By Kaspersky's GReAT team

Advanced Persistent Threats in 2020 - Abuse of Personal Information and More Sophisticated Attacks Are Coming

In anticipation of the new year, Kaspersky researchers have shared their predictions on Advanced Persistent Threats (APTs) in 2020, pointing out some of the ways the landscape of targeted attacks could change in the coming months.

The predictions were developed based on changes that the Global Research and Analysis Team (GReAT) collectively witnessed over 2019, and are an effort to help the cybersecurity community prepare for the challenges that lie ahead in the coming year.

The abuse of personal information: from deepfakes to DNA leaks

After a number of personal data leaks that happened in recent years, the number of personal details available made it easier for attackers to perform targeted attacks, based on victims' leaked info. In 2020, threat actors will dive deeper, hunting for more sensitive leaks, such as biometric data.

The researchers pointed out a number of key technologies which could lure victims of personal data abuse into the attackers' traps. Among them are video and audio deepfakes that can be automated and support profiling, as well as the creation of social engineering and other schemes.

Other targeted threat predictions for 2020 include:

• False flag attacks reach a whole new level. These attacks will develop further, with threat actors seeking not only to avoid attribution but also to actively lay the blame on someone else. Commodity malware, scripts, publicly available security tools and administrator software, mixed with a couple of false flags, where security researchers are hungry for any small clue, might be enough to divert suspected authorship to someone else.
• Ransomware shifts toward targeted threats. Attackers will focus more on organizations that are likely to make substantial payments in order to recover their data. A potential twist might be that, instead of making files unrecoverable, threat actors will threaten to publish data that they have stolen from the victim company.
• New banking regulations in EU open new attack vectors. As banks will be required to open their infrastructure and data to third parties who wish to provide services to bank customers, it is likely that attackers will seek to abuse these new mechanisms with new fraudulent schemes.
• More infrastructure attacks and attacks against non-PC targets. Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. VPNFilter and Slingshot, for example, targeted networking hardware.
• Cyberattacks focus on trade routes between Asia and Europe. New attacks could hit regions including Turkey, East and South Europe and East Africa. Possible scenarios include a growth in political espionage as governments seek to secure their interests at home and abroad. They could extend also to technological espionage in situations of economic crisis and instability.
• New interception capabilities and data exfiltration methods. Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries.
• Mobile APTs develop faster. There are no good reasons to think this will stop any time soon. However, due to the increased attention given to this subject by the security community, the number of attacks being identified and analyzed in detail will also increase.
• Personal information abuse grows, armed with AI. It is very similar to some of the techniques used for driving election advertisements through social media. This technology is already in use and it is just a matter of time before some attackers take advantage of it.

This prediction piece was a combined effort of Kaspersky's GReAT team. Established in 2008, Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world. Today GReAT consists of 40+ experts working globally - in Europe, Russia, Americas, Asia, Middle East. Talented security professionals provide company leadership in anti-malware research and innovation, bringing unrivaled expertise, passion and curiosity to the discovery and analysis of cyberthreats.