{"id":92746,"date":"2018-11-29T01:00:11","date_gmt":"2018-11-29T09:00:11","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=92746"},"modified":"2024-02-18T22:33:52","modified_gmt":"2024-02-19T06:33:52","slug":"mcafee-labs-2019-threats-predictions","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-labs-2019-threats-predictions\/","title":{"rendered":"McAfee Labs 2019 Threats Predictions Report"},"content":{"rendered":"

These predictions were written by Eoin Carroll, Taylor Dunton, John Fokker, German Lancioni, Lee Munson, Yukihiro Okutomi, Thomas Roccia, Raj Samani, Sekhar Sarukkai, Dan Sommer, and Carl Woodward.<\/em><\/p>\n

As 2018 draws to a close, we should perhaps be grateful that the year has not been entirely dominated by ransomware<\/a>, although the rise of the GandCrab and SamSam variants show that the threat remains active. Our predictions for 2019 move away from simply providing an assessment on the rise or fall of a particular threat, and instead focus on current rumblings we see in the cybercriminal underground that we expect to grow into trends and subsequently threats in the wild.<\/p>\n

We have witnessed greater collaboration among cybercriminals exploiting the underground market, which has allowed them to develop efficiencies in their products. Cybercriminals have been partnering in this way for years; in 2019 this market economy will only expand. The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before.<\/p>\n

Social media has been a part of our lives for more than a decade. Recently, nation-states have infamously used social media platforms to spread misinformation. In 2019, we expect criminals to begin leveraging those tactics for their own gain. Equally, the continued growth of the Internet of Things in the home will inspire criminals to target those devices for monetary gain.<\/p>\n

One thing is certain: Our dependency on technology has become ubiquitous. Consider the breaches of identity platforms, with reports of 50 million users being affected. It is no longer the case that a breach is limited to that platform. Everything is connected, and you are only as strong as your weakest link. In the future, we face the question of which of our weakest links will be compromised.<\/p>\n

\u2014Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research<\/p>\n

Twitter @Raj_Samani<\/p>\n

 <\/p>\n

Predictions<\/h2>\n

Cybercriminal Underground to Consolidate, Create More Partnerships to Boost Threats<\/strong><\/a><\/p>\n

Artificial Intelligence the Future of Evasion Techniques<\/strong><\/a><\/p>\n

Synergistic Threats Will Multiply, Requiring Combined Responses<\/strong><\/a><\/p>\n

Misinformation, Extortion Attempts to Challenge Organizations\u2019 Brands<\/strong><\/a><\/p>\n

Data Exfiltration Attacks to Target the Cloud <\/strong><\/a><\/p>\n

Voice-Controlled Digital Assistants the Next Vector in Attacking IoT Devices<\/strong><\/a><\/p>\n

Cybercriminals to Increase Attacks on Identity Platforms and Edge Devices Under Siege<\/strong><\/a><\/p>\n

<\/a><\/p>\n

Cybercriminal Underground to Consolidate, Create More Partnerships to Boost Threats<\/h2>\n

Hidden hacker forums and chat groups serve as a market for cybercriminals, who can buy malware, exploits, botnets, and other shady services. With these off-the-shelf products, criminals of varying experience and sophistication can easily launch attacks. In 2019, we predict the underground will consolidate, creating fewer but stronger malware-as-a-service families that will actively work together. These increasingly powerful brands will drive more sophisticated cryptocurrency mining, rapid exploitation of new vulnerabilities, and increases in mobile malware and stolen credit cards and credentials.<\/p>\n

We expect more affiliates to join the biggest families, due to the ease of operation and strategic alliances with other essential top-level services, including exploit kits, crypter services, Bitcoin mixers, and counter-antimalware services. Two years ago, we saw many of the largest ransomware families, for example, employ affiliate structures. We still see numerous types of ransomware<\/a> pop up, but only a few survive because most cannot attract enough business to compete with the strong brands, which offer higher infection rates as well as operational and financial security. At the moment the largest families actively advertise their goods; business is flourishing because they are strong brands (see GandCrab)<\/a> allied with other top-level services, such as money laundering or making malware undetectable.<\/p>\n

Underground businesses function successfully because they are part of a trust-based system. This may not be a case of \u201chonor among thieves,\u201d yet criminals appear to feel safe, trusting they cannot be touched in the inner circle of their forums. We have seen this trust in the past, for example, with the popular credit card shops in the first decade of the century, which were a leading source of cybercrime until major police action broke the trust model.<\/p>\n

As endpoint detection grows stronger, the vulnerable remote desktop protocol (RDP) offers another path for cybercriminals. In 2019 we predict malware, specifically ransomware, will increasingly use RDP as an entry point for an infection. Currently, most underground shops advertise RDP access<\/a> for purposes other than ransomware, typically using it as a stepping stone to gain access to Amazon accounts or as a proxy to steal credit cards. Targeted ransomware groups and ransomware-as-a-service (RaaS) models will take advantage of RDP, and we have seen highly successful under-the-radar schemes use this tactic. Attackers find a system with weak RDP, attack it with ransomware, and propagate through networks either living off the land or using worm functionality (EternalBlue).<\/a> There is evidence that the author of GandCrab is already working on an RDP option.<\/p>\n

We also expect malware related to cryptocurrency mining will become more sophisticated, selecting which currency to mine on a victim\u2019s machine based on the processing hardware (WebCobra)<\/a> and the value of a specific currency at a given time.<\/p>\n

Next year, we predict the length of a vulnerability\u2019s life, from detection to weaponization, will grow even shorter. We have noticed a trend of cybercriminals becoming more agile in their development process. They gather data on flaws from online forums and the Common Vulnerabilities and Exposures database to add to their malware. We predict that criminals will sometimes take a day or only hours to implement attacks against the latest weaknesses in software and hardware.<\/p>\n

We expect to see an increase in underground discussions on mobile malware, mostly focused on Android, regarding botnets, banking fraud, ransomware, and bypassing two-factor authentication security. The value of exploiting the mobile platform is currently underestimated as phones offer a lot to cybercriminals given the amount of access they have to sensitive information such as bank accounts.<\/p>\n

Credit card fraud and the demand for stolen credit card details will continue, with an increased focus on online skimming operations that target third-party payment platforms on large e-commerce sites. From these sites, criminals can silently steal thousands of fresh credit cards details at a time. Furthermore, social media is being used to recruit unwitting users, who might not know they are working for criminals when they reship goods or provide financial services.<\/p>\n

We predict an increase in the market for stolen credentials\u2014fueled by recent large data breaches and by bad password habits of users. The breaches lead, for example, to the sale of voter records and email-account hacking. These attacks occur daily.<\/p>\n

<\/a><\/p>\n

Artificial Intelligence the Future of Evasion Techniques<\/h2>\n

To increase their chances of success, attackers have long employed evasion techniques to bypass security measures and avoid detection and analysis. Packers, crypters, and other tools are common components of attackers\u2019 arsenals. In fact, an entire underground economy has emerged, offering products and dedicated services to aid criminal activities. We predict in 2019, due to the ease with which criminals can now outsource key components of their attacks, evasion techniques will become more agile due to the application of artificial intelligence. Think the counter-AV industry is pervasive now?\u00a0This is just the beginning.<\/p>\n

In 2018 we saw new process-injection techniques such as \u201cprocess doppelg\u00e4nging\u201d<\/a> with the SynAck ransomware, and PROPagate injection delivered<\/a> by the RigExploit Kit.\u00a0By adding technologies such as artificial intelligence, evasion techniques will be able to further circumvent protections.<\/p>\n

Different evasions for different malware <\/strong><\/h4>\n

In 2018, we observed the emergence of new threats such as cryptocurrency miners, which hijack the resources of infected machines. With each threat comes inventive evasion techniques:<\/p>\n