In this article you can find the most recent cyber security trends
Cyxtera points out that spam will become increasingly personal. See other forecasts
Increasingly personal spam, use of artificial intelligence to implement attacks and password less authentication are some of the key trends for the cyber security industry in 2019. The prognosis is from Cyxtera a multinational dedicated to the detection and prevention of electronic fraud on all devices, channels and services in the cloud.
"Governments and organizations need to take into account that their data is spread across private data centers and public and private clouds, among others. In addition, users access your data from anywhere and any device. Therefore, it is necessary to develop a defense for this hybrid infrastructure, "says Ricardo Villa Diego, Director of Security at Cyxtera.
The company, which has evaluated more than 32 billion global connections in search of threats, listed the major cyber-attacks that organizations must face next year, in addition to the most effective tools and trends to combat them.
1) Increasingly personal spam
Geo location services allow phishers to approach people from different areas with fraudulent offers specifically designed to appeal to a particular audience. Cyxtera experts estimate that by 2019, phishers will increasingly combine tactics in creating advanced campaigns, such as Google Ads for volunteer work in the Super Bowl for men ages 18-24, for example. "In 2018, combining social network posts, emails, and advertising ads was used in the composition of advanced campaigns. Phishers should work on increasingly complex geo location-driven messages. You have to be very careful with emails in 2019, "warns Villa Diego.
2) Digital trust will be decisive for financial institutions
With nearly two-thirds of consumers worried that their accounts and their cards might be hacked, digital confidence has to do with both culture and anti-fraud technologies. According to the executive, we have not yet experienced cultural change, and awareness about fraud prevention is generally treated as a secondary concern. "In 2019, financial institutions will have the opportunity to engage the customer through the development of services that strike a balance between robust security and simplicity," he explains. "Organizations need to have a unified vision and employ anti-fraud technologies that are effective in the short and long term because that is the only way to achieve digital trust," he says.
2) Who works for artificial intelligence?
We already know that artificial intelligence (AI) can be created and used by fraudsters to increase their cyber-attacks. In 2019, fraudsters will not depend on their own artificial intelligence. Cyxtera predicts that fraudsters will create a huge amount of fake, phishing or malware attacks, causing misunderstandings in algorithm learning, which will come to believe that this is the way the attacks are working now. "Thus, they will be able to launch highly targeted attacks that will not be signaled by the poisoned algorithm, escaping detection and achieving profits," Villa Diego explains.
3) Password less authentication promises greater security - if done correctly
Passwords will not disappear completely, but the number of online platforms eliminating their use should grow more and more. When done correctly, password less authentication can be a powerful and secure tool. However, Cyxtera says organizations that use unencrypted channels as alternative authentication factors will face many more inherent vulnerabilities.
"See single-use passwords sent via email, for example, which, as has been known for some time, are highly unsafe. Incorporating them into the password less authentication process makes the procedure easily intercept able by cybercriminals. By 2019, when they adopt alternative authentication methods, organizations need to make sure they are doing it safely. "
4) App stores like virtual playground for malware
Unofficial app stores offer the perfect environment for malware to deliver a false sense of security. Villa Diego points out that even the Google Play Store is not immune. "Although Google has security measures in place to prevent malicious code from being uploaded to the official store, fraudsters have recently begun using non-malicious APK files as a gateway for downloading external loads and malicious actions on the user's device," explains. By 2019, it predicts there will be a sharp increase in the volume of malicious apps distributed to users' phones through legitimate application stores.
5) Automated gross force
Fraudsters know that most people reuse username and password combinations on different sites. Credential stuffing attacks offer a simple and quick way to check what the valid username and password pairs are. This can be used both in targeted attacks to specific groups and to catapult user data prices on the black market after verification. According to Cyxtera, large international banks were hit by a wave of such attempts, and this trend is set to increase in 2019.
6) Companies will follow in the footsteps of banks
As firms strengthen their defense strategies, modern authentication techniques such as push and biometrics, with which banks are already satisfied, will also be adopted by them;
7) IoT risks
IoT's security concern has been at the top of the list of priorities, but most of these devices remain highly vulnerable. The risks are greater than ever, especially with regard to authentication processes. Companies need to have control over these risks by establishing identity verification requirements, implementing secure protection systems, and developing tools for measurement and monitoring.
8) False political posts will bring real profits
A hot topic in recent years has been the political influence of fake accounts or "bots" on Twitter and other social networks, used to manipulate public perception and opinion about current events. Now, fraudsters are beginning to realize that it is possible to take advantage of the escalation of tensions and political divisions in different countries, using social networks as a vector of attacks. "Fraudsters post articles that appear to be in a certain position, leading the public to follow certain accounts or posts that will, at some point, trick them into providing money or access data," says Villa Diego.
9) When "safe" does not mean security
"Everybody sees, when they access the Internet, a small icon indicating that it is" safe "or" not safe "to navigate that page. Unfortunately, many users believe that this symbol means that the site uses encrypted communication and, therefore, could not be malicious, "explains the executive. He warns that fraudsters are already using certificates that appear to be legitimate (which can lead the browser to display the "secure" icon) to mask their phishing and malware attempts.
"In just one year, the use of certificates as a disguise for malicious traffic has doubled. There is no evidence that this trend will diminish, since the certificates offer a simple way to deceive users, who end up relying on the website and providing their credentials, "he warns.
10) New Year Resolutions
With so many changes planned for the fraud scenario next year, Cyxtera recommends that organizations implement a fraud prevention solution that harnesses the potential of multi-tiered, adversarial learning and addresses threats in a holistic manner - not individually. "We also advise organizations to implement strong, modern multifactor authentication and ensure that the company's security plan covers both internal and external threats," Villa Diego concludes.