Avast’s 2019 Threat Landscape Report warns of adversarial AI, more sophisticated IoT attacks and an increase in fake apps.
Avast has launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team.
The Avast Threat Labs team sees roughly one million new files a day and prevents two billion attacks every month. This volume provides valuable insights into the most prevalent threats, as well as the ability to map trends to predict future attacks.
Some of the key security trends that will evolve or continue to impact consumers in 2019 include:
The Dawn of Adversarial AI
The emergence of a class of attacks known as ‘DeepAttacks’ which use AI-generated content to evade AI security controls is foreseen. In 2018, the team observed many examples where researchers used adversarial AI algorithms to fool humans. Examples include the fake Obama video created by Buzzfeed where President Obama is seen delivering fake sentences, in a convincing fashion.
Examples of adversarial AI deliberately confounding the smartest object detection algorithms, such as fooling an algorithm into thinking that a stop sign was a 45-mph speed limit sign has been noticed.
In 2019, DeepAttacks deployed more commonly in an attempt to evade both human detection and smart defences will be witnessed.
IoT Threats Will Become More Sophisticated
The trend toward smart devices will be so pronounced in the coming years that it will become difficult to buy appliances or home electronics that are not connected to the internet.
Avast research has shown that security is often an afterthought in the manufacturing of these devices. While the big-name smart devices often do come with embedded security options, some producers skimp on security either to keep costs low for consumers or because they are not experts in security. Considering a smart home is only as secure as its weakest link, this is a mistake. History tends to repeat itself, so we can expect to see IoT malware evolve and become more sophisticated and dangerous, similar to how PC and mobile malware developed.
Router Attacks Will Advance
Routers have proven to be a simple and fertile target for a growing wave of attacks. Not only have we seen an increase in router-based malware in 2018, but also changes in the characteristics of those attacks.
In 2019, expect to see the increased hijacking of routers used to steal banking credentials, for example, where an infected router injects a malicious HTML frame to specific web pages when displayed on mobile. This new element could ask mobile users to install a new banking app, for instance, and this malicious app will then capture authentication messages. Routers will continue to be used as targets of an attack, not just to run malicious scripts or spy on users, but also as an intermediate link in chain attacks.
The Evolution of Mobile Threats
In 2019, well-known tactics such as advertising, phishing and fake apps will continue to dominate the mobile threat landscape. In 2018, Avast tracked and flagged countless fake apps using our apklab.io platform. Some were even found on the Google Play Store. Fake apps are the zombies in mobile security, becoming so ubiquitous that they barely even make the headlines as new fake apps pop up to take the place of the ones already flagged for removal. They will continue to persist as a trend in 2019, exacerbated by fake versions of popular app brands doing their rounds on the Google Play Store.
In 2018, the return of banking Trojans was also particularly pronounced on the mobile side, growing 150 per cent year-on-year, from three per cent to over seven per cent of all detections will be seen worldwide. While perhaps not a big shift in terms of the overall volume, Avast believes that cybercriminals are finding banking to be a more reliable way to make money than cryptomining.