For more than a decade, Cisco’s security reports have been a definitive source of intelligence for security professionals interested in the state of the global industry. These comprehensive reports provided detailed accounts of the threat landscape and their organizational implications.

Today we are publishing our second report for 2019: Defending against today’s critical threats. This whitepaper looks back at the threat landscape over the past last year, highlighting some of the key cybersecurity incidents during that time frame. However, this isn’t just another retrospective report, fondly looking back at events that have already come to pass.

What we’ve done here is pick out five stories that, while they occurred in the recent past, could very well portend what is yet to come for the threat landscape. It’s as close as we can get to making predictions without reading too much into patterns in the digital tea leaves.

Take modular threats for example. These are highly adaptable threats, where different components can be downloaded and leveraged depending on the environment it finds itself in. Such threats have existed for a while, but two in particular have stood out recently.

The first is Emotet. This threat has been around for a few years, but has grown to become a threat distribution network and a force to be reckoned with. The threat’s modularity gives it the ability to change the payload depending on the circumstances.

Another example is VPNFilter—an IoT threat that hit a vast number of routers, likely compromising them by exploiting known vulnerabilities. This threat included a plug-in system that could extend its functionality, depending upon the environment it found itself in and the attackers intended goal.

Another key trend that we expect to continue into the near future is the use of email as a threat delivery vector. Email has been, and will likely continue to be, the most common method for distributing new threats. If you get email, you probably get malware delivered too. Emotet consistently relies on email campaigns to infect new computers, as does cryptomining and digital extortion campaigns (a topic we’ll soon cover in our Threat of the Month series).

And of course, we expect the primary modus operandi for threat actors will remain the same in the near future: money. From cryptomining to Emotet to ransomware, when you distill many threats down to their essence it’s all about the bad actors lining their pockets.

These are some of the trends we expect to see in the near future. Of course it’s impossible to predict everything that will occur, but the safest bets are usually the ones you most often come up against. Addressing those early can free up time to deal with the unexpected.

Download a copy of our first 2019 Threat Report, Defending against today’s critical threats today and start prepping for the things that are likely to come.


Ben Nahorney

Threat Intelligence Analyst

Cisco Security