In 2018, 500 million people became victims of data breaches and these are only those that became known and it is expected that by 2020, cybercrime losses will increase to $ 6 billion. North Korea, Iran, Russia and China remain the main actors in this attack group. The most skilled craftsmen exactly from these states attacked the state apparatuses of other countries, created fake analytical centres, and websites of government agencies.
What will happen to cyber security in 2019? A flexible and globalized cyber system is evolving as technologies develop — very quickly. What to expect from cybercriminals in 2019?
AI-based virus programs
Artificial intelligence and machine learning is a global technological trend that has not bypassed cybercrime. Traditionally, attackers communicate with compromised systems using command and control servers. A computer that sends commands to infected devices and receives information from them. Now the malware, using AI, will be able to independently determine how to behave, remain inconspicuous and use local credentials. This will complicate the process of searching for malicious programs, due to their quick “learnability”, or rather quick adaptation, because it can make decisions on its own, without command and control servers.
But it is worth noting that we will also start using AI to protect against cyber-attacks. Models of work and data processing using machine learning are more resistant to “contamination”. Therefore, they are being actively introduced into the cyber defence systems of state machinery.
We recall that phishing is a type of fraud where attackers send emails from supposedly known sites and companies (the email address is as similar as the letter’s design) in order to lure the user’s login and password. The next thing is access to your confidential data.
This year such attempts will be many times more and what is worse, they will become much more effective. There are several reasons for this. Firstly, as we go online, we are registering in more and more systems and sites — this already increases the potential scale of cyber-attack. Secondly, based on a lot of letters in email boxes and the growth of online loyalty to interaction (online banking, recovery of various passwords and the implementation of a lot of registrations), the user becomes less attentive. Thirdly, the use of artificial intelligence in the process of creating letters in the visual style of companies that attackers use to hide behind, allow them to do this quickly and efficiently (robots make fewer mistakes). Phishing emails will be increasingly difficult to distinguish from authentic emails.
The growing trend of cybercrime has been the shift of its focus: from material to information- reputational. That is, the attackers don’t directly profit by obtaining personal data, and use access to them for the application of maximum harm. And it really can be much worse than stealing money from bank cards. For example, labelling, blood, and donor databases are stored online today. Making even minor “edits” can be fraught with the death of people. This can sow fear and distrust of data systems (and now everything works with their use). As a result, there are undermining public confidence and chaos. The government, business, ordinary users and even those who have never used the Internet will suffer.
Extending the range of cyber attackers and cyber policemen skills
Cybersecurity expects an influx of new faces and talents. IT knowledge is certainly important, but psychology and behavioural economics are emerging. Political science, language analytics and, in general, all STEAM disciplines (science, technologies, engineering, arts, mathematics) will also be involved. Cyber-attacks will increasingly use these tools. After all, even if our attention is not the same as before, and we can’t always identify phishing emails, but this also has a positive side for users – it’s harder to get our attention. The low concentration of Internet users, screaming headers and links that have become familiar, make cybercriminals smash their heads over the involvement of users to infected programs and files.
The overwhelming majority of companies’ analysts that are hunting for cybercriminals have no IT education, this only prove the fact that other factors are entering the arena and not only excellent knowledge of the program code.
If you're drowning, you're on your own
It is fair to say that the risk of cyber-attacks lies on its potential victims. Only they are responsible for protecting their personal data. That is, if your account has been hacked, and you continue to use your password, then no security system can help you. Reliable passwords or password managers can help to prevent data leakage.
Many studies this year will be directed not only to protection against cyber-attacks but also preventive policies. Namely, the study of user behaviour. Such studies can help professionals identify which groups of people are more susceptible to cyber-attacks — what users need additional protection and special training. For example, a study at the University of Maryland showed that women use less reliable passwords and update them regularly, while introverts are less careful about locking their devices than extroverts.