Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Karl Sigler, Threat Intelligence Manager, Trustwave
SpiderLabs
The Biggest Security Threats and Cybersecurity Predictions for 2020
We're
entering a new decade of cybersecurity threats, and organizations and consumers
should keep a few risks top of mind. Here are some of the key cybersecurity
threats and challenges to look out for in 2020.
1. The widespread prevalence of
facial recognition used by apps and devices could draw deep fake attacks.
We expect to see deep fake videos
increasingly used to tarnish the careers or reputations of individuals,
particularly politicians as we near the 2020 presidential election. High
profile people are perhaps most at risk, as deep fakes require abundant
source material already available to pull audio and video required to
create realistic simulations. Deep fakes are in its infancy and it remains
to be seen how far cyber criminals will go for now, this type of threat
targeting the general population remains more in the realm of fantasy than
credible threat.
2. Ransomware attacks on cities and
governments will continue to grow.
A number of successful ransomware attacks
targeting large organizations, critical infrastructure, branches of
government and cities were conducted in 2019. These coordinated
cyberattacks can cripple victims completely, shutting down core services
and rendering operations useless. We'll likely see organizations not
prepared for such attacks continue to pay out ransoms in order to avoid
downtime and loss of data. Unfortunately, these successful pay-outs show
hackers that ransomware can be quickly profitable (and relatively easy to
pull off), which will cause ransomware attacks to grow in 2020 as
cybercriminals continue to evolve their techniques and coordination
strategies.
3. As digital currencies stabilize,
crypto mining will remain popular but cryptojackers will turn toward
custom scripts.
The stabilization of the price of cryptocurrencies
like Bitcoin makes cybercriminals put more faith in their hard to trace
currency of choice. Getting paid in crypto is now more attractive - since
criminals can worry less about their earnings being suddenly devalued by
the market over the course of a day. However, with the shutdown of the
popular Coinhive cryptomining service in 2019, hackers may need to start
creating their own, custom scripts in order to remain undetected. Most
defense teams know how to easily identify mainstream crypto mining scripts
and are adept at catching miners who don't know how to cover their tracks.
More sophisticated hackers could set up their own backend and customized
JavaScript to feed mining processing power. This could give security teams
a harder time in 2020 - but the cat and mouse game is getting closer each
year as security teams get smart to nontraditional mining setups.
4. 5G adoption will drive hackers to
target mobile as a main attack vector.
The proliferation of 5G will make
Wi-Fi and hard lines no longer a necessity for fast internet connections.
Because of the freedom and speed 5G provides, we will see more consumers
relying on their 5G enabled mobile devices as their sole means for
internet access. Though today's mobile-based malware is notoriously
difficult to set up and distribute, we'll start seeing mobile malware that
piggy backs on social engineering attacks, specifically targeting bank
transfers and ecommerce transactions. This social engineering component
via phishing emails and text messages will make the malware easier to
inject and spread. While 5G has many built in protections against direct
attacks, as the protocol begins to develop more widespread adoption, we
will likely see a further degrading of the traditional "network
perimeter". With that will come more challenges for security professionals
trying to ensure the security of the data and systems in their charge.
5. Dev-security lifecycle becomes the
Achilles heel for IoT devices.
IoT devices are not getting any safer. With the huge
influx of IoT devices in homes and organizations, the attack surface
targeted by criminals is just getting larger and more diverse.
Manufacturers and developers need to take the security reins. But today's
IoT solutions are often missing security quality assurance during their
product development lifecycle. High bandwidth, direct connections to the
internet via 5G will increase the threat of Mirai-like botnets. These
direct connections will also provide attackers the ability to bypass
perimeter protections that are normally in place in homes and
organizations. All manufacturers should add security vetting to their
product development lifecycle, especially with the cloud and 5G in mind,
to get IoT device security in check before the number of vulnerable
devices in the market becomes overwhelming.
6. Magecart
and similar attacks will proliferate.
The adoption of EMV chip-enabled payment cards and
readers have made it much harder for hackers to compromise point-of-sale
systems and as a result, criminals' use of physical card skimmers and POS
malware has decreased. As a result, hackers have shifted their focus to target
ecommerce platforms. This increased focus has led to an explosion in virtual
card skimmers that target online shopping cart platforms, stealing consumers'
payment card data during checkout. The most prolific have been from the group
known as Magecart, which target the popular Magento ecommerce platform. The
Magecart threat will continue to grow in 2020. Ecommerce organizations that
don't have the resources or security know-how to implement the minimal best
practices of PCI compliance are at big risk - and they're putting their
customers at risk as well. Unfortunately, these vulnerable organizations are
typically smaller, "mom-and-pop" storefronts with weak security maturity. Every
organization that accepts payments, no matter how big or small, should invest
in proper security measures including regular vulnerability assessment to keep
their customers' sensitive data safe.
##
About the Author
Karl
Sigler is Threat Intelligence Manager at Trustwave where he is responsible for
research and analysis of current vulnerabilities, malware and threat trends.
Karl and his team run the email advisory service, serve as liaison with
Microsoft MAPP program, and coordinate disclosures of discovered
vulnerabilities. Most recently, Karl was one of the security researchers
instrumental in identifying "Backoff" point of sale malware that affected
more than 1000 retailers worldwide.
Before
joining Trustwave in 2013, Karl worked as the head of the IBM X-Force Education
group for 12 years and has presented on topics like Intrusion Analysis and
Penetration Testing to audiences in over 30 countries. In 2003 he released
Knoppix-STD, the first Live LinuxCD dedicated to pen testing and forensics and
a predecessor to distributions like BackTrack, Kali and Pentoo.