a pariah in some quarters. Facebook has often said that it uses personal data and “private” correspondence to generate billions of dollars in profits annually. Users willingly “like” interests and brands, volunteering personal information — and hence provide a gold mine for advertisers.
Worse, Facebook this year tried to manipulate user moods through an “emotional contagion” experiment. This pitted users against their peers to influence their emotions. In short, this was an example of the weaponization of data.
- More cyber attacks on satellites. In June, Symantec reported that an unnamed group had successfully targeted the satellite communications of Southeast Asia telecom companies involved in geospatial mapping and imaging. Symantec also reported attacks originating in China last year on a defense contractor’s satellite.
Separately, at the annual Black Hat information security conference in Las Vegas this year we learned that the satellite communications used by ships, planes and the military to connect to the internet are vulnerable to hackers. In the worst-case scenario, the research said, hackers could carry out “cyber-physical attacks” attacks with the ability to turn satellite antennas into weapons that essentially operate like microwave ovens.
- Attacks on cities with crimeware-as-a-service, a new component of the underground economy. Adversaries will leverage new tools that among other things attack data integrity, disabling computers to the point of requiring mandatory hardware replacements. Many culprits will likely be terrorist-related groups.
- Increased subversion of software development processes and attacks on software update supply chains. Malware has already been detected in select open source software development libraries. And attacks on software update supply chains violate vendor update packages. When customers download and install updates, they wind up introducing malware into their system. In 2017, there was an average of one attack every month, according to Symantec. By comparison, there were virtually none in 2016. The 2017 trend continued this year and will become worse in 2019.
Are there any silver linings in the cyber outlook for 2019?
Fortunately, there are. One is the growing contention that multi-factor authentication will become the standard for all online businesses next year. This means password-only access will become an anomaly. Also, some states are likely to improve cybersecurity laws. California has already passed some tougher standards, effective in 2020.
Predictably, these developments will not be nearly enough to turn the tide in the worrisome cyber outlook for 2019. Nonetheless, they are heartening because they could avert some breaches.