The Internet of Things seem to be more vulnerable than ever, with more threat actors forecast in 2019.
A report highlighting the threat landscape for 2019 released by digital security firm Avast shows what its threat labs team sees: more attacks aimed at infiltrating an IoT device.
“From connected lights to coffee makers, and smart speakers to toothbrushes, IoT devices will continue to drive a class of attacks aimed at exploiting their weaknesses in configuration, security flaws, and consumers’ low engagement with their security settings,” the report noted.
The Avast Threat Labs team sees roughly one million new files a day and prevents two billion attacks every month.
“This volume provides valuable insights into the most prevalent threats, as well as the ability to map trends to predict future attacks,” the company said.
Adversarial AI
In 2018, the Avast team said it observed many examples of adversarial AI algorithms used to fool humans, such as the fake Obama video created by Buzzfeed where President Obama is seen delivering fake sentences.
There were also examples of AI deliberately confounding the smartest object detection algorithms, such as fooling an algorithm into thinking that a stop sign was a 45-mph speed limit sign.
“In 2019, we expect to see DeepAttacks deployed more commonly in an attempt to evade both human detection and smart defenses,” Avast said.
Deep Attacks use AI-generated content to evade AI security controls.
As most appliances or home electronics are now connected to the internet, Avast warns that their research shows security is often an afterthought in manufacturing these devices.
“Considering a smart home is only as secure as its weakest link, this is a mistake. So we can expect to see IoT malware evolve and become more sophisticated and dangerous, similar to how PC and mobile malware developed,” Avast said.
Routers, for example, have proven to be a simple and fertile target for a growing wave of attacks.
“Not only have we seen an increase in router-based malware in 2018, but also changes in the characteristics of those attacks,” it said. “In 2019, we expect to see the increased hijacking of routers used to steal banking credentials, for example, where an infected router injects a malicious HTML frame to specific web pages when displayed on mobile.”
Fake apps
In 2018, the Avast team said it tracked and flagged countless fake apps using its apklab.io platform.
“Some were even found on the Google Play Store. Fake apps are the zombies in mobile security, becoming so ubiquitous that they barely even make the headlines as new fake apps pop up to take the place of the ones already flagged for removal,” it said.
This trend is expected to continue to persist in 2019, exacerbated by fake versions of popular app brands doing their rounds on the Google Play Store.
Well known tactics such as advertising, phishing and fake apps are also projected to dominate the mobile threat landscape.
“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.
“PC viruses, while still a global threat, have been joined by a multitude of malware categories that deliver more attacks. People are acquiring more and varied types of connected devices, meaning every aspect of our lives could be compromised by an attack. Looking ahead to 2019, these trends point to a magnification of threats through these expanding threat surfaces.”