The 2020 Cybersecurity Landscape
Here we are again for the annual prediction of the events that I believe will impact the cybersecurity landscape in the next year. Let’s try to imagine what threats and bad actors will influence the cyber arena in the next 12 months.
Targeted ransomware attacks on the rise
In 2020, we will witness an increase of targeted ransomware attacks. Threat actors behind ransomware campaigns will switch tactics, leveraging access to organizations available for sale in the cybercrime underground.
Targeted ransomware attacks require a more accurate intelligence-gathering activity on the victims, but they can allow criminals to earn much more money and inflict maximum disruption to the victims.
This new tactic will allow threat actors to tailor attacks to organizations and large enterprises in almost any industry.
The targeted ransomware technique will lead to increased ransomware demands. Hospitals, school districts and municipalities continue to be privileged targets of cybercriminal organizations likely because they have limited resources and poor cyber hygiene.
Most nation-state attacks remain unattributed
Geopolitical tensions will cause a significant increase of cyber espionage campaigns and disruptive cyberattacks. Once again, the lack of a global framework of norms of state behavior in cyberspace and the absence of sanctions for rogue nation-state actors will continue to encourage state-sponsored hacking.
APT groups linked to Russia and China will carry out numerous operations against countries worldwide, respectively aimed at Western and Asian states. The level of sophistication of campaigns carried out by nation-state actors will continue to increase, making it impossible to attribute to specific threat actors. In 2020, the number of attacks associated with Advanced Persistent Threat actors that haven’t been previously identified by the security researchers will increase.
IoT devices under attack
The exponential increase in the number of IoT devices, along with the 5G networks roll out, will dramatically increase the number of attacks against smart devices on a large scale.
We will see a rapid increase in the number of IoT botnets, even if most of them will be based on the best-known bot (i.e., the Mirai bot).
Although the device vendors are implementing new security features in their systems, a lot of them from many manufacturers still do not implement security-by-design, making these systems easy to hack.
I expect that specific segments of IoT may become more secure over time, but the main problem with these families of devices could be that the speed to market takes precedence over security. This is a dangerous process, resulting in a growing number of vulnerabilities in the devices that could be exploited by attackers.
AI-based attacks, a nightmare for security experts
The adoption of AI dramatically improves the early detection of the threats and their mitigation. AI accelerates the identification of threats, especially new ones, and helps organizations to rapidly respond to them to block ongoing attacks. According to Capgemini, 63% of organizations are planning to deploy AI-based solutions in 2020, most of them to improve network security.
However, threat actors like nation-state hackers will take advantage of the same intelligence to gather information on their adversary and adapt the hacking techniques to the real-time response of the organizations under attack.
AI-powered defense systems are currently used to automate manual tasks and enhance human activities, but their involvement in offensive operations will characterize the next years.
Particularly dangerous will be the adoption of AI-based systems in misinformation campaigns carried out by nation-state hackers, and in the generation of deep fakes.
Compromised credentials and data breaches will continue to be a problem for organizations
According to the Data Breach Report published by the Identity Theft Resource Center, more than 1,200 data breaches were disclosed in 2019. As a result, hundreds of millions of records flooded the cybercrime underground. The availability of such data will be the root cause for most of the data breaches reported in 2020. In the next 12 months, we will see the rise of credential-stuffing attacks.
Credential stuffing is a type of attack where stolen account credentials (i.e., lists of usernames or email addresses and the corresponding passwords) obtained from past data breaches are used to access user accounts through large-scale automated login requests. The attackers automate the logins for thousands or millions of previously discovered login credentials using web automation tools available online.
With the availability of such a huge amount of data, credential stuffing will become a popular money-making method for cybercriminals.
ICS/SCADA systems are still too vulnerable
In 2020, the number of cyberattacks against ICS/SCADA in critical infrastructures will continue to grow. In most cases, these systems were not designed to be exposed online or remotely controlled. For this reason, it will be quite easy for attackers to exploit vulnerabilities affecting them.
Most of the attacks launched by threat actors against ICS/SCADA systems will be opportunistic in nature, however, state-sponsored hackers could launch targeted attacks against critical infrastructure of foreign states.
Energy, healthcare and facilities industries will be the most-targeted sectors in the next year.
The good news is that vendors of ICS solutions will release new products that implement efficient security controls. However, organizations will take years to replace legacy technologies they use.
Supply chain attacks will grow slightly in frequency
Software and hardware supply chain attacks will characterize the threat landscape in the next 12 months. Attackers will attempt to compromise the supply chain of legitimate software packages by implanting malware. The attacks will aim at both software vendors during the development phase and third-party suppliers. Attackers seek to replace legitimate software and related updates with tainted versions to distribute malware through the legitimate software’s distribution channel.
The software supply chain attacks will increase in volume and level of sophistication, and we can’t underestimate the risk of more insidious hardware supply chain attacks.
In the last months, threat actors developed malicious rootkits to compromise UEFI/BIOS. The likelihood that malware like this could compromise the supply chain of software shipped out to millions of computers is high. Such attacks are very difficult to detect and implanted malware would be very difficult to remove, even after computers are reformatted.
Supply chain attacks will be a privileged attack option for nation-state actors that explore new and more sophisticated methods to infiltrate target organizations.
Cybercrime-as-a-service — stronger than ever
The crime-as-a-service (CaaS) model will continue to fuel the growth of the cybercrime ecosystem. The model facilitates the emergence of new criminal organizations and speeds up the operations of existing ones.
CaaS allows attackers to rapidly access malicious services and products, including malware, exploits, DDoS-for-hire services, RDP accesses and botnets.
The crime-as-a-service is also interesting for nation-state actors, who could leverage services available with this model to rapidly arrange hacking operations, making their attribution complex.
Among the numerous services offered in the cybercrime underground, ransomware-as-a-service platforms, DDoS-for-hire platforms and spamming services will monopolize the threat landscape in the coming months.
Reinventing Cybersecurity with Artificial Intelligence, Capgemini Research Institute
Data Breach Reports, ITRC