For example: major banks throughout Asia were hit by hackers deploying a malicious code, named Silence Malware, on the banks’ networks; Facebook was the victim of an attack that exposed 540 million records about Facebook users and published them on Amazon's cloud computing service; security researchers found four billion records from 1.2 billion people on an unsecured Elasticsearch server; the UK’s Labour Party reported it was hit with two DDoS cyber-attacks in the run up to the country’s general election; the city of Del Rio in Texas was forced to revert to pen and paper systems after a ransomware disabled their servers; and a lone hacker gained access to Capital One's secure network and more than 100 million customer accounts and credit card applications. 2019 was also the year of deepfakes, with 2% of deepfake videos on YouTube featuring corporate figures.
So what can we expect from the 2020 cyber threat landscape?
1. Ransomware will increase and diversify. Ransomware attacks are highly profitable and relatively simple for malicious actors to carry out. Last year there were ransomware attacks on cities, hospitals, businesses and universities. Atlanta spent $2.6 million to restore its systems rather than pay the $52,000 ransom. Ransomware in 2019 cost the healthcare industry alone over $25 billion. Ransomware attacks will become increasingly common as long as there are vulnerable targets and insurance companies behind them. Particularly vulnerable are critical network infrastructure entities, like rural power generation and utility companies, small local telephone companies and other mission-critical infrastructure that possibly don’t have the cybersecurity protection that their big city peers might have. Security specialist Fortinet has already identified DeathRansom as a concerning new malware to be mindful of in 2020.
2. Cyber threats go increasingly mobile. 2020 will likely see an increase in mobile threats, with hackers taking advantage of unsecured public Wi-Fi networks to tap into users’ web sessions and steal identity data and log-ins. Hackers will be ramping up attacks that target users’ smartphones and tablets, using malware hidden in ordinary-looking apps that users download unwittingly – just the first half of 2019 saw a 50% increase in mobile banking malware compared with 2018, for example, with users losing payment data, credentials and money to cyber attackers. Even public charging points can be stocked with malware by attackers, as counseled by LA County in late 2019. In 2020, the devices we use most frequently will become an increasingly popular attack surface.
3. Phishing will get even more sophisticated. Most cyber attacks today generally begin with a successful phishing attack. According to Microsoft, the number of inbound phishing emails more than doubled in 2019. In 2020, you can expect to see attackers continue to use targeted spear phishing attacks in big numbers, as open source intelligence (OSINT) tools like Maltego and the vast amount of personal data available on sites like LinkedIn and Facebook enable attackers to create ever more convincing phishing emails.
4. Worms make a comeback. Worms have always been popular because they self-replicate, helping hackers spread attacks without the need for user interaction. Following the drastic warning of the WannaCry ransomware cryptoworm attacks of 2017 that caused billions of dollars of damage, industry should have become a lot more vigilant. However, 2020 presents a new playing field for worms in the shape of Bluekeep, a Microsoft flaw that affects computers and server operating systems and can let attackers remotely run malware or ransomware on vulnerable computers.
5. AI and ML. 2020 will also see attackers increasingly use artificial intelligence (AI) and machine learning (ML) to scale up attacks past general human ability to recognize or respond to them. AI and ML enable malicious programs to learn to attack things by themselves and make cyber attacks quicker and easier to carry out. Using AI, an attacker can carry out multiple and repeated attacks on a network by programming a few lines of code to perform most of the work. “Hackers are turning to AI and using it to weaponize malware and attacks to counter the advancements made in cybersecurity solutions,” suggests Julien Legrand, Operation Security Manager, Société Générale in CISO magazine. Forrester Research has forecast that data privacy concerns will lead one in five enterprise customers to safeguard their data from AI.
What should you do?
The usual golden rules apply. IT and OT cybersecurity should be assessed at board level and managed as part of your critical business strategy and your organization’s corporate risk management. Don’t get carried away spending on new tech and shiny boxes; focus on finding a balance between spending on response and training as well as pre-emptive defense and detection.
Fortinet suggests that, in 2020, companies should work to combine ML with statistical analysis to predict attacks. ML and analytics can help you uncover cyber attackers’ underlying attack patterns, thereby enabling an AI system to predict attackers’ next moves, evaluate where a subsequent attack is most likely to occur and even determine which threat actors are the most likely originators.
Never assume, always prepare
According to IBM's latest annual Cost of a Data Breach study, data breaches cost up to $3.92 million when aspects like account notification costs, expenses associated with investigation, damage control, repairs, as well as regulatory fines and lawsuits are taken into consideration. In fact, costs have increased by 12% over the past five years.
In summary, as more and more sophisticated cyber threats come along, the best approach is constant vigilance. Never assume you will not be the victim of a big data breach or major hack – your company will always need to have managed threat management and intelligence in place as well as detection and response systems and services. Be careful out there.
In her blog, Mélanie Pilpré warns of vulnerability fatigue and the need to stay on top of patch management, while Rodrique Le Bayon discusses the role that AI can have in supporting cyberdefense. This IDC InfoBrief presents key findings from a new study about the perception of security at the board level. And finally, our Threat Intelligence services can help you identify threats in advance and cope with any breaches, if they occur.