What's next for security in 2019?

Bogdan Botezatu, Director of Threat Research at Bitdefender, gives his view of what threats to watch out for in 2019

The past 12 months have seen cybersecurity thrust into the global spotlight.

In the last 60 days alone, news of successful hacks targeting both Marriott International and Quora have surfaced and with over half a billion people's data being compromised in the process.

The companies involved have been heavily scrutinised and at times even criticised for their security practices. Combining these highly publicised events with the Facebook data breach, alleged Russian election interference and targeted ransomware attacks surging, 2018 has been a very busy year for cybersecurity.

Every day new technology is being developed to protect against the rise in these threats, while hackers are working equally hard to find new ways to get around this technology. In fact, using Bitdefender's threat intelligence, 2019 looks like it will be just as eventful, if not more so. New threats and security loopholes — shared in this article — are already being identified and monitored.

Election interference in Europe is a threat to democracy

It's hard to pick up a newspaper without seeing a story referencing the suspected interference with the US elections and that will continue long into the new year. While a few years ago these kinds of attacks were nothing but rumours, this is a real threat that nations are facing and have to be prepared for.

Despite the US taking the headlines, there has also been speculation around interference with Brexit and with the election of new European Members of Parliament coming in 2019. It would be naive to think that Europe isn't susceptible to threats. Threat analysis shows there is a high chance nations could see state-sponsored attacks on everything from voting systems to social media propaganda.

macOS attacks will continue to rise

After becoming the world's first trillion dollar company in 2018, Apple's share of the desktop market continues to rise. Naturally, this means that malware designed to infect the Apple OS is also growing as threat actors look to find new ways to penetrate the enterprise. Bitdefender predicts a huge increase in the number of attacks off the basis of internal intelligence which is already pointing towards an increase in Mac-specific malware as well as mechanisms and tools designed to capitalise on Macs post-breach.

This has already been the case with past APTs that housed Mac-specific components. For example, APT28 operators can use the Xagent payload to target victims running Mac OS X to steal passwords, grab screens and even steal iPhone backups that have been stored on a Mac.

APTs target banks

While ATPs will increase in the Mac environment, they also look likely to continue to emerge in other areas. In attacks that are reminiscent of those of the Carbanak Group, who used an APT-style campaign to steal money from banks back in 2014 through tactics such as phishing emails, we can expect more of the same in the next 12 months. Despite being five years ago, 2019 looks set to a see resurgence of some of these tactics only with newer and more advanced technology.

A shift towards mobile banking attacks

Fintech is an industry that has seen significant year-on-year growth. Companies that barely existed five years ago are being bought by international banks as multimillion, if not billion, pound companies. One of the biggest acquisitions this year was startup iZettle which was bought by PayPal for $2.2 billion. While companies like these are revolutionising the banking system, they are also paving the way for a new trend for hackers — especially on mobile.

The more money that fintech companies manage on behalf of their users, or the deeper the integration with traditional banks, the more attractive they become to attackers. Not only is there the potential to steal a lot of money, but the fact that these companies run primarily on mobile also makes them a far easier target. As a result, cybercrooks are highly likely to develop even more threats to fintech in 2019.

The bottom line: security has to keep up with technology

Cybersecurity technology is developing at a faster rate than ever and the next 12 months is likely to see some exciting new innovations.

At the same time, the year ahead is going to be one where hackers push boundaries like never before. Hackers are smart and will be keeping a close eye on what they can capitalise on. Election interference will continue, hackers will get smarter and look for new ways to target existing and new technology and totally new threats will emerge. As new technology develops, so to must the technology protecting it.