Two things can be expected from any field at the start of a new year. First, a look back at the events of the previous year. Second, a rather more risky look ahead at the year to come, complete with predictions and premonitions. This is true in the cyber security field as much as in any other.
Now, it should come as no surprise that predictions can prove to be wildly off the mark and thus should be taken with at least a few pinches of salt. For example, Ben Rafferty of Semafone singled out predictions of autonomous vehicle hacking and an increase in ransomware attacks as two for 2018 that had not come to pass. In addition, Rob Pegoraro wrote in The Parallax that the predicted ‘widespread hacking of high-end smart-home gadgets like Amazon’s Echo’ had not come to pass, nor had the prediction that ‘people will be injured or killed in 2018 due to a cyberattack/cyberterrorism’.
However, that does not mean that these exercises in fortune-telling are worthless. Some 2018 threats did come to pass, write Rafferty, such as ‘an increase in DDoS (Distributed Denial of Service) attacks of ever-increasing ferocity and duration on IoT devices’ and ‘that 2018 would be the year that governments across the world would start to view cyber-security as a consumer protection issue’.
So, what are some of the most popular predictions for 2019? Marcin Kleczynski lays out a few predictions in an opinion piece in SC Magazine. Kleczynski suggests a continuation of 2018’s rise in IoT-powered DDoS attacks, citing the Mirai botnet attack of 2016—thusfar ‘the largest DoS attack ever seen’—as an example of what we may be seeing more of in the year to come.
He also suggests that we will see more malware spreading via the EternalBlue vulnerability, as the WannaCry and NotPetya ransomwares did in 2017. This one seems to have already come true, with a Carbon Black analysis of the recently-discovered Crypt0r strain of ransomware released in early January confirming that it used this same vulnerability to propagate.
Meanwhile, BAE Systems’ Adrian Nish cites ‘a record number of cyber heists in 2018’ to predict that 2019 will see a further rise in such financial cyber crime, although with a shift in focus from targeting international interbank payment systems to ‘targeting systems that allow real-time settlement of funds’.
Bravely, Nish also predicts that 2019 may ‘be the year that turns the tide on the scourge of passwords’ as tech. firms begin to introduce alternative means of user authentication, which will be favoured for making the logging-in process smoother. Whilst this would certainly be a welcome development, one would be forgiven for having doubts—Bill Gates predicted the same back in 2004, and passwords have remained resilient to all attempts to finally slay them since.