Booz Allen Hamilton, a cyber-consulting firm, provides an overarching analysis for cybersecurity threats in 2018 and predicts different areas of growth in cybercrime for 2019. As technology grows so do the threats of cyber criminals.
The Private Sector is an Ever Growing Target of Malicious State Actors
Protecting private business information is critical to a country’s economy. When sensitive data is leaked, information warfare generally takes place. North Korean hackers leaked Sony’s film, The Interview, thus exposing embarrassing company conflicts impacting their bottom line. Robots propagating fake information on social media creates a new attack vector. An independent think tank estimated thirty governments sponsored fake news campaigns in 2017. Now, Booze Allen expects Iran to target US companies in 2019 in response to sanctions.
Internet of Things (IoT) Increases Hackers Targetable Landscape: Especially Enemy State Actors
When rushing to make smart IoT devices, security may be overlooked. Similar design makes thousands of appliances vulnerable to the same attack. Hackers use IoT devices for obscurity and data collection. This allows for state actors to spy on other countries and hide their presence through the multiple layers provided by thousands of insecure devices interconnected online. In 2014 Russia spread IoT data collecting malware on the world wide web.
Insert Chip and Execute Existing Malware
While using a chip reader over a magnetic strip is more secure, hackers have already demonstrated malware execution on Point of Sales, ATMs, and other kiosks through USBs and separate maliciously designed chips. Near Field Communication is as exploitable as magnetic strips. The solution is hardware designed with security in mind.
Adware: Once Ignored is Now Threatening Attack Vector
Hackers have designed adware, once a nuisance ignored by antivirus software, which compromises network security.
Your Eyes and Ears Will Be Tricked by AI ‘Deep Fakes’ – Machine Learned Generated Video
Free software exists that creates a falsified video of actors with distorted meaning. In the age of information warfare, this technique will only grow in prevalence. Companies will need to combat the threat, but it comes at a cost that some are not willing to spend. Public officials will have to fight this means of malicious misquotation. Solution: signed digital media.
If Wireless Therefore Attackable
Wireless communication ubiquity is dangerous as this technology creates an ever-expanding attack surface for hackers. Experts have demonstrated that anyone with expertise and easily purchased equipment can attack Bluetooth, Wi-Fi, and nonstandard radio communication. Experts have shown that civil, medical, and most other devices within our daily communication infrastructure are vulnerable to well-designed attacks. Hackers could attack by spreading false alarms.
State Sponsored Hackers Increase Anonymity by Duplicity
The United States and its allies attempt to name state-sponsored hackers to shame rogue countries publicly. However, state actors have done better at hiding their traces during attacks. If attribution of the attack is doubtful, consequences cannot be meted out by other allied countries. State actors have started borrowing other states’ hacking tools to confuse victim governments. Confirmation bias within the cybersecurity community makes it difficult to figure out who hacked whom. Without knowing who hacked whom, forecasting and modeling threats become increasingly difficult.
State Actors Attack Water Utility Infrastructure Directly Impacting Supply
Water utility companies are steadily being consolidated across the United States so that companies can better staff plants and prepare cybersecurity measures to prevent nation-state attacks. Specifically, Russia attacked Ukraine’s facility that controls chlorine to water and sewage facilities. The chlorine facility was shut down for two weeks to repair the issue, thus drawing significant concern from the public. The FBI has shown that Russia has attacked water processing facilities in the United States and that Iran has attacked the infrastructure of a dam in Connecticut. Booz Allen does not predict major attacks on the United States but instead between countries such as Iran and Saudi Arabia where water is scarce.
Booz Allen recommends that companies focus on security culture, mindset, and leadership instead of compliance. While threats are uncertain, the past has shown state-sponsored attacks will only grow as technology does. Therefore, the United States should modernize with the industry to defend against cybersecurity threats.