Gatewatcher 2018 Cybersecurity Report

Blog articles

Editorial

In the last months, financial services, health, public sectors but also industries, banks and energy sectors have been targeted by several cyberattacks. Attacks’ sophistication, severity and efficiency have significantly increased causing record data leaks and malware spreading worldwide. Another factor that needs to be taken into account is the evolution of attackers’ groups structures and the growing accessibility to turnkey tools, which simplify hackers’ work. In an increasingly digital and interconnected world, threats detection is a major and strategic issue.

Gatewatcher’s published innovative breach detection system Trackwatch® detects APTs and meets the French Military Planning Act.

Overview

We are publishing this report in order to review the past year and expose 2019 trends in cybersecurity.

We’ll come back to major cybersecurity events of 2018, both on technological and geopolitical aspects. Once again in 2018, hackers showed their abilities to reach unprecedented levels of sophistication and impact, to avoid security systems and exploit security breaches.

Drawing 2018 conclusions, we identified cybersecurity trends for 2019, with 2 main topics: threats evolution, artificial intelligence and machine learning.

2018 Review

This year attacks surged and the trend won’t be changing for the next years. Indeed, the benefit / risk balance appears to be favourable to hackers lately. For many years, the cyber threat was pretty confidential and synonymous with espionage, intelligence or data theft. With worldwide phenomena (WannaCry, NotPetya), cyberattacks are now becoming very concrete for the public and have destabilised the most powerful.

Did cyberspace become the new war zone of the 21st century? The answer to that question seems to be yes.) The USA even made cyberspace their fifth combat field (Cyber Command). This year again, the number of headlines about attacks between states, against companies or individuals has increased. Even if measures have been taken in France and worldwide (Cybersecurity Tech Accord, Paris Call for Trust and Security in Cyberspace…), the rhythm of attacks doesn’t slow down.

Amongst this year’s significant events, here are those we have selected:

  • Has crypto jacking became stronger than ransomware? 500 million of users worldwide were victims of crypto jacking in 2018. Crypto jacking is profitable, easy to set up and hardly detectable. The crypto currency boom has given ideas to hackers: to make money by using someone’s equipment (Coinhive, Cryptoloot, JSEcoin…). Adware (advertising software) and crypto jacking blur the limit between the legitimate use and cybercrime aimed to infiltrate infrastructures. As long as the breach has not been found, it continues to give the hacker a regular income flow.

  • SIM Swap is also a major technique. Login codes, 2FA code (two-factor authentication) or 2SV (two-step verification) recovery allow hackers to collect a lot of information on its victims. In July 2018, a man has been arrested in Los Angeles for hacking around 40 phone numbers and stealing more than $5 million.

  • Ransomware are still a major threat. More and more companies, especially in health sector, have been attacked. Ransomware is not dead, it’s evolving and is becoming sneakier.

  • Cybercriminals are turning to fileless attacks (Cactus Torch for example). The code is sent directly to the device RAM, while anti-virus software are mostly analysing mostly static files. The attack is extremely difficult to detect since no software is installed on the user’s computer. McAfee Labs noted that fileless cyberattacks increased by 432% compared to 2017.

  • Phishing continues to cause damages. Vade Secure developed this year the first edition of « Phishers’ Favorites » report. It gathers 25 most usurped brands by criminals to conduct phishing campaigns. For example, in the US, the top 5 brands are Microsoft, Netflix, PayPal, Bank of America and Chase.


We can also observe an evolution in cybercriminals groups structures: they’re using “As-A-Service” solutions, toolkits made available to attackers on the black market. This new operating mode makes attacks more open to isolated and not always experimented people.

One thing never changes: the human breach is hackers’ favourite! Indeed, the human factor is always unpredictable, despite powerful detection and protection solutions. More and more companies take this issue very seriously and awareness is raised through staff training. As proof, 62% of companies set up verification procedures of CISO recommendations application by employees (OpinionWay Report for CESIN).

Digital transformation brings lots of risks because it directly impacts the company vulnerability level. According to Statista, the most frequent cyber-attacks experienced by companies worldwide in 2017 were: malware (98%), phishing and social engineering (69%), botnets (63%), DDoS (43%) and ransomware (27%).

2019 Perspectives

Some trends are emerging for 2019. First, regarding threats evolution:

The most alarming trend is the surge of hybrid malware. Their functional abilities are reduced to the minimum to be able to slip through the cracks, but their viral load is extremely powerful and furtive at the same time. This sophistication will continue to grow, and to add itself to the cybercrime industrialisation and to the growing number of internet users and IoT development. Hence the number of potential entre points multiplying exponentially.

All you need to know about hybrid malware

You'll find all the keys to understand this new threat and detect it before it's too late in our white paper.



DOWNLOAD YOUR COPY


Another trend to watch is the targeting of attacks getting more and more precise. Initiated in 2018, it should become more and more common. Nowadays, most attackers are focused on qualified targeting (companies or individuals) to maximise their attacks efficiency, be more profitable and cause more damages.

Cyber-attacks on mobile devices and IoT will also be widely used. Indeed, it is no longer necessary to be a genius programmer to hack. As we have seen before, malware as toolkits are now available on the DarkWeb (Malware as a Service, Exploit kits…). Android malware are particularly accessible thanks to the AFE framework (Android Framework for Exploitation).

The democratisation and multiplication of connected objects at home or at work are creating new entries points for attackers. It allows to operate DDoS attacks. For example, Twitter, Amazon or AirBnB websites have been made inaccessible by Mirai malware. This malware was based on the botnet of hundreds of thousands security cameras. Securing IoT is a real stake for the year to come.

Routers will also become an attractive target. Considered as devices which only transmit packages, routers are not updated very often and that’s why they are more and more vulnerable. Even if they don’t represent most of the attacks and are less common than crypto jacking or phishing, cyberattacks on routers may become a real security trend, that’ll need to be watched.

Finally, let’s focus on artificial intelligence and machine learning, which have been buzzwords in cybersecurity during these last few months. Those technologies represent an added value, especially in threats detection. Artificial intelligence and machine learning make it possible to transcend limits related to signature solutions, which are the more and more impacted by their databases heaviness (IDS/IPS). The search for unusual activity with artificial intelligence is the best response against signatures lacks. But they do not replace current detection engines. Artificial intelligence and machine learning make it possible to analyse lots of behaviour, by integrating large amounts (many Gbps) and types of data (flows, metadata, logs…).

However, they must be considered in a global approach, with other detection engines. Indeed, artificial intelligence may also be the target of cyber-attacks. We should ask ourselves if AI is strong and protected enough, especially against adversarial attacks, which purpose is to fool AI by changing a tiny bit the information given to it. A lot of companies may be tempted to only use artificial intelligence for their security tools. But they have also to consider AI as a vulnerable technology. Its use must be combined with a real cybersecurity strategy.

Concerning the attacks created by AI, we see it as a marketing fantasy more than reality. We can find several articles about AI developed by researchers, which has succeeded to create malware. But automation and industrialisation of threats creation are not currently on the agenda, as the use of advanced script.

Conclusion

The trend all experts seem to agree on is the increase in the number of attacks but also the number of attackers. They have more and more tools to implement targeted and sophisticated exploitation methods at lower costs.

On the companies’ side, mind-sets are changing as cybersecurity is no longer considered as a cost but as a long-term investment.

It is important to dissociate cybersecurity means available. AI and machine learning brought real progress for targeted threats detection. But those technologies are still inadequate for a company wishing to implement a complete and efficient cybersecurity strategy.

In 2018 cybercriminals looked for profitability and mostly targeted companies. States also took a stand on the cyberspace protection, as Emmanuel Macron, the French President, showed in November with the Paris Call for Trust and Security in Cyberspace.

In 2019 companies, administrations and industries must mobilise more to have a proper arsenal to detect and protect themselves. Cybersecurity is and will stay a military issue, but also a geopolitical weapon in the months to come.

About Gatewatcher

Gatewatcher is the first publisher of a breach and Advanced Persistent Threats (APTs) detection solution. The team is composed of experts in security, network, system, encryption and machine learning. The project started in 2015 with Jacques de La Rivière, engineer, and Phillippe Gillet, security expert.

The product and company are now acknowledged by worldwide cybersecurity experts. Gatewatcher is trusted at government level and by companies in critical industries such as Energy, Banking and Transportation.

During the 2016 edition of the FIC (Forum International Cybersecurity), Gatewatcher was awarded the France Cybersecurity accreditation rewarding innovation in the cyber defence field. It’s also being certified by the ANSSI (French Cybersecurity Agency) and matches The Military Planning Act requirements.

Related Contents

This website uses cookies to ensure you get the best experience on our website. Learn more.