This year's FireEye security predictions report – Facing Forward: Cyber Security in 2019 and Beyond – combines the top-down views of some of our senior leaders with an in-depth look at emerging threats from specialized analysts and researchers from FireEye Threat Intelligence, FireEye Mandiant and FireEye Labs.
Our CEO Kevin Mandia, CSO Steve Booth, intelligence authority Sandra Joyce, cloud guru Martin Holste and aviation expert Christopher Porter take a view from the top on subjects as diverse (yet synergistic) as nation states' offensive capabilities, the vulnerabilities of the cloud, the widening skills gap and the continuing threat from ever more devious executions of social engineering.
A vastly increasing number of enterprises are moving their data to the cloud, and whether your view is that it is more or less secure, this is where the attackers are going too. This makes it imperative that you ask the right questions of not only your cloud vendors, but inwardly, of your organization, its business model, infrastructure, resources, employee behaviors and your own hunches.
Hostile activity by nation states is on the increase, not only in volume but in the diversity of emerging actors and their diverse motives. For example, the Chinese Belt and Road development strategy involving infrastructure development and investments in Europe, Asia and Africa is anticipated to drive new cyber threat activity. Regime-sponsored or endorsed activity originating in Iran uses social media to influence audiences around the world on the country's politics. And the North Korean regime is increasingly leveraging the country's cyber criminal capability as international sanctions hit harder. In the meantime, Russia continues to extend its activities with a number of motives.
Aviation is also covered in the report as a particular sector which faces varied, multilateral threats. There has long been speculation around whether it is possible to hack an aircraft. The Department of Homeland Security claims that technically, it is possible. In reality, however, it's unlikely. The more realistic cyber threats to the sector – which are actually happening today – include espionage committed against manufacturers of both military and civil aircraft and their components, data and financial theft from operators and ticket sellers, and ransomware attacks against airports with the objective of either disruption or financial extortion.
In addition to the above and other trending threats, the report describes how the tactics, techniques and procedures traditionally used by APT groups and other organized cyber crime gangs are still reaping success for their perpetrators as levels of sophistication are added in order to evade detection and prevention:
As alluded to elsewhere in this issue of The Vision, email is still the most prevalent initial attack vector, representing the point of entry for 91% of attacks. Here, we have observed an increase in the use of password-protected malicious attachments to feign authenticity, and CEO and business email compromise fraud activity. SIM card spoofing – effectively bypassing 2FA – is also on the rise. Financial and espionage actors alike are making increased use of open-source malware as well as exploiting legitimate internet services for command and control (C2) purposes.