Online security predictions for 2019

The breach of the personal accounts of Marriott International Hotel customers, as well as the data breach of Question & Answer site Quora, has meant that 2018 really will end on a sour note as far as cybersecurity is concerned.

Some say that as many as 34% of US consumers experienced a compromise of their personal information over the last year. And when you consider (according to Gemalto) that a majority of consumers are willing to walk away from businesses entirely if they suffer a data breach, then online businesses need to get ship shape in 2019.

So what exactly does 2019 hold in store? How big are the data breaches going to be? What new threats can we expect to see?

Cryptojacking

The growth spurt of cryptocurrencies opened the door to new, highly valuable exploits. Cryptojacking has for long been one of the most notorious forms of attacks. Such attacks consist of gaining unauthorised access to users’ computers and using their processing power to mine cryptocurrency, which becomes attackers’ property.

It seems common consensus that crypto miners are still in early growth phase. In 2019, we can expect to see new, diverse crypto miners, especially if the “bear market” ends. The technology is very easy to set up — complete cryptojacking “kits” are found for sale on the dark web for little over £20 — and the profits can be immense, given the ease of exploiting websites’ security vulnerabilities.

Cyber security predictions for 2018

Mike McKee, CEO of insider threat management company ObserveIT has outlined his predictions regarding cyber security in 2018. Read here

Cryptocurrencies: Ripe for the picking?

The cryptocurrency fever generated an unprecedented volume of transactions over a short time. At their peak, crypto exchanges reached a daily trading volume of £52b (January 4th, 2018, according to CoinMarketCap data). Major exchanges such as Binance and Coinbase were trading £170b and £35b respectively in Q1 2018.

Supply Chain Attacks have been successful in targeting crypto exchanges. In November 2018, StatCounter, a popular analytics service, suffered an attack where hackers injected malicious JavaScript code into the StatCounter tool. Since this tool was being directly loaded by 2 million websites, all of them started serving the malicious code to visitors. The code was able to check if a website user was in a crypto exchange and, that being the case, it sent Bitcoin transactions to hacker-controlled wallets. At least one exchange was found to be affected by the hack, Gate.io, while the hack’s outcome remains unknown.

While the trading volume of crypto exchanges has been decreasing in 2018, recent estimates point to 50% growth in crypto trading volume for 2019. All past attacks show that any point of weakness in crypto exchanges’ security systems can result in massive losses. With these exchanges becoming high-profile targets, it’s highly likely that we will see a surge in attacks targeting them in 2019 as hackers look to reap huge rewards.

10 cyber security trends to look out for in 2018

What cyber security trends and issues can the world expect in 2018: more stringent regulation, creations of new roles? Read here

Are browser extensions the enemy?

Google tells us that, over the last few years, 1 out of 10 submitted Chrome extensions were malware, despite their efforts to filter them. We have seen cases where hackers manage to publish malicious extensions directly to extension stores, and others where hackers gain control over a legitimate extension with thousands of users, which then becomes compromised and used as an attack vector.

More than a billion people use Google Chrome nowadays and half of them are using extensions to customise their browsing experience. This ubiquity has opened the door to malware, spyware, cryptojacking and other malicious extensions.

It’s likely that in 2019, using extensions as an attack vector will become a common way to target millions of users at once. Security researchers at Jscrambler have prototyped how credit card skimming attacks can evolve to use a browser extension and steal credit card data on every website that its users visit. The same team of researchers has also warned about a likely new generation Man-in-the-Browser using Chrome extensions.

A CTO guide: Standout technology predictions in cyber security

In this guide, four CTOs provide their standout technology predictions for the cyber security space, with insights on how to keep up. Read here

A new generation of MiTB attacks

Man-in-the-Browser (MiTB) attacks have been around as early as 2007, with the infamous ZeuS trojan which claimed up to $100m in damages. These attacks are able to sniff and modify transactions while they’re happening in the browser, all without the end-user’s knowledge. By doing so, they successfully steal credentials and are able to steal funds from infected users’ accounts. In 2011, the source code of the ZeuS Trojan was released and prompted the rise of several new, sophisticated Trojans. Since then, MiTB attacks have grown stronger and capable of bypassing mainstream security measures, namely by stripping security headers.

2019 will in all likeliness be a year of new approaches to MiTB attacks, as hackers exploit known client-side vulnerabilities. Security researchers have warned of the danger of an upcoming new generation of MiTB attacks that exploit the weakest links of websites’ client-side, such as using browser extensions to gain full control to read and modify web pages.

Written by Pedro Fortuna, CTO and founder of Jscrambler
Written by Pedro Fortuna, CTO and founder of Jscrambler

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...