Last year there were many cybersecurity disasters from the disclosure of security failures in billions of microchips to massive data leaks, attacks with malicious ransomware software that blocks computer systems until the victim pays a ransom, usually with an untraceable cryptocurrency.
But the worst thing is that 2019 will bring us more megaviolations of privacy and ransomware attacks. A main priority for cybersecurity teams will be to develop strategies to deal with these and other known risks, such as threats to consumer devices connected to the Internet (IoT) and to critical infrastructures such as those of electrical networks and transport systems. But cyber defenders should also pay attention to new threats. Here we highlight some that should appear on watch lists:
1 False videos and audios created with AI
Thanks to advances in artificial intelligence (AI), it is already possible to create false audio and video messages that are incredibly difficult to distinguish from real ones. These deepfakes could be an advantage for hackers in various ways. Phishing emails created using AI that aim to trick people into handing over their passwords and other sensitive data have already proven to be more effective than human-generated tricks. Now hackers can also count on very realistic fake videos and audio, either to reinforce the instructions in a phishing email or as an independent tactic.
Cybercriminals could also use technology to manipulate stock prices, for example, by posting a fake video of a CEO announcing that his company is facing a financing problem or some other crisis. There is also a danger that deepfake videos will be used to spread false news in elections and to fan geopolitical tensions.
Before, such tactics would have required the resources of a large film studio, but now anyone with a decent computer and a powerful graphics card could carry them out. Several start-ups are developing technologies to detect deepfake, but it is not clear to what extent they will be effective. Meanwhile, the only real line of defense is safety training to sensitize people about this risk.
2 Contaminate defensive AI systems
Cyber security companies have been quick to adopt artificial intelligence systems to help anticipate and detect cyber attacks. However, more sophisticated hackers could contaminate these defenses. The CEO of the security company Endgame, Nate Fickpero, says: "Artificial intelligence can help us analyze the signals of noise", but warns that "in the hands of the wrong people" will also generate the most sophisticated attacks.
The antagonistic gene networks, or GAN, that confront two neural networks among themselves, allow us to guess which algorithms the defenders use in their AI models. Another risk is that hackers can identify the data sets used to train the models to contaminate them; for example, changing the labels of malicious code samples to indicate that they are safe and not suspicious.
3 Hack smart contracts
Smart contracts are software programs stored in a chain of blocks that automatically execute some type of exchange of digital assets when the conditions codified in them are fulfilled. Entrepreneurs are starting to use them for everything: from money transfers to the protection of intellectual property. But its development is still beginning, and researchers are finding errors in some of them. Also the hackers, who have already taken advantage of such failures to steal millions of euros in cryptocurrencies.
The fundamental problem is that blockchain was designed to be transparent. Maintaining the privacy of data associated with smart contracts is, therefore, a challenge. "The professor at the University of California at Berkeley (USA), Dawn Song, who is also CEO of Oasis Labs, a start-up that is working on ways to achieve this through special hardware, states:" We need to incorporate technologies to preserve privacy on platforms [of smart contracts]. "
4 Break encryption with quantum computers
Cybersecurity experts predict that quantum computers, which use the exotic phenomena of quantum physics to produce exponential increases in processing power, could decipher the cryptographic systems that currently help protect everything: from electronic commerce transactions to records doctors
Quantum machines are still in their infancy, and it could be a few years before they become a serious threat. But products like cars whose software can be upgraded remotely will continue to be used within a decade or more from now on. In the long run, the encryption they currently incorporate could become vulnerable to a quantum attack. The same applies to the code used to protect confidential data, such as financial records, which must be stored for many years.
A recent report by a group of US quantum experts UU recommends organizations to start adopting new types of encryption algorithms that can withstand a quantum attack. And some government organizations such as the US National Institute of Standards and Technology. UU they are working on the regulations for post-quantum cryptography to facilitate this process.
5 Attack from the cloud
Companies that host data from other companies on their servers, or manage their clients' computer systems remotely, become very tempting targets for hackers. By violating the systems of these companies, they can also access those of the customers. Large cloud companies like Amazon and Google can afford to invest heavily in cybersecurity and offer salaries that attract some of the best talent in the industry. Although that does not make them immune to a leak, it increases the chances of hackers targeting smaller businesses.
This is already happening. The US Government UU He recently accused Chinese hackers of infiltrating the systems of a company that managed the computer technologies of other companies. Through this access, hackers were allegedly able to access the computers of 45 companies around the world, in different industries from aviation to oil and gas exploration.
Nicknamed "Cloudhopper" by security experts, this attack is just the tip of what will be a fast-growing iceberg. The founder of rain capital cybersecurity firm, Chenxi Wang, says that "we will see hackers turning their attention from desktop malware to data center malware" which offers significant economies of scale.
Some of the other risks mentioned may seem less pressing than this. But when it comes to cybersecurity, the companies best prepared with
Date update on 2019-01-24. Date published on 2019-01-24. Category: windows Author: Oscar olg Fuente: invdes