Network complexity is continuing to increase, and cyberattack complexity is mirroring this changing network landscape. Some attacks die down while others resurface as new variants year after year. The ever-changing landscape requires vigilance and quick responses. In 2018, important shifts were observed in the threat landscape such as new malware variants and new versions of well-known legacy exploits. There were many security breaches due to misconfiguration errors, and this trend further extended into cloud-hosted software and services. Cloud services offer nearly instant access to a wide variety of scalable platforms and services, but with that speed comes a rapidly expanding attack surface and more room for human error.

Some common cloud security mistakes include the failure to encrypt personally identifiable data, incorrect data access permissions, and the use of unpatched codes that create vulnerabilities in the application stack.

In its third annual “Security Report”, Ixia, a Keysight business, has predicted the following six trends for 2019, based on company-collected data and historical activity…

Abuse of low-value endpoints will escalate

Until the basic security hygiene improves, hacks such as Mirai and cryptojacking will continue unabated. With more devices connecting to the internet every day, the number of targets will continue to increase and so will the number of victims.

Brute-force attacks on public-facing systems and resources will increase

It appears that there will always be a server out there with the password “password”, which a hacker can exploit. Individuals can prevent attacks on their systems by changing default credentials, but only the adoption of two-factor and public/private key authentication will provide a permanent solution. Brute force exploits will also increase significantly for enterprises and carriers with the proliferation of internet of things (IoT) devices. These devices are actively broadcasting – so they can connect to an internet router and relay data. Attackers can exploit this mechanism to connect to the IoT device and take it over.

Cloud architectures create complexity that increases attack surfaces

On-premise architectures give security personnel complete control over their equipment and architecture. However, public cloud-based solutions give no control over server and network architecture. Attacks like Spectre (CVE-2017-5753) and CVE-2019-6260 are just the beginning of the new types of attacks aimed at cloud users and their data. The speed and dynamic capabilities of public clouds have exposed a new attack vector – service misconfiguration. Misconfigured services provide an open gate that hackers and bad actors can walk through, often with disastrous results.

Phishing attacks will become more focused during the next two years

Enterprises invest heavily in training employees to recognise phishing attacks. In response, hackers create better phishes that are less obvious to victims, and are more targeted. The growing usage of Office 365 and the adoption of Google G Suite will help slow down the phishing momentum. Both tools provide some phishing indicators. However, well-planned attempts will get past these new defences.

Multiphase attacks that use lateral movement and internal traffic will increase

Malware often goes undetected because command-and-control traffic is sporadic, hidden like a needle in a haystack and disguised to look like normal HTTPS traffic. Many organisations often only monitor the traffic at the ingress and egress points in their networks. As attacks become more sophisticated, detection times will get longer. Attackers will utilise more LAN-to-LAN attacks, hoping to avoid detection by abusing the trust of internal traffic.

Cryptomining and cryptojacking attacks will increase

For decades, hackers have sought to compromise systems, steal data and, more recently, ransom computers. A shift has occurred, where new attacks target the systems themselves. Rather than stealing data at rest, attackers use compromised systems for cryptomining. Old unpatched vulnerabilities previously used for ransomware or DDoS networks are easily exploited to deliver cryptomining software. Advanced cryptominers do not depend on classic command-and-control architectures, thus making them harder to detect. Fluctuating cryptocurrency values may slow down the growth of mining networks, but mining will continue to offer financially attractive incentives to hackers looking to make some quick money.