2018 saw a glut of cybersecurity disasters at some of the highest levels of industry and government. From the ~$10 billion NotPetya debacle to Marriott’s 500-million-guest-record theft (which actually started in 2014 and lasted 4 full years, to be fair), it was a banner year for digital criminals. This dangerous environment has cybersecurity as a top item on a lot of CEO to-do lists for 2019, so we thought for our first post of the new year, we’d outline 4 threats we see as particularly worthwhile to watch out for.
(And for our next post, we’ll give you some new year’s cybersecurity resolutions to help combat them).
1) Deepfakes go beyond adult entertainment for hacking purposes
Deepfakes refer to a line of A.I.-enabled technologies allowing individuals or groups to alter video or audio by superimposing faces or voices on other video, or making characters do or say things they didn’t actually do or say. We’ve seen examples where Key & Peele deepfaked President Obama making a speech, which is fun/generally harmless, but you can see why this ability could be misused in disturbing ways.
One of the most high-profile and better-known versions of this is entities superimposing celebrity faces on adult films, which is horrifying to be sure. But, the tactic is the same for presidents or CEOs doing or saying something that could manipulate stock prices or throw chaos into the geopolitical scene. And hackers are already weaponizing it:
AI-generated “phishing” e-mails that aim to trick people into handing over passwords and other sensitive data have already been shown to be more effective than ones generated by humans. Now hackers will be able to throw highly realistic fake video and audio into the mix, either to reinforce instructions in a phishing e-mail or as a standalone tactic.
2) AI-based defenses get hacked by AI tools
A lot of the top cybersecurity defense firms have started to implement AI into their security offerings. AI can help detect intruders as well as secure the system itself. But, for every advance in cybersecurity AI gives us, hackers will be trying to take that advantage away using AI too.
Nvidia has already put adversarial AI networks to use (called GANs for Generative Adversarial Networks) by having one neural network attempt to mimic something real in its generated output while the other neural network spots the fake. The generator gets better and better at faking what it’s generating as the other network points out each output’s flaws. Eventually, the generator can fool the guesser (in theory, at least).
GANs like this can be used to guess what types of defenses different systems are using as well as help guess how to most easily bypass it.
What AI giveth, AI can taketh away.
3) Hackers come for the blockchain’s darling — smart contracts
At the core of what blockchain and cryptocurrency promise everyday people is the streamlining of annoying processes through the use of smart contracts (like, instead of having to pay a lot of money to ‘close’ on a house, a smart contract could execute the sale and transfer all the relevant deeds of ownership and paperwork automatically if the right prerequisite conditions are met). The better these smart contracts get at doing these jobs, the juicier a target they become for hackers.
The problem is that the blockchain by its nature is designed to be transparent and radically open, whereas individuals and businesses might not want all that data on display for everyone. And what’s more, hackers have already stolen loads of cryptocurrency from these smart contracts before (because they weren’t set up correctly, but still). So, baking in privacy preservation methods while securing the larger security environment will be a huge challenge in 2019.
4) Attacks raining down from the cloud
It’s no secret that more and more companies have moved significant portions of their operations to the cloud. But, one problem that comes from that is that hackers no longer have to infiltrate individual companies all the time; instead, they can target cloud providers, or cloud-based vendors, to infect or penetrate lots of companies with a single attack. One of these, dubbed ‘CloudHopper‘, already has done immense damage. And as we move toward a new digital world order where ever more of our IT infrastructure is in the cloud, we have to remain even more vigilant in protecting ourselves from distributed attacks like this.
All in all, cybersecurity is moving to the forefront of corporate concerns in 2019. With more hacks of greater scope and ever-increasing damages, it cannot stay on the back-burner any more. That’s why smart businesses have turned to companies like ours to help shoulder that cybersecurity load, and ensure that you’re protected for 2019 and years to come.