Changes in cybersecurity - 4 trends that you should be aware of
Cybersecurity is receiving more and more attention every day, which is a good thing. However, attackers are continuously changing their approach and looking for new ways to target organizations. With the start of the new year, we analyzed the current threat landscape and we can give a forecast and our opinion about the cybersecurity trends for 2019.
First trend: IoT botnets
The use of the Internet of Things (IoT) devices have become increasingly popular over the last few years. However, only a few organizations pay attention to the security of these devices. Adversaries are exploiting these security issues by infiltrating them with malicious software. By combining the power of all these infected IoT devices in a Botnet, adversaries can launch powerful and sophisticated DDoS attacks. For instance, the Mirai botnet had at its peak 600.000 infected devices under control, devices infected by Mirai scan and identify other vulnerable IoT devices on the internet. By using the factory default usernames and passwords, new devices are infected. The sheer number of infected devices resulted in huge attack bandwidth.
We predict IoT botnets will continue to grow, their distributed nature will make them harder to take down. Also, machine learning and data analytics can make them more efficient and self-sustainable in the future. Luckily there are multiple defense solutions, such as Akamai’s Kona Site Defender. By filtering packets at the edge of the network, these huge bandwidth attacks can be prevented. Last February, GitHub survived the biggest DDoS attack ever recorded, the attack peaked at a bandwidth of 1,3 Tbps. Using the DDoS protection of our partner Akamai, they were able to shut down this attack in just 8 seconds.
Second trend: the rise of crypto-jacking malware
Crypto-jacking is the mining of cryptocurrency on the recipient’s device, making use of extra processing power. While crypto-jacking already exists for a few years, originated in the form of crypto-jacking adds on websites, it is increasingly used in malware. Not everyone views it as a critical threat to their organization, as it does not steal or mutates data. However, it does compromise the essentials of security, as attackers have unauthorized control over your device. Furthermore, as crypto-jacking consumes the resources of the device, it can make devices slow and reduce the productivity of your employees.
Crypto-jacking brings attackers a new way to monetize their operations, instead of selling data or hijacking data (ransomware). Most browsers have built-in protection to prevent ads from mining crypto, unfortunately, crypto-jacking malware is harder to counter. As of 2019, we expect an increase in this type of malware, possibly in combination with other types of malicious activities.
Third trend: security solutions are moving to the cloud
The market for cloud Web Application Firewalls (WAF) is growing. Gartner predicts, by 2020, that 80% of all new WAF deployments are cloud-based. This rapid growth is powered by the customer demands, as a cloud-based WAF is easy to consume and manage while being compliant to data privacy requirements.
WAFs are put in front of the web server to protect the services running from attacks and can monitor traffic for compliance or analytics goals. Cloud WAF service combines a cloud-delivered as-a-service deployment with a subscription model. This makes it quick to install, easy to scale and low up-front costs.
Last, but not least: machine learning
Not only do we expect attackers use more Machine Learning (ML) in the future, it is also increasingly used in Security solutions. For example, Akamai’s Kona Client Reputation (KCR) can further improve security decisions by providing the ability to filter malicious clients based on their behavior. It uses an ML algorithm to compute a risk score for all traffic, using this risk score, KCR can protect your organization from attacks such as SQL injections, Remote file inclusion, and Cross Site Scripting.
For 2019 we expect these algorithms to improve even further and to see ML applied in more security products. This is a logical advancement as ML improves with the increase in data, especially when using a cloud-based solution such as Kona.
Need help with your online security?
Can we help you with cybersecurity for your organization, or do you have questions about the security trends for 2019? Please fill in the form below, our hosting & security experts will contact you as soon as possible.
Thank you! We will reply as soon as possible.