Panda Labs has compiled an annual cybersecurity report, gathering data over the past year to analyse trends and make predictions as we move into 2019. These predictions can help companies and consumers alike prepare themselves for the cyber threats we’re likely to face in the coming year.
The findings from the report brings together some extremely interesting stats and figures about the past year and shines a brighter light on some very startling events.
Cybersecurity threats from 2018
2018 was certainly a busy year in the cybersecurity arena. Several big scares arrived very quickly starting with Meltdown and Spectre vulnerabilities found in the majority of modern microprocessors, along with backdoors being discovered in systems used by UK Government contractors.
Make sure you take a look at our guide on how to keep yourself safe online.
The rise of ‘Cryptojacking’ was also seen which involves the process of remotely using someone’s CPU or graphics card to mine cryptocurrency. This can be done as subtly as the user just visiting a certain website, where the code uses the processing power of your machine to solve the algorithms used in the mining of cryptocurrencies and then deposits the reward for this into the hacker’s account.
Aside from the more ‘direct’ threats from malware, we also saw a wide host of data breaches throughout the year which was made all the more costly by the introduction of GDPR in Europe in May. Companies found to be handling user’s data incorrectly can be fined millions of Euros, either 2% or 4% of annual turnover.
The most well-documented data misuse case of the year surrounded the Cambridge Analytica scandal where personal data of at least 87 million Facebook users was exploited without permission in order to influence the US presidential elections.
In September almost 50 million Facebook accounts were exposed after attackers exploited a vulnerability allowing them to steal users’ access tokens. Facebook has notified the Data Protection Commission (DPC) in Ireland of this, but we have yet to see if there will be a fine for this particular event.
The largest data breach of the year came from Aadhaar, India’s national ID database which contains the information of 1.1 billion Indian citizens including biometric data. Journalists discovered that they could obtain any record of a registered individual in Aadhaar for 500 rupees (just under 6 Euros). The Unique Identification Authority of India (UIDAI) has denied any claims of a breach.
Predicted trends for Cybersecurity in 2019
2019 is set to see an increase in the pace of the cyberwar arms race. While conventional malware such as Worms and Trojans will still remain a threat, several new methods of infiltrating software will become far more common.
‘Live hacking’ will become more popular as attacks that originate in this way don’t require traditional software packages that can be detected or destroyed, instead a system is actively infiltrated by a hacker to recover information or data. This is unlikely to directly affect consumers, as it will be targeted more at corporations or governments initially - but this could of course bring repercussions for the general public too.
Supply chain attacks will also become more common. This idea rests around a popular service being infected with malware, unknown to the provider of the software, and then being distributed to a customer base – essentially using legitimate software as a disguise for the malware to infect a wide user base under the guise of a new update or latest release.
It is also suggested that AI will become more widely used by attackers. 2019 will be the year of AI in many ways, and will find its way to be applicable in several industries for both positive and negative effects. Sadly, AI has no moral compass (yet?) so it will be employed by unscrupulous individuals to find new ways to break and circumvent defences.
You can read the full report by Panda Security here.