FireEye has released its 2019 Security Predictions Report. Facing Forward: Cyber Security in 2019 and Beyond, taps into FireEye’s deep well of leadership and expertise to pull together a wide range of thoughts about what’s to come in 2019 and beyond.
The key findings include:
- The Dark Side of Social Media: In the last half of 2018, FireEye announced an extensive network of information operations – presumed to be driven by the political interest of Iran – that involved social media. With the upcoming elections across EMEA in 2019, the organization predicts that social media will continue to be the leading platform to produce information operations driven by foreign countries with a strategic interest in a particular state or a region. The mission could either be to promote a particular political party that might be friendlier towards specific foreign policies, or to drive a political narrative, causing conflict within the country.
- Iranian Cyber Threat Activity Against U.S. Entities Likely to Increase Following U.S. Exit From JCPOA, May Include Disruptive or Destructive Attacks: FireEye experts suspect that initially Iranian-nexus actors will resume probing critical infrastructure networks in preparation for potential operations in the future. Organizations and asset operators across all critical infrastructure sectors in the U.S. should be prepared to defend against Iranian threat groups that have demonstrated a focus on disruptive and destructive attacks.
- Attacks on airlines and airports: For years, FireEye has seen airlines and third-party ticket sellers exploited so that illicit tickets could be resold for profit on the dark web. Because airlines are trusted by their customers with a wide variety of sensitive personal data, they are also frequently targeted by cyber criminals looking to gather data to enable other types of fraud. In the last two years, FireEye devices have detected a sharp increase in the use of ransomware to temporarily disable airline ticketing and support operations. Air travel is a time-sensitive business, and cyber criminals know that they can extort quick payment from airlines that are unable to move passengers until their systems are decrypted.
- Critical Infrastructure Attacks Looming: In 2019, FireEye experts expect to see an uptick in threats towards critical infrastructure. Because many of these environments do not have a unified security strategy between information technology and operational technology, FireEye could potentially see a cyber-attack causing disruption or destruction within critical infrastructure elements. Attackers will also continue trying to interfere directly with operational technology networks to disturb business or ask for ransom for geopolitical reasons as well as to demonstrate their capabilities. Due to its diversity and the number of plants deployed over the continent, Europe will be a target of these attacks in 2019. FireEye could see threat actors on very old platforms where security and forensics are difficult to manage.
- Use of Emerging Technologies to Evade Detection: As discussed in last year’s FireEye security predictions report, FireEye experts have seen a steady increase in cyber criminals adopting cloud-based infrastructure to carry out sophisticated attacks. That was true throughout 2018, and in 2019 and beyond, we expect to see the use of emerging technologies such as blockchain and AI to obfuscate attacks. Also, with the increase in the number of AI-based cyber security products deployed in organizations, and security vendors innovating to bring new AI-based security products to the market, attackers will begin adapting their behavior accordingly. Next year we are expecting to see use of new techniques to evade AI-based solutions, including threats that blend in with normal traffic and threats that provide misleading data to challenge and disrupt machine learning models.
“2018 was a challenge year and we don’t expect it to get any easier in 2019. Further, Iranian attackers will continue to improve capabilities, even as we see new, less capable groups emerge supporting Iranian government goals. This will continue the trend of growth in both sophistication and volume of attacks by groups that we believe are linked to Iran,” said Mohammed Abukhater, Vice President, MEA, FireEye. “Earlier this year, H. H. Sheikh Mohammed bin Rashid, Vice President and Prime Minister of the UAE and Ruler of Dubai launched the Dubai Cyber Security Strategy, an initiative that aims to help businesses and individuals to create a safe cyber space, making Dubai’s cyber security experience a global model.”