FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
There may still be nearly seven weeks left in 2018, but security leaders are already looking ahead to the new year. Enterprise concerns, from cloud attacks to nation-states, are already piling high.
This year, on track to be the worst-ever for data breaches, has already proved exhaustive for the infosec community. From Jan. 1 to Sept. 30, a total of 3,676 breaches were reported, involving over 3.6 billion records – the second-most number of reported breaches in a year.
The threats ahead are numerous, according to a new report entitled "Facing Forward: Cyber Security in 2019 and Beyond." The report was compiled by FireEye CEO Kevin Mandia, chief security officer Steve Booth, vice president of global intelligence Sandra Joyce, and numerous analysts and strategists.
What's top of mind for senior leaders? Nations building offensive capabilities, breaches continuing due to lack of attrition and accountability, the widening skills gap, lack of resources (particularly for SMBs), holes in the supply chain, cloud attacks, social engineering, and cyber espionage, cybercrime, and other threats targeting the aviation sector.
FireEye's Threat Intelligence, Mandiant, and Labs teams, which have a close eye on the frontlines, are particularly worried about how Chinese cyber espionage is restructuring, the increase in Iranian activity targeting the US, attackers using publicly available malware, the increase of business email compromise, abuse of legitimate services for command-and-control, and e-commerce and online banking portals being caught in the crosshairs of cyberthreats.
China Is Changing and Other Nation-State Threats
Ben Read, senior manager of cyber espionage analysis at FireEye, says he has noticed the threat from China evolve throughout this year. It's no longer "smashing and grabbing" intellectual property, he says. Attackers' actions are far subtler – and more nefarious.
"They're doing a lot, going after people's data after it goes outside their premises," he explains. Organizations including law and investment firms, which have troves of client data, are prime targets.
FireEye's threat intelligence team has noticed Chinese cyber espionage restructure and believes this will drive the growth of its activity through, and beyond, 2020. Changes have been gradual and driven by high-profile events: the Obama-Xi agreement shifting Chinese cyber espionage away from intellectual property (IP) theft, the People's Liberation Army bringing cyber functions under a Strategic Support Force (SSF), and China beginning projects for its 13th Five-Year Plan.
Analysts believe 2019 will bring an increase in state-sponsored and financially driven supply chain attacks. APT10, "a Chinese espionage group," is focused on hitting the supply chain of major US companies to steal business data and improve targeted technology theft by "non-cyber means" to avoid violating the Xi-Obama Agreement, which prohibits cybertheft of IP.
"The supply chain is so global and so integrated … it's more a problem in the software supply chain," Read adds. Auto updates are good for deploying patches but "also a very attractive vector to get into lots of victim computers." NotPetya and CCleaner are key examples. Software supply chain attacks could involve integrating backdoors into legitimate software or using stolen certificates to sign malicious files and bypass detection.
"The change in China is something we've seen over a number of years," Read says. "China wants to be a respectable place to do business on the world stage. That's something you can't be if you're very noisily stealing stuff."
Other nation-state threats he's watching include Iran and North Korea. Both are in "delicate situations," he says. Analysts anticipate Iranian cyber activity against the United States is likely to increase after the US exit from the Joint Comprehensive Plan of Action (JCPOA). North Korea, which is keeping up its standard activities – stealing money, spying on South Korea – is taking an interest in Japan ahead of the 2020 Olympics in Tokyo.