The Attack Surface Is Growing Faster Than Ever

Avast has launched its annual Threat Landscape Report for 2019 detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team. 

Some of the key security trends that will evolve or continue to impact consumers in 2019 include:

The Dawn of Adversarial AI
We foresee the emergence of a class of attacks known as ‘DeepAttacks’, which use AI-generated content to evade AI security controls. In 2018, the team observed many examples where researchers used adversarial AI algorithms to fool humans. 
Examples include the fake Obama video created by Buzzfeed where President Obama is seen delivering fake sentences, in a convincing fashion.

We have also seen examples of adversarial AI deliberately confounding the smartest object detection algorithms, such as fooling an algorithm into thinking that a stop sign was a 45-mph speed limit sign. 

In 2019, we expect to see DeepAttacks deployed more commonly in an attempt to evade both human detection and smart defences.

IoT Threats will become more Sophisticated
The trend toward smart devices will be so pronounced in the coming years that it will become difficult to buy appliances or home electronics that are not connected to the internet.

Avast research has shown that security is often an afterthought in the manufacturing of these devices. While the big name smart devices often do come with embedded security options, some producers skimp on security either to keep costs low for consumers or because they are not experts in security. 

Considering a smart home is only as secure as its weakest link, this is a mistake. History tends to repeat itself, so we can expect to see IoT malware evolve and become more sophisticated and dangerous, similar to how PC and mobile malware developed.

Router Attacks will Advance
Routers have proven to be a simple and fertile target for a growing wave of attacks. Not only have we seen an increase in router-based malware in 2018, but also changes in the characteristics of those attacks.

In 2019, we expect to see the increased hijacking of routers used to steal banking credentials, for example, where an infected router injects a malicious HTML frame to specific web pages when displayed on mobile. 

This new element could ask mobile users to install a new banking app, for instance, and this malicious app will then capture authentication messages. Routers will continue to be used as targets of an attack, not just to run malicious scripts or spy on users, but also as an intermediate link in chain attacks.

The Evolution of Mobile Threats
In 2019, well known tactics such as advertising, phishing and fake apps will continue to dominate the mobile threat landscape. In 2018, we tracked and flagged countless fake apps using our apklab.io platform. Some were even found on the Google Play Store. 

Fake apps are the zombies in mobile security, becoming so ubiquitous that they barely even make the headlines as new fake apps pop up to take the place of the ones already flagged for removal. They will continue to persist as a trend in 2019, exacerbated by fake versions of popular app brands doing their rounds on the Google Play Store.

In 2018, the return of banking Trojans was also particularly pronounced on the mobile side, growing 150 percent year-on-year, from three percent to over seven percent of all detections we see worldwide. While perhaps not a big shift in terms of the overall volume, we believe that cybercriminals are finding banking to be a more reliable way to make money than crypto mining.

“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.

“PC viruses, while still a global threat, have been joined by a multitude of malware categories that deliver more attacks. People are acquiring more and varied types of connected devices, meaning every aspect of our lives could be compromised by an attack. Looking ahead to 2019, these trends point to a magnification of threats through these expanding threat surfaces.”

HelpNetSecurity:        Avast:

You Might Also Read:

10 Cyber Security Trends To Look Out For In 2019:

 

« Cybersecurity Threats In 2019
US Government Shutdown Is Damaging Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

rPeople Staffing

rPeople Staffing

rPeople provides direct placement in all areas of your organization, including and specializing in Technical and Executive hiring.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

Institute for Cyber Security Innovation - Royal Holloway

Institute for Cyber Security Innovation - Royal Holloway

The Institute for Cyber Security Innovation aims to bring together Academia, Industry and Government to be a catalyst for applied research and innovation in cyber security policy and solutions.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Custodia Continuity

Custodia Continuity

Custodia Continuity manage your Security, Backup, Continuity and Compliance. You get on with your business.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.

Cyber Security Certification Australia (CSCAU)

Cyber Security Certification Australia (CSCAU)

CSCAU is the world’s first 'for mission' industry council set up to address small and medium-sized business (SMB) cyber resilience through annually updated certifiable standards.

Acuvity

Acuvity

Acuvity is the most comprehensive AI security and governance platform for your employees and applications. Secure your GenAI adoption with confidence.