Blog Threatscape Predictions for 2019

Threatscape Predictions for 2019

December 18, 2018 Category: Threats By: Michael Rosen Comments: 0

Threatscape Predictions for 2019

  • Breaches will appear to be more frequent, more public, and more dramatic than in previous years
  • New attack vectors will emerge just as the industry figures out how to foreclose on older ones
  • Artificial intelligence (AI) and machine learning (ML) will increase the stakes for both attackers and defenders
  • Threatscape innovation spurs defensive acceleration to zero-trust and “carbon problem” mitigations

Prediction blogs abound this time of year, so top off your eggnog and drink in one more. The forecasts that follow originate from multiple well-informed thought leaders across Bromium business functions. We are grateful for their thoughtful contributions. Collectively polishing the crystal ball from our unique vantage point of hardware-enforced security isolation, Bromium Threat Labs humbly offers the following prognostications for the 2019 threatscape.

Breach Awareness Ramps Up to 11

Next year is shaping up to be the loudest, most noteworthy year on record for breaches due to increasingly stringent worldwide reporting and notification requirements—GDPR foremost among them. Expect a who’s-who of organizations reporting eye-popping numbers of victims in the mega-millions, coupled with huge fines of seven, eight, or even nine figures. The Marriott hack—involving a breach of personal information for up to half a billion customers—may be the first test of GDPR including large multi-million-dollar fines. So, while it might appear that breaches are undergoing a massive increase in quantity, much can be chalked up simply due to mandatory reporting.

Browser Attacks Resurge

Browsers attacks are not extinguished. We see shifts from old-school IE Flash and JavaScript exploits—low-hanging fruit targeting technological laggards—to more sophisticated attacks and new zero-days, even among safer modern browsers. As browsers add more advanced functionality, we see it overwhelming Microsoft’s ability to keep up with Windows security features, spurring on a new security arms race in the browser. Chrome remains a very secure browser, but we predict that exploitable bugs and vulnerabilities will gradually start to increase in other browsers. Edge may become more targeted—especially if it receives less developer attention in the year ahead—owing to Microsoft’s recent announcement abandoning their own proprietary Edge technology in favor of open-source Chromium. Still, the vast majority of malware will continue to arrive within downloaded/attached content rather than via browser exploits.

File-Based Malware Evolves to Stay on Top

We expect that file-based malware will continue to be the largest source of attacks via web downloads and email attachments. We’ll go out on a limb and predict that 2019 will be the year that Office documents finally start to lessen in importance as a threat vector, as more customers move to online versions of Office/Google Docs, and especially as Microsoft finally begins to apply protections against macros and processes launched from Office (e.g. PowerShell). Users will continue to be the weakest link in the security chain, with at least one “vulnerability” previously considered as “behaving as designed” being patched to remove the risky functionality (e.g. removing DDE from Office documents this year). Malware authors will continue to work feverishly to develop new threat vectors which should begin to appear later in 2019.

Hardware Vulnerabilities Resurface

2018 felt like it was the year of the hardware hack. Spectre and Meltdown became the most expensive vulnerabilities of all time, with Intel, AMD, Microsoft and countless others throwing money at high-profile emergency patches, at the expense of performance. The Supermicro chip implant scare—now partially discredited—which allegedly impacted Apple and Amazon, also highlighted how deliberate implanting of vulnerabilities into hardware is certainly within the realm of possibility for nation-state funded attackers. More hardware-based attacks will come to light, exposing both new and historical chip flaws, with the industry more on edge against malicious implants from international supply chains and intelligence agencies.

Supply Chain and Acquisition Vulnerabilities Increase

For most organizations, the threat of a hardware hack is of minimal concern, as there are more pressing issues to address. The rising number of breaches originating from third parties is just one of the threats facing organizations, with complex supply chains giving hackers a wider surface to attack. As the likes of Ticketmaster (embedded third-party chatbot) and