Technology Reseller - v17 2019

37 PREDICTIONS technolog y reseller.co.uk 1 Vaporworms or Fileless malware worms will emerge. Fileless malware strains will exhibit wormlike properties in 2019, allowing them to self-propagate by exploiting software vulnerabilities. Fileless malware is more difficult for traditional endpoint detection to identify and block because it runs entirely in memory, without ever dropping a file onto the infected system. Combine that trend with the number of systems running unpatched software vulnerable to certain exploits and 2019 will be the year of the vaporworm. 2 Attackers hold the Internet hostage. A hacktivist collective or nation state will launch a coordinated attack against the infrastructure of the internet in 2019. The protocol that controls the internet (BGP) operates largely on the honour system, and a 2016 DDoS attack against hosting provider Dyn showed that a single attack against a hosting provider or registrar could take down major websites. The bottom line is that the internet itself is ripe for the taking by someone with the resources to DDoS multiple critical points underpinning the internet or abuse the underlying protocols themselves. 3 Escalations in State-level cyber- attacks force a UN Cyber Security Treaty. The UN will more forcefully tackle the issue of state-sponsored cyber-attacks by enacting a multinational Cyber Security Treaty in 2019. 4 AI-Driven chatbots go rogue. In 2019, cyber criminals and black hat hackers will create malicious chatbots on legitimate sites to socially engineer unknowing victims into clicking malicious links, downloading files containing malware or sharing private information. 5 A major biometric hack will be the beginning of the end for single-factor authentication. As biometric logins like Apple’s FaceID become more common, hackers will take advantage of the false sense of security they encourage and crack a biometric-only login method at scale to pull off a major attack. As a result, 2019 will see strong growth in the use of multi-factor authentication (MFA) for added protection among groups with more security knowledge, particularly push- based authentication and MFA for Cloud application defence. 6 A nation-state to take ’Fire Sale’ attacks from fiction to reality. In the Die Hard movie series, a ‘fire sale’ was a fictional three-pronged cyber-attack, targeting a city or state’s transportation operations, financial systems and public utilities and communication infrastructure. The fear and confusion caused by such an attack allowed the terrorists to siphon off huge sums of money undetected. Modern cyber security incidents suggest that nation states and terrorists have developed these capabilities, so 2019 may be the first year one of these multi-pronged attacks is launched to cover up a hidden operation. 7 Hackers to cause real-world blackouts as targeted ransomware focuses on utilities and industrial control systems. Targeted ransomware campaigns will cause chaos in 2019 by targeting industrial control systems and public utilities for larger payoffs. The average payment demand will increase by over 6,500%, from an average of $300 per attack to $20,000. These assaults will result in real-world consequences like city-wide blackouts and the loss of access to public utilities. https://www.watchguard.com/ 2019Predictions The year of the vaporworm By the WatchGuard Threat Lab research team It’s all about AI 1 AI – the next phase Next year will likely see the start of a five-year phase that will see AI become more integral to business operations. In business, AI will be used to automate processes, increase security and customer service. In industry, advanced AI techniques applied to robots will help to produce more goods at a faster rate. In communications, AI will enable higher quality of service (audio/video) and omnipresence. We will see more AI in the transportation sector: cars will have more sensors and, in the long-term, a certain level of autonomy (self-driving cars). However, AI will not be without its challenges. We still don’t understand how the human brain processes information and how we make ‘conscious’ decisions. On the other hand, Artificial General Intelligence (AGI) doesn’t have to be a copy, a replica of the human brain. The plane is not a copy of the bird, but it flies higher, faster, it is bigger and serves a human purpose viz. to travel long distances. Similarly, when thinking about AI we have to be inspired by the biological principles involved and not by the true replication purpose. Dr Antonio Espingardeiro, Robotics expert, IEEE 2 AI – the new email It’s very clear that AI is having a profound impact on the world today. However, we’re still very much within the ‘hype cycle’. The c-suite knows it’s relevant, but they’re still to make AI a strategic priority and, instead, are adopting it cautiously, on a case-by-case basis, mainly for chatbots, cognitive servicing and doing complex calculations at extreme scale. For now, people are more likely to engage with the results of AI (and become comfortable with AI tools) in their personal rather than their professional lives. In this way, it’s very similar to how email grew in popularity as a consumer tool first and only later as the main communication platform for business. In three to five years’ time, we’ll start to see AI taking over business models and being incorporated into organisations’ overarching business strategies. But this will only come once the general public has accepted the technology, for example in customer service chatbots or consumer products like Google Home.  Steven Noels, CTO and co-founder of customer data platform company NGDATA 3 AI – the big threat This year will see the first AI-orchestrated attack take down a FTSE100 company. Using a new breed of AI- powered malware, hackers will infect an organisation’s system and sit undetected gathering information about user behaviours and an organisation’s systems. Adapting to its surroundings, the malware will unleash a series of bespoke, targeted attacks to take down a company from the inside out. The sophistication of such attacks will be unlike anything seen before and organisations must prepare for them by embracing AI technology to fight fire with fire. Jason Hart, CTO, Data Protection at Gemalto