Virtualization Technology News and Information
NSFOCUS 2019 Predictions: Email Attachments, IoT, and Cryptominers to be Security Pain Points in 2019

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual series exclusive.

Contributed by Guy Rosefelt, Director of Product management for Threat Intelligence & Web Security at NSFOCUS

Email Attachments, IoT, and Cryptominers to be Security Pain Points in 2019

It's no surprise that 2018 continued to bring an increase in fraud attacks and data security breaches, including those of Facebook and now Marriott. In the past two years, the average number of overall daily searches for keywords such as "personal information disclosure" and "hacker" have been fluctuating at a very high level. This indicates that cybersecurity and information security are no longer just a technical issue, but one that affects people's livelihood.

With the general public's focus shifting towards cyber security at an increasing rate, the onus is on security vendors to make their customers feel safe and secure moving forward into 2019 by being aware of what has passed, and what is to come. In 2019, we can expect to see the following emergences in security technology and trends:

IoT Will Be a Pain Point for DDoS Attacks

As IoT innovation continues to blossom, more and more IoT devices will continue to get involved in DDoS attacks in 2019. Routers and cameras are the major types of IoT devices involved in DDoS attacks, with routers making up 69.7% of IoT devices exploited to launch DDoS attacks, and 24.7% of cameras in 2017. This is because a great number of routers and web cameras have been introduced into production and living environments, with no sufficient security measures enforced. We have every reason to believe that attacks leveraging the IoT will become more diverse in the future.

Malicious Email Attacks are On the Rise

In recent years, malicious emails have become an important infection path for various malicious codes. Malicious mails use social engineering methods to trick users into opening a malicious attachment file or clicking a malicious website link, in a bid to infect the users with various viruses (such as encrypted ransomware or trojan software), thereby causing direct economic losses. In addition, malicious mail-based attacks against enterprises have become quite common and can bring great profits. Some attackers directly trick users into disclosing key information or performing transfer operations, resulting in serious economic losses. According to the statistics, Business Email Compromise (BEC) attacks have caused greater economic losses even than ransomware. We should expect to see this trajectory continue into 2019.

Expect Cryptominers to Spread

Various malicious cryptominers, represented by WannaMine, have started to be spread extensively - since the end of March, the number of cryptomining activities has risen sharply compared to the beginning of the year. In 2019, we should expect cryptominers to continue their trajectory of becoming increasingly active as they did in 2018. Among all cryptominers, WannaMine was the most active in 2017, responsible for more than 70% of all detected cryptomining activities. This virus was first detected at the beginning of 2018 by CrowdStrike and was named so because it is spread via the EternalBlue vulnerability like the notorious WannaCry.

WAF Adoption Will Move Ahead of Projections

Gartner predicted in 2016 that "by year-end 2020, more than 70% of public web applications protected by a web application firewall (WAF) will use WAFs delivered as a cloud service or internet-hosted virtual appliance...".  Based on NSFOCUS customer requirements seen to date, this might occur by the end of 2019, a year early.  New cloud security vendors will arrive offering an array of cloud security services to try and differentiate from the pack.  Smaller local and regional providers will also offer cloud security services to better support their customers than the more global players.

By familiarizing themselves with these trends and emerging threats, security vendors can better anticipate the needs of their customers and provide them with a better sense of security in the new year.


About the Author


Guy Rosefelt is the Director of Product management for Threat Intelligence & Web Security at NSFOCUS. Prior to this position, Guy began his over twenty years of experience in application and web security with ten years with the U.S. Air Force, five of which as a captain. Guy then moved on to his next chapter with a position as a Sales Engineer at Raptor Systems before he worked his way up the ladder at several SEIM and WAF companies, including big name brands such as Symantec and Citrix. During his two decades in the industry, Guy was a part of several big name acquisitions, including those of Axent Technologies, Novell, Intellitactics and Teros.

In his current position at NSFOCUS, Guy is passionate about his work to develop and promote Web Security and NTI strategy and offerings.

Published Wednesday, December 12, 2018 7:10 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2018>