By Zakir Hussain
More vulnerabilities with greater impact
Reports of vulnerabilities and exploits are likely to rise in 2020. The number of CVEs has increased steadily over the past couple of years, and it has never fallen two years in a row. Also, given the increased fragmentation of hardware and software, and the adoption of large-scale open source and “tweaked” hardware design, we can likely expect a cascade effect when a vulnerably is found in a component and used en masse. These vulnerabilities will affect many vendors and manufacturers, potentially with profound consequences on consumers and organizations.
Increased adoption of bounty programs by companies and organizations has also stimulated the growth of ethical disclosures. However, non-disclosure timelines have sometimes been pushed to more than six months, which will cause a rollover in 2020 of vulnerabilities reported in 2019.
Complexity of software and knowledge needed for attacks and protection will increase. Malware sophistication grows.
Successful attacks targeting everything from web and cloud to social engineering, artificial intelligence, and even low-level hardware flaws will require far more advanced and in-depth knowledge from hackers. This will lead to increased malware sophistication, with attackers potentially developing new tools and techniques for dodging traditional security layers.
Increased diversification of IoT without proper security: attacks on infrastructures and reruns of old CVEs.
With an estimated more than 20 billion IoT devices to be connected to the internet in 2020, the number of attacks targeting unpatched vulnerabilities will Increase. With no security frameworks or regulations available to ensure the security of the devices and the data they collect, process, and distribute, and a lack of regular patch cycles pushed by vendors to address known vulnerabilities, we’ll likely see old CVEs used time and again to compromise IoTs. Industrial IoTs are also likely to become more appealing for threat actors, potentially government-motivated, as they can be used to disrupt critical services and infrastructures.
State actors will increasingly use cyber-warfare, at least covertly. Attribution to other nations
The Shadow Brokers leak, which revealed tools specifically built to plant artifacts within APTs that point to various countries, helps illustrate how cyber-warfare malware will become increasingly difficult to attribute to a specific nation or nation-sponsored cybercriminal group. Geopolitical context will fuel development and use of cyber weapons, either for espionage or political manipulation, or even to disrupt critical infrastructures.
Fight against government censorship (fight for privacy) will increase
Backlash from legislation to bolster censorship or weaken encryption tools and services will continue throughout 2020 as privacy advocates and organizations fight against it. As more privacy and encryption-oriented tools and services are likely be adopted by both average users and cybercriminals.
DeepFake techniques will improve and may spur new waves of cybercrime. DeepFake audio phone calls have already been used in scams, tricking organizations into transferring funds to attacker-controlled accounts.
While the GandCrab ransomware family has been decommissioned by its operators, others with striking similarities and the same business model – such as Sodinokibi – have become increasingly popular. Ransomware families that target specific verticals, such as healthcare, critical infrastructure and education, will become more prevalent. More GrandCrab spinoffs, perhaps even developed by the same group, will likely emerge with new “features” to dodge security and maximize profit.
Ransomware campaigns targeting service providers could also intensify, as successful compromise could lead attackers to more infrastructures and, implicitly, more endpoints. New targeted ransomware attacks are also likely to exploit vulnerabilities at the network layer by scanning for exposed and vulnerable services, such as terminal services, coupled with tools designed for lateral movement.
As financial institutions come under increasing pressure to create APIs and open up their infrastructures to FinTech companies, cybercriminals will likely target these organizations, both because they may have lax security measures and because they store, process and have access to critical financial and sensitive user data.
FinTech startups are more likely to be vulnerable to phishing, web and mobile application security attacks, due to outdated commercial software, open-source and lacking security procedures. In fact, a significant issue facing fintech startups is the creation of better security protocols to enhance security and data protection. Recent security findings suggest that companies’ main websites fail PCI DSS compliance tests, while mobile app backends have privacy issues or serious misconfigurations related to encryption and insufficient web server security hardening.
This type of BEC (Business Email Compromise) attack shows that fintecs could risk much more than exposing customer data, but also losing large amounts of money from investment funds.
Franken-malware – multi-purpose malware components that drop anything from crypto miners, ransomware, exploits, etc.
The malware-as-a-service industry will start repurposing and improving previously known malware components and tools designed for infiltration and persistency, in order to allow their “client” to deploy any type of malware, ranging from ransomware to cryptocurrency miners and spyware. We’ve already seen an increase in droppers reused in malware campaigns and potentially by different cybercriminals, spreading multiple types of financially motivated threats. Malware developers will likely start focusing on providing tools that offer the means to infiltrate and drop malware payloads based on their “clients’” demands.
Cloud-based threat vectors
With cloud adoption continuing to increase, companies will likely see more attacks stemming from cloud-based threat vectors revolving around vulnerabilities and misconfigurations that quickly spread across private, public, or hybrid infrastructures. The adoption of IaaS infrastructures coupled with multitenancy of cloud environments will place even more strain on data isolation and data privacy if attackers compromise those infrastructures. The proliferation and diversification of cloud technologies meant to boost productivity, efficiency, and scalability are likely to further expand an already sizeable attack surface.
Cybercriminals will also start using the cloud more often to deliver threats and remotely control victims using cloud services. More malware will start abusing popular web development platforms, such as GitHub, to act as conduits for command and control communications. This will let threat actors abuse legitimate cloud services to fly under the radar of endpoint and network security solutions.
(The author is the Director at BD Software Distribution)
If you have an interesting article / experience / case study to share, please get in touch with us at firstname.lastname@example.org