Social media major catalyst for cyberattacks in 2019: FireEye
FireEye 2019 security predictions report, ‘Facing Forward: Cyber Security in 2019 and Beyond’, identifies numerous groups driven by the political interest of Iran
Social media will increasingly be used by state actors across the region to spread misinformation next year, FireEye experts predict.
In its 2019 security predictions report, ‘Facing Forward: Cyber Security in 2019 and Beyond’, the cybersecurity firm said it has identified, in the last half of 2018, an extensive network of information operations – presumed to be driven by the political interest of Iran – that involved social media.
With the upcoming elections across EMEA in 2019, FireEye predicts that social media will continue to be the leading platform to produce information operations driven by foreign countries with a strategic interest in a particular state or a region. The mission could either be to promote a particular political party that might be friendlier towards specific foreign policies, or to drive a political narrative, causing conflict within the country.
Other key findings from the report include the likelihood of an increase in Iranian cyber threat activity against US entities following America’s exit from JCPOA. These activities may include disruptive or destructive attacks, FireEye experts warn. Initially, Iranian-nexus actors will resume probing critical infrastructure networks in preparation for potential operations in the future. Organisations and asset operators across all critical infrastructure sectors in the U.S. should be prepared to defend against Iranian threat groups that have demonstrated a focus on disruptive and destructive attacks.
2019 may also see increased attacks on airlines and airports, the report says. For years, FireEye has seen airlines and third-party ticket sellers exploited so that illicit tickets could be resold for a profit on the dark web. Because airlines are trusted by their customers with a wide variety of sensitive personal data, they are also frequently targeted by cybercriminals looking to gather data to enable other types of fraud. In the last two years, FireEye devices have detected a sharp increase in the use of ransomware to temporarily disable airline ticketing and support operations. Air travel is a time-sensitive business, and cybercriminals know that they can extort quick payment from airlines that are unable to move passengers until their systems are decrypted.
In 2019, FireEye experts also expect to see an uptick in threats towards critical infrastructure. Because many of these environments do not have a unified security strategy between information technology and operational technology, FireEye could potentially see a cyber-attack causing disruption or destruction within critical infrastructure elements. Attackers will also continue trying to interfere directly with operational technology networks to disturb business or ask for ransom for geopolitical reasons as well as to demonstrate their capabilities. Due to its diversity and the number of plants deployed over the continent, Europe will be a target of these attacks in 2019. FireEye could see threat actors on very old platforms where security and forensics are difficult to manage.
Cybercriminals will increasingly employ emerging technologies to evade detection, FireEye says: As discussed in last year’s FireEye security predictions report, FireEye experts have seen a steady increase in cyber criminals adopting cloud-based infrastructure to carry out sophisticated attacks. That was true throughout 2018, and in 2019 and beyond, we can expect to see the use of emerging technologies such as blockchain and AI to obfuscate attacks. Also, with the increase in the number of AI-based cybersecurity products deployed in organisations, and security vendors innovating to bring new AI-based security products to the market, attackers will begin adapting their behaviour accordingly. The researchers also expect to see the use of new techniques to evade AI-based solutions, including threats that blend in with normal traffic and threats that provide misleading data to challenge and disrupt machine learning models.
“2018 was a challenging year and we don’t expect it to get any easier in 2019. Further, Iranian attackers will continue to improve capabilities, even as we see new, less capable groups emerge supporting Iranian government goals. This will continue the trend of growth in both sophistication and volume of attacks by groups that we believe are linked to Iran,” said Mohammed Abukhater, vice president, MEA, FireEye.