According to Symantec, here are some of the trends and activities most likely to affect organizations, governments, and individuals in 2019 and beyond.
Attackers Will Exploit AI Systems and Use AI to Aid Assaults
The long-awaited commercial promise of AI has begun to materialize in recent years, with AI-powered systems already in use in many areas of business operations. Even as these systems helpfully automate manual tasks and enhance decision making and other human activities, they also emerge as promising attack targets, as many AI systems are home to massive amounts of data.
Growing 5G Deployment and Adoption Will Begin to Expand the Attack Surface Area
A number of 5G network infrastructure deployments kicked off this year, and 2019 is shaping up to be a year of accelerating 5G activity. While it will take time for 5G networks and 5G-capable phones and other devices to become broadly deployed, growth will occur rapidly. IDG, for example, calls 2019 “a seminal year” on the 5G front, and predicts that the market for 5G and 5G-related network infrastructure will grow from approximately $528 million in 2018 to $26 billion in 2022, exhibiting a compound annual growth rate of 118 percent.
IoT-Based Events Will Move Beyond Massive DDoS Assaults to New, More Dangerous Forms of Attack
In recent years, massive botnet-powered distributed denial of service (DDoS) attacks have exploited tens of thousands of infected IoT devices to send crippling volumes of traffic to victims’ websites. Such attacks haven’t received much media attention of late, but they continue to occur and will remain threats in coming years. At the same time, we can expect to see poorly secured IoT devices targeted for other harmful purposes. Among the most troubling will be attacks against IoT devices that bridge the digital and physical worlds. Some of these IoT enabled objects are kinetic, such as cars and other vehicles, while others control critical systems. We expect to see growing numbers of attacks against IoT devices that control critical infrastructure such as power distribution and communications networks. And as home-based IoT devices become more ubiquitous, there will likely be future attempts to weaponize them–say, by one nation shutting down home thermostats in an enemy state during a harsh winter.
Attackers Will Increasingly Capture Data in Transit
We’re likely to see attackers exploit home-based Wi-Fi routers and other poorly secured consumer IoT devices in new ways. One exploit already occurring is marshalling IoT devices to launch massive cryptojacking efforts to mine cryptocurrencies.
Attacks that Exploit the Supply Chain Will Grow in Frequency and Impact
An increasingly common target of attackers is the software supply chain, with attackers implanting malware into otherwise legitimate software packages at its usual distribution location. Such attacks could occur during production at the software vendor or at a third-party supplier. The typical attack scenario involves the attacker replacing a legitimate software update with a malicious version in order to distribute it quickly and surreptitiously to intended targets. Any user receiving the software update will automatically have their computer infected, giving the attacker a foothold in their environment.
Growing Security and Privacy Concerns Will Drive Increased Legislative and Regulatory Activity
The European Union’s mid-2018 implementation of the General Data Protection Regulation (GDPR) will likely prove to be just a precursor to various security and privacy initiatives in countries outside the European Union. Canada has already enforced GDPR-like legislation, and Brazil recently passed new privacy legislation similar to GDPR, due to enter into force in 2020. Australia and Singapore have enacted a 72-hour breach notice inspired by the GDPR, and India is considering GDPR-inspired legislation. Multiple other countries across the globe have adequacy or are negotiating GDPR adequacy. In the U.S., soon after GDPR arrived, California passed a privacy law considered to be the toughest in the United States to date. We anticipate the full impact of GDPR to become more clear across the globe during the coming year.
