5 CONSUMERS Trend Micro Security Predictions for 2019

By : |December 14, 2018 0
Trend Micro Cyber Security Predictions: Social Engineering via Phishing Will Replace Exploit Kits as Attack Vector

The year 2018 witnessed many cyber attacks, in 2019 and beyond, the trend is expected to grow. The advances in technology bring intelligence to fight against such crime, however, it also leverages cybercriminals. The upcoming year will have several security issues and here Trend Micro explained 5 consumers security predictions for 2019.

Social Engineering via Phishing Will Replace Exploit Kits as Attack Vector

Cases of phishing will markedly increase in 2019. Phishing attacks — where an attacker pretends to be a reputable person or entity so they can lure someone into disclosing sensitive information — have been around for a long time. But through the years threat actors have been finding ways to minimize user interaction in their conduct of cybercrime. Exploit kits, for example, gained popularity because they could automatically determine the relevant exploit to use on a target based on the victim’s software versions.

However, in recent years, the state of quasi-monoculture — large communities of devices all running more or less the same software and operating systems (OSs) — has been breaking down. Five years ago, Windows was king, but now no single OS holds more than half of the market.

___________________________________________________________________________________________________________

Cybercriminals have to make a choice: spend hours on exploits or campaigns that work only on a small chunk of the computing population and that software vendors can curb with a patch, or go back to the classic technique for which there had never been a reliable, lasting solution — social engineering.

We will continue to see a decrease in exploit kit activity, something we have noted in our exploit kit activity data.

2019 Security Predictions - 1

Figure 1. Exploit kit activity blocked decreased over the years, based on data from the Trend MicroTM Smart Protection NetworkTM infrastructure as of Q3 2018.

Phishing attacks are picking up, based on our data feeds, and this rising trajectory will continue in 2019.

2019 Security Predictions - 2

Figure 2. Phishing-related URLs blocked increased over the years, based on data from the Trend Micro Smart Protection Network infrastructure as of Q3 2018.

We will see phishing attempts not only in email but also in SMS and messaging accounts. Cybercriminals will target the usual online banking credentials, but they will also go after accounts used for cloud storage and other cloud services. We will also see completely new types of attacks like SIM-jacking, which relies quite heavily on social engineering. In SIM-jacking, criminals impersonate a target and convince a phone carrier’s tech support staff to port a “lost” SIM card to one they already own, effectively taking control of a target’s online presence, which is often associated with one’s mobile phone number.

In terms of socially engineered content, we foresee cybercriminals using real-world sporting or political events like the 2019 Rugby World Cup in Japan, the 2020 Summer Olympics in Tokyo, and the upcoming elections in different countries. Cybercriminals, for example, will create fake sites purporting to sell advance event tickets, deploy fake ads for free or discounted items, or send relevant election- or sport-related content that carry malicious links.

Chatbots Will Be Abused

Online communication has expanded beyond email messaging. As more tech-savvy and always-online youth use the internet, messaging apps have become a socially accepted channel between individuals or between an individual and a company rendering some form of online customer service or support. This new norm, combined with the preference for social engineering discussed earlier, will open new opportunities for cybercriminals.

We predict that attacks abusing chatbots will become rampant in 2019. In the same way that telephone attacks evolved to take advantage of prerecorded messages and interactive voice response (IVR) systems, attackers will design chatbots that can hold an initial conversation with a target to create a convincing pretext for eventually sending over a phishing link or obtaining personal information. Attackers will explore a wide range of possible payloads, including manipulation of orders, installation of a remote access trojan (RAT) in the target’s computer, or even extortion.

E-Celeb Accounts Will Be Abused in Watering Hole Attacks

Still, in line with the trend toward craftier social engineering tactics, cybercriminals will compromise famous YouTubers and other “online-famous” personalities’ social media accounts. Cybercriminals will look for accounts that have several million followers and will work on taking over these accounts via targeted phishing attacks and the like. These attacks will shine a light on account security in mainstream media, but not before millions of users following these accounts have been affected by whatever payload the attackers have in store for them. The followers’ computers may be infected by infostealers or made to join campaigns for distributed denial of service (DDoS) or cryptocurrency mining. They may even have their accounts turned into troll ones.

Actual Mass Real-World Use of Breached Credentials Will Be Seen

A recent report by Ponemon Institute and Akamai highlighted that credential stuffing — the automated injection of stolen username and password combinations from a single breach into several other popular websites — is becoming more and more severe.4Because of the volume of data breaches in the past years and the likelihood that cybercriminals will find a lot of users recycling passwords across several websites, we believe that we will see a surge in fraudulent transactions using credentials obtained by cybercriminals from data breaches.

Cybercriminals will use breached credentials to acquire real-world advantages such as registering in mileage and rewards programs to steal the benefits. They will also use these accounts to register trolls on social media for cyberpropaganda, manipulate consumer portals by posting fake reviews, or add fake votes to community-based polls — the applications are endless.

Sextortion Cases Will Rise

We will see an increase in reports of teenagers and young adults being extorted for non-monetary reasons like sextortion. Even if there is no guarantee that a blackmailer will come through, the highly personal nature of this kind of attacks will make the victim seriously consider fulfilling the attacker’s demands, whether that means money or sexual favors. As sextortion, in particular, becomes more widespread,5, 6, 7 this kind of attacks will affect, perhaps even claim, more lives in 2019.

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.