FireEye expects more political cyberattacks in 2019
Politically motivate attacks, threats to CNI and airlines on the cards for 2019, says FireEye
FireEye is predicting more politically-motivated cyberattacks, attacks on airlines and critical infrastructure and more social media manipulation for political purposes in 2019.
The security company has released its security predictions for next year - Facing Forward: Cyber Security in 2019 and Beyond, which outline five key findings.
In the last half of 2018, FireEye announced an extensive network of information operations - presumed to be driven by the political interest of Iran - that involved social media. FireEye predicts that social media will continue to be the leading platform to produce information operations driven by foreign countries with a strategic interest in a particular state or a region. The mission could either be to promote a particular political party that might be friendlier towards specific foreign policies, or to drive a political narrative, causing conflict within the country.
FireEye experts suspect that initially Iranian-nexus actors will resume probing critical infrastructure networks in preparation for potential operations in the future. Organisations and asset operators across all critical infrastructure sectors in the US should be prepared to defend against Iranian threat groups that have demonstrated a focus on disruptive and destructive attacks.
The company also said that it has seen attacks on airlines and third-party ticket sellers, to steal illicit tickets could be resold for profit on the dark web. While these attacks have been going on for years, FireEye believes personal customer data held by airlines will attract cybercriminals for other frauds, and that ransomware attacks on airlines will increase.
In 2019, FireEye experts expect to see an uptick in threats towards critical infrastructure. Because many of these environments do not have a unified security strategy between information technology and operational technology, FireEye could potentially see a cyber-attack causing disruption or destruction within critical infrastructure elements. Attackers will also continue trying to interfere directly with operational technology networks to disturb business or ask for ransom for geopolitical reasons as well as to demonstrate their capabilities. Due to its diversity and the number of plants deployed over the continent, Europe will be a target of these attacks in 2019. FireEye could see threat actors on very old platforms where security and forensics are difficult to manage.
The company also said that while technologies such as AI and blockchain are being promoted as solutions to the shortcomings of cyber defences, attackers are also looking to new technologies. FireEye experts have seen a steady increase in cyber criminals adopting cloud-based infrastructure to carry out sophisticated attacks. In 2019 and beyond, the company said that it expects to see the use of emerging technologies such as blockchain and AI to obfuscate attacks.
Also, with the increase in the number of AI-based cyber security products deployed in organisations, and security vendors innovating to bring new AI-based security products to the market, attackers will begin adapting their behavior accordingly. Next year FireEye expects to see use of new techniques to evade AI-based solutions, including threats that blend in with normal traffic and threats that provide misleading data to challenge and disrupt machine learning models.
"2018 was a challenge year and we don't expect it to get any easier in 2019. Further, Iranian attackers will continue to improve capabilities, even as we see new, less capable groups emerge supporting Iranian government goals. This will continue the trend of growth in both sophistication and volume of attacks by groups that we believe are linked to Iran," said Mohammed Abukhater, Vice President, MEA, FireEye.
"Earlier this year, H. H. Sheikh Mohammed bin Rashid, Vice President and Prime Minister of the UAE and Ruler of Dubai launched the Dubai Cyber Security Strategy, an initiative that aims to help businesses and individuals to create a safe cyber space, making Dubai's cyber security experience a global model."