2019 Will Be The Year Of Cyber Attack-As-A-Service
2017 was the year of the Ransomware, the current year 2018 is setting itself up as the year of the cryptojacking malware while ‘cyber attacks for hire’ is said to be the newest emerging cybersecurity threat for the coming year, 2019. Big Data is big money, the very lifeblood of all for-profit business, and where data is cybercriminals will follow. Since the explosion of ransomware in 2017, threat actors have realized that malware is not only for destroying data but rather more of a profit-making enterprise. 2018’s crytojacking malware have the same goal, to earn profits for its author, but this time around, silently. By stealing CPU/GPU cycles, mining of Monero coins occurs in the background, the typical user will never detect it is happening.
As we enter 2019, the growth of the use of Dark web to promote illegal activities is expected by security experts. Cyber attacks-as-a-service will be more common in 2019, as owners of botnets will try to monetize their network instead of just plainly attacking a particular site or webserver for DDoS purposes. It is no coincidence that the popularity Internet-of-Things and growth of botnets happen in the same, of all Internet-connected devices, IoT is the least secure devices that exist today. In the desktop and laptop space, Microsoft has introduced Defender antivirus by default, even if the user has not installed a 3rd-party antimalware. For mobile phones, Android comes with Google Play Protect, the built-in antivirus process within Google Play Store itself. These are the defensive capabilities that IoT devices do not have today.
More and more companies are depending on 3rd party cloud infrastructure for their ever-evolving application needs. The more dependence on a cloud-service, the more enticed cybercriminals in devising attacks against those specific cloud services. The risk is very high, since companies usually upload data to their cloud accounts in the clear, in decrypted form. Anyone that get access to the storage of cloud services has the free hand of taking the data and use it for whatever reason they deemed for.
For people that have a passion to enter the world of IT and system administration, it will be good for them to have an understanding of how to secure the cloud storage infrastructure. The best thing that can be done is pre-encrypt all the files before it is uploaded to the cloud storage account. In the event that a data breach happens with the vendor’s infrastructure, the leaked files will never be readable by the attacker.
Slowly but surely, we are coming full circle as we embrace mobile computing, most of our data will be stored elsewhere instead of natively on our computing devices. The era of fat clients, where storage is stored in localized PCs is still here, but the writing is already on the wall. This ‘new normal’ of embracing cloud storage technology will be more versatile in the coming years with the maturity of 5G networks, making data transfers between the portable devices to a remote server as fast if not faster than storing data in a local drive. We can depend on encryption to keep our data private even if the line that differentiates between local and remote storage is blurred.