By Marcus Fowler, Director of Strategic Threat, Darktrace

Hindsight is 20/20 - What 2019's Cyber-Attacks Can Tell Us About The 2020 Threat Landscape

In 2019, businesses' vulnerabilities and the shortcomings of existing cyber security strategies were again thrown into the spotlight. Organizations struggled to secure their data in the face of insider threat, ransomware attacks, new regulations and even simple misconfigurations. At the same time, cyber-criminals were speeding up - developing novel exploits, gaining access to nation-state grade tools proliferating on the dark net, and finding new inroads into enterprises.

What can businesses expect in 2020? What cards do cyber-criminals hold in their deck? By analyzing emerging technologies and industry trends, we can anticipate the techniques that attackers may utilize in the new year.  

Success at Machine-Speeds

Despite the increase in ransomware attacks over the last year, we likely still haven't seen its peak.

In 2019, cyber-criminals utilized both targeted and spray-and-pray approaches to successfully attack enterprises, public bodies, and local governments. Ransomware's prevalence and success has raised concerns at the highest levels, with institutions like the FBI issuing warnings that ransomware presents an urgent and high-impact threat to US organizations.

The 2020 landscape looks eerily similar. As businesses and digital infrastructures continue to grow in scale and complexity, we will also see ransomware continue to scale up and shape-shift. While possessing the same core characteristics, these new developments will widen the threat landscape and make it even harder for security teams to detect and prevent these attacks. Crucially, these will be never-before-seen threats, meaning that rules and signature-based approaches won't stand a chance.

Ransomware's efficacy is, by-and-large, due to its speed - it can simply move faster than security teams can respond. The fifth generation of cellular networks, 5G, will only further facilitate the rise of similar machine-speed and automated attacks. At wireless connection speeds up to 100 times faster than 4G, malware can download and spread throughout a victim's network long before they realize that anything is amiss. Without equally fast defenses that are able to keep up with both the speed and evolution of these threats, ransomware will continue to be as successful as ever. 

The Rise of Terror-Ware

At the same time that ransomware attacks have increased, attacks against physical infrastructure have also been on the rise. In the last year, factories, nuclear plants, oil refineries, ports, and energy grids have all been infiltrated by advanced attackers. In 2020, we will see these two threats converge, with ransomware threatening industrial processes rather than data. Unfortunately, this makes data back-up a poor safety net for what lies ahead.

As smart buildings, smart cities, and the Internet of Things become an exciting reality, security vulnerabilities will only continue to grow. In an interconnected world, almost everything is fair game to hackers - who, as we know, are endlessly creative. This development inextricably links cyber security with physical and operational security.

In 2020, governments should expect to see adversaries, criminals, nation-state actors, and potentially even terrorists take advantage of cyber-physical vulnerabilities, leveraging cyber-for-hire to execute these advanced attacks if they lack the technical hacking skills.  Perhaps most concerningly, we will likely see nation-state proxy conflict escalate - with cyber as the key tool. Cyber conflict between nation-states is nothing new. However, as the lines between the cyber and physical world increasingly blur, so will the lines between cyber and physical warfare. The blurring of these lines will raise the stakes for all involved, increasing the potential for miscalculations and unintentional escalations, and further complicating international relations.

A(I)ttacks?

The building blocks for AI-powered cyber-attacks are already in place. As sophisticated defenses and access to open-source AI tools incentivize adversaries to supercharge their attacks, 2020 may very well bring with it the first true AI-powered cyber-attack.

Advanced malware that adapts its behavior to remain undetected has long been on the rise. Once released, these self-learning attacks will not wait for orders from home base. They will make their own decisions, often while deep inside corporate networks, and deliver blows slowly, stealthily, and virtually without a trace.

However, AI won't only enable malware to move undetected across complex digital infrastructures, but also help attackers determine their targets, conduct reconnaissance, and scale attacks. Successfully executing an advanced attack currently requires numerous resources and manpower. With AI, the same adversary could target 20 companies in the time it might currently take to target one.

AI cyber-attacks will be almost impossible for humans to stop - and once the first wide-spread AI attack occurs, there will be no turning back the clock. Using self-learning technology, companies would be smart to build up their defenses before that day comes.

Conclusion

If the cyber-attacks of the last year have taught us anything, it's that we need to expect the unexpected. Trying to predict the vulnerabilities in a new technology, the precise signature of an attack, or a new malware strain in the face of an ever-evolving threat landscape and increasingly complex businesses is like finding a specific needle in a needlestack.

With new IoT devices, neural interfaces, 5G, autonomous vehicles, and other new technologies beginning to come to market, cyber security needs to be an integral part of their development from day one. And as hackers continue to innovate, the winners of 2020 will be those who can match the speed of both innovation and attacks. AI for cyber defense presents the most promising defense weaponry in the arms race, as it is the only force capable of combatting offensive AI and other yet-unseen attacks. In the intense geopolitical heat of the present moment, we must look ahead and prepare our digital enterprises for the sieges to come.

##

About the Author

Marcus Fowler, Director of Strategic Threat, Darktrace

Marcus Fowler spent 15 years at the Central Intelligence Agency developing global cyber operations and technical strategies, until joining Darktrace in 2019. He has led cyber efforts with various US Intelligence Community elements and global partners, and has extensive experience advising senior leaders on cyber efforts. He is recognized as a leader in developing and deploying innovative cyber solutions. Prior to serving at the CIA, Marcus was an officer in the United States Marine Corps. Marcus has an engineering degree from the United States Naval Academy and a Masters' Degree in International Security Studies from The Fletcher School. He also completed Harvard Business School's Executive Education Advanced Management Program.