NETSCOUT Predicts: Security Trends for 2019

Our security experts forecast important trends for the global cyber threat landscape

2019 Cyber Security Predictions
Carol Hildebrand

Today’s pervasively connected world brings both opportunity and increased vulnerability, as malicious actors, nation states, criminal organizations, or even individuals can capitalize on the digital interdependencies that pervade our world today. As the global cyber threat landscape continues to evolve, our security experts have a few predictions to help you plan and prioritize for security in 2019.

Prediction One: 2019 is the year that network and security operations unite.

In 2018, Distributed Denial of Service (DDoS) mitigation and prevention techniques became a lot smarter, due to advancements in DDoS cybersecurity solutions and network and application assurance technologies. In 2019, we’re going to see a similar thing happen at an organizational level as network operations teams share their visibility and insights with security teams. As security teams learn more about the treasure trove of insights that already exist within enterprise infrastructure, they will smartly integrate that existing visibility into their processes to neutralize threats.

The number of malicious attacks targeting the enterprise, the service provider space, and critical national infrastructure is rising exponentially. The alarming regularity of DDoS attacks is forcing CISOs and security architects to consider new strategies and solutions to protect key digital infrastructure. This includes the ability to detect DDoS attacks early—before these attacks cause significant damage to productivity, business performance, and reputation. The goal is to mitigate attacks and ultimately prevent them from happening at all.

The latter (prevention) is a challenge for even the most experienced CISO, because cybercriminals will always look to circumnavigate any defenses put in their way. The rapid growth of business migration to hybrid cloud and multi-cloud architecture further exacerbates the problem by increasing IT network and infrastructure complexity, thereby expanding the attack surface and exposing new vulnerabilities. Security teams have enough on their plate already without having to worry about cloud adoption and the integration of new services and applications. However, that’s all about to change as the boundaries that once separated security operations from network operations begin to blur, allowing teams to collaborate and share intelligence.

—Adam Bixler, Director, Product Management

Prediction Two:2019 is the year Western nations get serious about cybercrime.

In 2018, we saw western governments and authorities clamp down on cybercriminals and nation-state actors. This assertive action against malicious actors will increase in 2019 as Western nations build on this collaboration to fight cybercrime.

Western governments are leading the charge to bring cybercriminals to justice with policy-driven initiatives that will lead to more indictments, and potentially even more arrests, over the next twelve months. This is a positive step from Western governments who no longer want to sit back and watch as malicious actors try to take down critical national infrastructure, financial institutions, and large enterprises.

In the last few months, the White House unveiled its new cybersecurity strategy. This will shore up national infrastructure and offer greater protection to individuals and organizations. Crucially, it provides government and law enforcement agencies with the means to combat cybercriminals and deal with potential attacks from nation-states. Similarly, we are seeing Western nations, led primarily by the US and UK, increasingly call out Russia and China specifically for their aggressive actions in cyber space. The actions of both the UK and US governments signal an evolution in national policy towards the growing global threat that cybercrime represents.

—Mike McNerney, Product Manager, NETSCOUT Threat Intelligence

Prediction Three: 'One Tool to Rule them All’– Attackers franchise new DDoS threats in 2019.

Gone are the days where a single bot offered a simplistic DDoS attack type. In today’s DDoS threat landscape, attackers increasingly add diversification into their bots, allowing a wide variation of attacks and protocols to take down networks. In parallel, operators running booter and stressor services make it extremely easy to launch multi-vector attacks at a fraction of the risk and cost.

We now live in the era of terabit DDoS attacks, and while we expect to see more of these giant-sized threats happening over the next twelve months, we also anticipate seeing more multi-vector attacks as the ease of access increases at a frightening pace. The largest attack on record involved memcached servers. This attack vector became available in booters and stressors mere days after the attack surfaced. Indeed,it was simply one of many attack vectors available for purchase on underground marketplaces.

In 2019, we anticipate more attackers crawling out of the woodwork to offer their services to the highest bidder. These nefarious characters will take down targets on request and for a small fee. They will even hand over DDoS tools to their customers to let them do their own dirty work. While these tools are not necessarily new to the scene, the ease of access, quick iteration at including new attack types, and a broader range of international customers will result in lots of amateur cybercriminals getting hold of destructive malware.

Many of the operators behind booters and stressors use business practices and a software as a service (SaaS) model to market and sell monthly subscriptions, charging customers less than $50 for the privilege. Transactions can be conducted using crypto currency, but also through legitimate sites like PayPal, allowing them to make a profit and fund future activities.

—Richard Hummel, ASERT Threat Research Manager

Prediction Four:Internet of Threats – Botnet attacks leveraging IoT devices set to increase in 2019

With Internet of Things (IoT) adoption set to soar next year, this will create the perfect storm for cybercrime and result in serious implications for both businesses and consumers. When you consider that many of these connected IoT devices will be deployed across industrial sectors to power smart factories, production lines, and transport networks, the risks associated with securing the IoT become clear. This is without considering the fact that the IoT will continue to pervade mission-critical sectors like healthcare to support medical procedures and to monitor the well-being of patients.

The IoT space is still in its relative infancy and represents fertile ground for cybercriminals as they look to exploit new vulnerabilities. The proliferation of connected devices will therefore open the floodgates for new breeds of exploits and malware intent on disrupting IoT installations across industries, enterprises, the SME sector, and the smart home. The cybersecurity situation is aggravated even more so by the fact that IoT device manufacturers often ignore security protocols when building connected devices, likely in a bid to drive down production costs. As a result, large volumes of devices are shipped without basic security features baked into their design, leaving them exposed and susceptible to threats.

—Hardik Modi, Senior Director, Threat Intelligence