General security

Year in Review: Looking Back on Our Top 10 Cybersecurity Predictions for 2018, and Our Predictions for 2019!

January 3, 2019 by Pierluigi Paganini

2018 was certainly a year for cybersecurity news: high-profile hacks, ransomware attacks, cryptocurrency fluctuations and more. But now the year has ended, so it is time to check whether the cybersecurity predictions I made 12 months ago were correct!

The Predictions for 2018

1. GDPR: Many companies will not be compliant with the new EU regulation by the deadline

Despite the huge fines introduced with the new EU regulation (up to 20 million Euros or 4 percent of global turnover), many companies are still not compliant with the GDPR.

The GDPR had a significant impact on organizations that decided to be compliant by the May 25th deadline. Probably the biggest issue faced by businesses was the harmonization of the work conducted by IT staff, legal representatives, human resources and C-level executives.

2. Ransomware will be the most dangerous threat to businesses and organizations worldwide

During 2018, ransomware represented one of the most dangerous threats to organizations and end users. Specific ransomware families, such as the SamSam and Gandcrab ransomware, were particularly active.

The SamSam hackers stole from over 200 organizations, including public institutions, municipalities, and hospitals. They have caused over $30 million in losses.

The list of victims includes the City of Atlanta, the port of San Diego and the Colorado Department of Transportation (DOT).

The overall number of new ransomware families has increased. Experts observed the birth of new ransom-as-a-service platforms on the Dark Web, platforms that make it very easy for wannabe crooks to arrange their ransomware campaigns.

3. Cybercriminals focus on cryptocurrencies

Last year, I predicted a significant increase in the number of cyber-attacks against cryptocurrencies, and the events observed in the last months confirmed that I was right. Hackers targeted almost any actor involved in the business of cryptocurrencies: single users, miners and, of course, exchanges.

4. APT groups from Russia and China will increase their pressure on Western organizations

Cyber-espionage groups linked with North Korea, Russia and China have intensified their operations targeting Western entities. In recent months, evidence collected by U.S. experts allowed the U.S. Department of Justice to indict multiple Russian and Chinese cyber-spies.

5. Cloud security will be a top priority for enterprises

Cloud computing technology has been adopted by almost any businesses, but in most cases the organizations lack the proper security posture.

The number of attacks against cloud storage carried out by cyber-criminals and state-sponsored hackers has increased in recent months, along with the number of data leaks caused by misconfigurations.

Enterprises are adopting security guidelines and are defining their cyber-strategy to mitigate the risk of exposure to cyber-threats.

6. Rise of a joint international effort to fight cybercrime

In 2018, the collaboration among law enforcement agencies from different countries allowed them to dismantle numerous cybercriminal rings that were responsible for several illegal activities, from DDoS attacks to money laundering.

7. IoT devices will be a privileged target of hackers

In 2018, the number of cyber-attacks carried out through compromised IoT devices has increased. The good news, though, is that many IoT vendors are working harder to secure their devices and make exploitation harder.

Experts observed several DDoS-for-hire services available in the cybercrime underground, most of them leveraging botnet of compromised IoT devices.

8. The rise of mobile threats

We have seen an increase in mobile threats, especially those aimed at Android mobile devices. Unfortunately, many of them exploited the official Google Play Store to deliver malware to a broad audience.

Both Google and Apple have improved their platforms to identify potentially harmful applications and keep they out from their official store.

9. Cyber-insurance proposals will explode

The interest in cyber-insurance has exploded with the growth of awareness of cyber-attacks, especially in Europe and Asia. Unfortunately, the offer is still not enough to properly assess the cyber risks and offer mature products to businesses and end-users.

10. Cyberbullying: the emergency continues

Cyberbullying made the headlines during the last months. Cases of abuses are increasing, and children and teenagers are the most vulnerable to this practice.

The number of victims has dramatically increased despite authorities’ numerous initiatives worldwide. In 2018, states promoted new campaigns to prevent and respond to this cruel cybercrime, with mixed results.


Our score for my 2018 predictions is ten out of ten correct. Not bad at all!

Here, then, are my top eight cybersecurity predictions for the coming year.

Predictions for 2019

1. Cyber-crime-as-service: the dominant mode

The crime-as-a-service model will continue to be the pillar of the cybercrime ecosystem. Thanks to this model, cybercriminals and wannabe crooks will have easy access to malware, exploits, DDoS-for-hire services, RDP accesses, botnets and other malicious services.

These services are very attractive for both novice criminals and skilled hackers. The latter leverage cybercrime-as-a-service to speed up their operations and make it hard to attribute attacks to specific threat actors.

Malware-as-a-service platforms that are focused on cryptocurrency mining will become more efficient and sophisticated, and RaaS services and DDoS-for-hire platforms will monopolize the threat landscape.

2. Threat actors will carry out AI-based attacks

AI-powered defense systems are a reality, and are already employed by many entities to automate manual tasks and enhance human activities.

Of course, these systems could be exploited for offensive purposes; they could be used to automate the reconnaissance phase of an attack and search for unfixed flaws that could be exploited to breach into the target systems. AI could be also used to carry out social engineering attacks, making them even more sophisticated. Security experts fear the involvement of AI-based systems in misinformation campaign conducted by rogue states.

Watch out: AI-based systems could be used to launch highly-personalized attacks in 2019!

3. IoT under attack

The number of cyber-attacks powered by massive IoT botnets will increase, and attackers will leverage tens of thousands of infected IoT devices to carry out malicious activities such as DDoS attacks or spam campaigns. Threat actors will continue to target poorly-secured IoT devices, leading to great concerns about attacks against IoT devices used in critical infrastructure (e.g., communications networks and electric grids).

4. Attackers will continue to target the supply chain

In the last couple of years, threat actors increasingly targeted supply chains. Hackers will launch attacks aiming at implanting malware into legitimate applications, replacing legitimate software updates with tainted versions. In this way, every user receiving the update will automatically have their system compromised.

Supply chain attacks will increase in sophistication and could be hard to detect; attackers will use them to infect a wide audience.

5. Nation-state attackers will become more aggressive

Governments will continue to carry out cyber-espionage campaigns, with Russia, China and North Korea likely being the most aggressive countries in the cyber arena. While China will be more focused on cyber-espionage, North Korea will focus its operations on stealing funds. Russian state-sponsored hackers will be more focused on cyber-espionage and online misinformation.

It will be interesting to monitor the growth of other APT groups, such as the Iran-linked cyber-espionage groups that were very active in 2018.

6. Cyberbullying: a social emergency

The number of victims of cyberbullying will continue to increase. The official figures are just the tip of the iceberg, but they certainly confirm that this phenomenon is a social emergency. Governments will continue promoting awareness campaigns aimed at preventing these crimes and informing people, especially youngsters, about the possible damages caused by cyberbullying.

7. Cloud storage: a gold mine for attackers

A growing number of companies already rely on cloud storage. For that reason, it’s unsurprising that threat actors are devising new techniques to find unsecured systems and attack them.

Cloud infrastructures are potential targets of security breaches. Attackers will use several techniques to steal data and to monetize their efforts. Cloud-based ransomware could target the infrastructures of businesses and cause heavy losses.

8. ICS/SCADA attacks are a global concern

We will see a continuous increase in the number of cyber-attacks against ICS/SCADA systems, most of which are still not designed to be resilient to these kinds of assaults. The vast majority of the attacks will be not targeted in nature, but nation-state actors could develop new weapons to hit this specific family of devices. Targeted attacks could be destructive and aimed at systems in critical infrastructure; the oil industry will likely be the most targeted sector.

Will my eight predictions for 2019 come true? Come back in a year and find out!

Posted: January 3, 2019
Pierluigi Paganini
View Profile

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.