Cybercriminals will increase in the effectiveness of proven attack methods, by adding more sophisticated elements to take advantage of the changing technology landscape, according to Trend Micro’s 2019 predictions report that highlights the trends and tactics cybercriminals are most likely to employ in 2019.
“Cybercriminals will continue to follow a winning formula – exploit existing flaws, social engineering and stolen credentials – to drive profits,” said Ian Felipe, Country Manager for Trend Micro Philippines. “As both corporate attacks surface and unknown cyber threats increase, it’s more important than ever for organizations to put more resources behind cybersecurity education to help protect against these growing attacks.”
The report, Mapping the Future: Dealing with Pervasive and Persistent Threats, highlights the growing threats faced by consumers and organizations that are exacerbated by the increasingly connected world.
E-Celeb Accounts Will Be Abused In Watering Hole Attacks
The role of social engineering in successful attacks against businesses and individuals is predicted to increase throughout the year. It is expected that cybercriminals will compromise famous YouTubers and other “online-famous” personalities’ social media accounts, including Instagram and Twitter, by taking over their accounts via targeted phishing attacks. These will shine a light on account security in mainstream media, but not before millions of users following these accounts have been affected by whatever payload the attackers have in store for them.
Filipinos spend an average of 3 hours and 57 minutes a day on social media sites. Among their activities are following celebrities and reading their updates on Facebook, Twitter, and Instagram.
Sextortion Cases Will Rise
Sextortion, or the process forcibly demanding money or sexual favors by threatening to publish a victim’s recorded sexual activity, is a growing epidemic in the Philippines, with the country being seen as one of the crime’s biggest breeding ground. Even if there is no guarantee that a blackmailer will come through, the highly personal nature of this kind of attacks will make the victim seriously consider fulfilling the attacker’s demands, whether that means money or sexual favors. As sextortion, in particular, becomes more widespread, this kind of attacks will affect, and perhaps even claim, more lives in 2019.
Fake News Will Continue To Proliferate
The 2018 Pulse Asia Research shares that 9 out of 10 Filipinos who surf the internet to access their social media accounts are aware of fake news. Despite this awareness, the side of technology that allows fake news propagators to sway public sentiment and present itself as legitimate news has become even more powerful, which leads to governments expressing interest in regulating social media platforms. House Bill 5021 in particular, or the proposed Social Media Regulation Act of 2017, aims for social media accounts to be subjected to utmost identity verification to confirm authenticity. Trend Micro believes that this year, the improvements social media has made to fight fake news will not be enough to keep up with the deluge of cyberpropaganda. This proves to be alarming as the same survey showed that half of Filipinos who use the internet for social media have changed their views on government and politics based on what they see online.
More Cloud-Related Software Vulnerabilities Will Be Discovered
Trend Micro also predicts attackers will leverage on proven technological methods against the growing cloud adoption. According to Cloud Readiness Index 2018, the Philippines is among the countries lagging behind in cloud infrastructure and yet to mature in terms of cloud adoption. It is generally perceived that transitioning to the cloud makes users more prone to security breaches and attacks. Vulnerabilities found in cloud infrastructure, such as containers, and weak cloud security measures will allow greater exploitation of accounts for cryptocurrency mining, leading to more damaging breaches due to misconfigured systems.
Highly Targeted Attacks Will Begin Using AI-Powered Techniques
Attackers will also implement emerging technologies like artificial intelligence (AI) to better anticipate movements of top-level executives. They can use AI to determine when and where corporate executives are expected to be in the future, such as the hotels their companies typically book them in, the restaurants they pick for meetings, and other preferences that can help narrow down their next likely locations. This will lead to more convincing targeted phishing messages, which can be critical to BEC attacks. Additionally, it is likely that BEC attacks will target more employees who report to C-level executives, resulting in continued global losses.
The threat landscape promises a lot of challenges for almost all sectors of the internet-using public in 2019 even as faster internet, for better or worse, looms on the horizon. But the available tools and technologies should empower users and enterprises into positioning themselves more securely in the fight against cybercriminals and other emerging threat actors. A deep understanding of these issues is a step in the right direction.