.JPG)
“Mapping the Future: Addressing Pervasive and Persistent Threats” report – by Trend Micro – projects the top cyber threats for this year
Risk to corporate networks with the use of home devices (BYOD), extortion by cybercriminals based on the fine amount of the European Union General Data Protection Regulation (GDPR) and risks to industrial control systems, critical infrastructure, automation and against infrastructure of cloud. These are some points of attention for companies and governments regarding cybersecurity in 2019, according to the report “Mapping the Future: Dealing with Pervasive and Persistent Threats”, by Trend Micro, based on the development of emerging technologies, user behavior, market trends and their impact on threat scenarios.
According to the study, companies will be targeted by the well-known Business Email Compromise – BEC – scam, in which, via email, attackers impersonate company executives and request sensitive company data. or the payment of false bank slips. In addition, remote work practices, in which employees access the corporate network through their home devices, and BYOD-type movements. bring your own device – should bring breaches to the internal networks of several companies.
“Home devices often don't have all the security features needed to prevent an attacker from accessing information. When these devices, easily accessible to cybercriminals, communicate directly with a corporate network, it can serve as a red carpet for the entry of threats that compromise company information”, explains Franzvitor Fiorim, technical director of Trend Micro in Brazil.
Cloud platforms should also be given extra attention this year, as misconfigured security settings while migrating to the cloud will result in more data breaches. “We currently see several companies investing in cloud platforms, but beyond testing and operational concerns, the security of these environments must come first during these platform transitions,” says Fiorim.
Also according to the report, another trend for 2019 when it comes to cloud is cryptocurrency mining. Cybercriminals will try to hijack cloud accounts to mine or maintain control through other alternatives. “The cryptojacking cases discovered in cloud environments in 2018 are a sign of a growing trend and not just any attempt by attackers, but a path to be explored further in 2019”, says the director.
Industry
Automation within the industrial environment will be another attraction for attackers. Business Process Compromise (BPC) – in which specific business processes are silently altered to generate profit for attackers – will be an ongoing risk to companies. Furthermore, bugs in human-machine interfaces (HMI) will continue to be the primary source of vulnerabilities in industrial control systems.
General Data Protection Regulation of the European Union
In 2018, the European Union put into effect the GDPR (General Data Protection Regulation). Since then, EU regulators have yet to exercise their new powers. However, they will very soon give an example with a large non-compliant company, fining it 4% of its global annual turnover, as prescribed by law.
Precisely for this reason, cyber scammers will use as a basis for extorting acquired data the maximum fine for non-compliance with the GDPR as a guideline or ceiling for the demanded ransom, in the hope that panicked companies would rather pay the ransom than disclose the breach. There will also be some instances of extortion in the corporate landscape in the form of online smear campaigns against brands. In such cases, criminals will demand ransom to stop spreading fake news that harms targeted brands.
elections and governments
Thus, as seen in Brazil in 2018, the spread of fake news related to elections is one of the points of attention, according to Trend. Greece, Poland and India are some of the countries that will have their elections this year and, despite the improvements that social media have made to combat fake news, the research points out that these actions will not be enough to keep up with the pace of dissemination of this fake news.
Not only that, smaller countries will also have to worry about their critical infrastructure, as countries that are learning and exercising their cyber capabilities will conduct attacks on these infrastructures. These attacks will focus on industrial control systems (ICSs) for water, electricity, or manufacturing, depending on the intent or opportunity of the perpetrator. The motivations, on the other hand, range from obtaining political or military advantages, or to test capabilities against countries that do not yet have the ability to retaliate.
On here the full study – Mapping the Future: Dealing with Pervasive and Persistent Threats.
According to the study, companies will be targeted by the well-known Business Email Compromise – BEC – scam, in which, via email, attackers impersonate company executives and request sensitive company data. or the payment of false bank slips. In addition, remote work practices, in which employees access the corporate network through their home devices, and BYOD-type movements. bring your own device – should bring breaches to the internal networks of several companies.
“Home devices often don't have all the security features needed to prevent an attacker from accessing information. When these devices, easily accessible to cybercriminals, communicate directly with a corporate network, it can serve as a red carpet for the entry of threats that compromise company information”, explains Franzvitor Fiorim, technical director of Trend Micro in Brazil.
Cloud platforms should also be given extra attention this year, as misconfigured security settings while migrating to the cloud will result in more data breaches. “We currently see several companies investing in cloud platforms, but beyond testing and operational concerns, the security of these environments must come first during these platform transitions,” says Fiorim.
Also according to the report, another trend for 2019 when it comes to cloud is cryptocurrency mining. Cybercriminals will try to hijack cloud accounts to mine or maintain control through other alternatives. “The cryptojacking cases discovered in cloud environments in 2018 are a sign of a growing trend and not just any attempt by attackers, but a path to be explored further in 2019”, says the director.
Industry
Automation within the industrial environment will be another attraction for attackers. Business Process Compromise (BPC) – in which specific business processes are silently altered to generate profit for attackers – will be an ongoing risk to companies. Furthermore, bugs in human-machine interfaces (HMI) will continue to be the primary source of vulnerabilities in industrial control systems.
General Data Protection Regulation of the European Union
In 2018, the European Union put into effect the GDPR (General Data Protection Regulation). Since then, EU regulators have yet to exercise their new powers. However, they will very soon give an example with a large non-compliant company, fining it 4% of its global annual turnover, as prescribed by law.
Precisely for this reason, cyber scammers will use as a basis for extorting acquired data the maximum fine for non-compliance with the GDPR as a guideline or ceiling for the demanded ransom, in the hope that panicked companies would rather pay the ransom than disclose the breach. There will also be some instances of extortion in the corporate landscape in the form of online smear campaigns against brands. In such cases, criminals will demand ransom to stop spreading fake news that harms targeted brands.
elections and governments
Thus, as seen in Brazil in 2018, the spread of fake news related to elections is one of the points of attention, according to Trend. Greece, Poland and India are some of the countries that will have their elections this year and, despite the improvements that social media have made to combat fake news, the research points out that these actions will not be enough to keep up with the pace of dissemination of this fake news.
Not only that, smaller countries will also have to worry about their critical infrastructure, as countries that are learning and exercising their cyber capabilities will conduct attacks on these infrastructures. These attacks will focus on industrial control systems (ICSs) for water, electricity, or manufacturing, depending on the intent or opportunity of the perpetrator. The motivations, on the other hand, range from obtaining political or military advantages, or to test capabilities against countries that do not yet have the ability to retaliate.
On here the full study – Mapping the Future: Dealing with Pervasive and Persistent Threats.
EN 
PT 
