The year 2018 witnessed a massive escalation in cyber-crimes arising out of sophisticated threats and a constant evolution of malicious attacks taking advantage of lax security measures and unpatched vulnerabilities. These include discovery of security loopholes in billions of microchips, ransomware attacks entailing system lockdowns and data pilferage. Some top trends being incorporated by attackers that should be looked out for in 2019 are discussed.
- ARTIFICIAL INTELLIGENCE (AI) BASED EXPLOITATION
AI has been successfully integrated into the audio/visual realm to generate custom media. This tech has also been used to generate fake audio/visual messages that are incredibly hard to distinguish from the genuine ones. Taking cue from this AI base novelty, cyber attacks have been able to create fake video messages, that appear genuine, for launching phishing attacks which entice users into revealing personal credentials. Phishing emails are strengthened by integration of such fake media which seems legitimate to most users. These are termed as deep fakes. An example could be a fake video message by a company CEO generated to spread exploitative agenda to manipulate stock prices.
The consequences are extremely dire, but fortunately initiatives have been taken by professionals to detect deep fakes. Since the tech is still in infancy and it’s not clear how sophisticated malicious actors have become, this is a lingering, potent threat towards which users should be sensitized.
- GENERATIVE ADVERSARIAL NETWORK (GAN)
Security experts continue to embrace AI based platforms to preempt and detect attacks. On the flip side, the same technology can be used for launching lethal attacks catching networks unawares. GANs pit two neural networks against each other and in the process, algorithms being used by defenders in their AI models can be unmasked. Data sets can also be targeted to train models; such as re-marking labels in malicious code terming it safe.
- BLOCKCHAIN VULNERABILITIES
Entrepreneurs have been vying to integrate a wide spectrum of digital transactions, from financial to intellectual-property protection, into blockchains. From a technical standpoint, this is achieved by smart contracts which are software programs stored on a blockchain that processes a digital asset automatically if encoded conditions are met.
- HACKING THROUGH QUANTUM COMPUTING
Quantum computing is expected to usher in a new era of power computing that should exponentially elevate processing power, a core requirement for encryption cracking operations. Quantum attacks could very well be the next crippling method used by hackers to break into encrypted systems from financial institutions to large databases storages. It is pertinent to develop matching encryption algorithms to maintain credible defense against such attacks.
- CLOUD COMPUTING BASED ATTACKS
Cloud systems are responsible for maintaining servers hosting companies’ data or manage organizations’ IT systems remotely, over the internet. Hackers simply need to break into these systems to access the goldmine of diverse data-sets which can be used for nefarious purposes. Big cloud hosts can afford to employ expensive security solutions, but smaller ones rely on cheaper alternatives and remain vulnerable.
Businesses managing remote monitoring of IT for hosts via cloud are especially critical, as they hold the keys to an organization’s operations, and if compromised gives direct access to attackers to endpoints. This is called cloudhopping, an attack based on data-center malware, and is much more lucrative for attackers then desktop malware.