states  have  launched  huge  distributed  denial-of-service  (DDoS)  attacks  that  can  take  down  entire
            countries’  infrastructure  and  could  certainly  hamper  communications  systems.  The  U.S.  government
            claims foreign actors have already been targeting and probing the defenses of public utility and energy
            systems. We’ve seen these nation-sponsored attacks targeting financial systems like SWIFT to steal
            millions. Nation-states have also used social media and other communication systems to poison public
            perception with fake news.

            In summary, each of these individual types of attack are already possible. It’s just a matter of time before
            some country combines many attacks as a smoke screen for a larger operation.



            5) Prediction: Fileless, Self-Propagating “Vaporworms” Attack


            Description:
            In  2019,  a  new  breed  of  fileless  malware  will  emerge,  with  wormlike  properties  that  allow  it  to  self-
            propagate through vulnerable systems and avoid detection.

            It has been over 15 years since the Code Red computer worm spread through hundreds of thousands of
            vulnerable Microsoft IIS web servers in an early example of a fileless worm. Since then, both worms and
            fileless malware have impacted networks worldwide individually, but rarely as a combined attack.

            Fileless malware, which runs entirely in memory without ever dropping a file onto the infected system,
            continues to grow in popularity. Sophisticated attackers prefer this method because without a malicious
            file to scan, traditional endpoint antivirus controls have a hard time detecting and blocking fileless threats.
            This results in higher infection rates. Pair this with systems running unpatched and vulnerable software
            that’s ripe for worm exploitation, and you have a recipe for disaster.

            Last year, a hacker group known as the Shadow Brokers caused significant damage by releasing several
            zero  day  vulnerabilities  in  Microsoft  Windows.  It  only  took  a  month  for  attackers  to  add  these
            vulnerabilities to ransomware, leading to two of the most damaging cyber attacks to date in WannaCry
            and NotPetya. This isn’t the first time that new zero day vulnerabilities in Windows fueled the proliferation
            of a worm, and it won’t be the last. Next year, “vaporworms” will emerge; fileless malware that self-
            propagates by exploiting vulnerabilities.


















                                 147