Ixia Security Report 2019: Human is the weakest link

In a recent security report published by Ixia, a Keysight business, it identified key findings for cybersecurity trend in 2019, and like the tagline of once popular UK-game show, human is the weakest link.

“You are the weakest link!”

The difference here in Ixia report was that there is no one, no iconic host, Anne Robinson to remind us that we are the weakest link the myriad of machines and programs designed to enhanced system security.

How often its take just one email password breach by an unsuspecting personnel to jeopardise the whole corporate system.

Naveen Bhat, managing director of Ixia Asia-Pacific told Hackwarenews that the most vulnerable group belonged to the children and elderly, whom are less aware of the malicious attacks via emails and mobile apps.

Six trends for 2019

Under the Ixia’s Security Watchlist for 2019, the Application and Threat Intelligence (ATI) team predicted that escalation of abuse of low value endpoints will be an ongoing trend.

This rising threat is likely to exacerbate by the adoption of more Internet Of Things (IOT) and 5G networks which vastly increased capacity, lower latency, and faster speeds in connectivity with everyday objects.

Public system under threat

With the prevalent of IOT, public services like hospitals, governments, transportation and smart cities will be more interlinked and exposed to brute force attacks.

These “brute-force attacks” on public-facing systems have life-threatening consequences such as disruption of remote surgery operation in hospital which requires zero tolerance of latency.

Cyber-attacks on cloud architecture are likely to increase as well as public cloud-based solutions give no control over server and network structure.

This prompt the new types of attacks like Spectre (CVE-2017-5753) and CVE-2019-6260 that targeted specifically at cloud users and their data.

Evolution of Phishing

Hackers are expected to create better phishes to get sensitive information from employees belonging to corporate enterprises.

The phishing may typically carry out by email spoofing or instant messaging to enter personal information into a fake website with a look and feel of a legitimate one.

However, the latest updates from Office 365 and Google G Suite adoption may help slow down phishing momentum as both tools provide some phishing indicators.

Over the long run, companies still need to invest in more staff training to prevent well-planned attacks by hackers to get pass newer defenses.

More Malwares and Crypto-jacking

Instead of going well-defended security systems from outside network, some attackers may utilize more LAN-to-LAN attacks to avoid detection and complexity of the security levels.

Most of these system breaches were often attacked through malwares which often go undetected as they are disguised to look like normal HTTPS in the network traffic. Plus, many malware dwell times can exceed 100 days, making detection more difficult and longer.

Depending on the values of crypto-currency, hackers may use compromised systems for crypto-mining that undermined the enterprise resources and slow down computing system.

For instances, the old unpatched vulnerabilities previously used for ransomware or DDoS networks are easily exploited to deliver crypto mining software.