- Insights
- Cryptocurrencies
- Stocks
- White Papers
- Industry
- Geography
The threats across cyber network are like moving target, as soon as you reach near such vectors, a new emergence comes into being. However, the ever-evolving nature of technology is considered as an anecdote for these situations. As 2019 was a hot mess for cybersecurity business, 2020 is more likely to promise good at its various touch points. To understand what is actually about to happen in cybersecurity industry, lets understand the layers and background through which threat vectors have moved from 2019 to 2020 in terms of global scenario, technological landscape and cyber background. Kevin Townsend the current founder of itsecurity.co.uk, considers 2020 as the rise of the world's elite hackers. In one of his blogs he explained the cyber threats for the year.
The year 2019 has seen a upsurge in geopolitical tensions between China, North Korea, Iran, and Russia and the liberal democracies which is fought economically and in cyberspace. This war is more likely to increase throughout 2020. In terms of technology, it simply implies accelerated efforts to disrupt public opinion and affect elections.
Where Iran and North Korea seek to punish the West for real or imagined slights, with increase in tensions, Iran may feel justified and motivated for cyberattacks on America. Moreover, Russia is looking forward to weaken the West while China, however, seeks to learn from, emulate, and overtake the west in economical as well as military aspects.
Observing the global scenario, Kevin says that "in all cases, there is a blurring (and sometimes an elimination) of lines between the elite criminal hackers and the state hackers. Both benefit. The state acquires increased expertise while the criminals get access to resources and state protection."
Throughout 2020, world will witness the increase in sophisticated attacks by the world's elite hackers. While Russian attacks will be disruptive, Iranian and North Korean attacks are likely to be noisy and dramatic. Besides, the Chinese attacks are expected to be the most dangerous but less dramatic as China seeks to infiltrate western companies, steal military and technology secrets, dominate western economies, and learn how to disrupt critical industries.
For IoT and Drones developments, 2019 has been a great year where for former it was the proliferation of wireless connected devices and for latter, it was tipping point for emergence.
It has been predicted that many new IoT devices will be manufactured in China; and even when they are designed and assembled in the West, the components will mostly belong to China. However, amid this Kevin has sensed two primary threats – first in terms of supply chains where there is the potential for hidden backdoors that can be exploited in the future, or methodologies for sending data back to the country of origin; and second is more widespread of lack of security. In second scenario, with the growing market, manufacturers rush to get new products to that market and in such rush security gets compromised.
Both nation-state and criminal hackers are more likely to target IoT devices across business IoT, smart devices in the home, and personal devices in 2020. Moreover, autonomous vehicle will be a local collection of many IoT devices and here the potential for hijacking smart cars becomes more threatening.
When it comes to Drones, 2019, saw them transition from specialty to commodity items. This means that their nuisance and privacy intrusion activity will flourish this year as well. Indicating towards the threats possessed by drones, Kevin quotes, "higher up the criminal chain, drones will be equipped with Raspberry Pi computers and Wi-Fi sniffers to intercept and listen in on telecommunications. These will be listening for sensitive information and for credentials to access corporate networks. Activists will also use drones to disrupt events or to make a political point – such as flying into commercial airspace to protest environmental pollution. At the opposite end of the same purpose, law enforcement agencies will use drones with facial recognition capabilities to monitor suspects and disrupt criminal activity."
It has been observed that activist use is a short step from terrorist use. Top recall, in September 2019 a successful drone attack against Saudi oil facilities was almost certainly directed by Iran which involved nation-state support, and the use of drones as a weapon. This is one such significant danger that will grow throughout 2020.
Besides IoT and drones, AI (Artificial Intelligence) which is so far seen as the great hope for cybersecurity, in future, it will also be used as a weapon by cybercriminals. Emerging from deepfakes and high targeted malwares, its potential threat will increase through 2020.
As deepfakes involve the use of ML to transpose the static image and recorded voice of a target onto a video of an actor, the technology will be used in various scams, particularly business email scams. Moreover, it can be used to sow discord and ruin reputations ahead of elections.
Additionally, according to Kevin, the ability to build intelligence into malware will enable highly targeted malware that is virtually undetectable. Such malware could be trained to detonate only if it recognizes a specific person or target. With this level of precision targeting, it can be used by average criminals seeking to infect as many victims as possible.
Magecart, targeted ransomware and Malware-as-a-service is expected to boom in 2020.
Magecart
In case of financial fraud, it is easier to get card numbers from online databases but alone card numbers are not enough without the CVV number, which has given ignition to growth in Magecart-style attacks. Such attacks involve "skimming" the details from the retailer's website as the payment details are entered in plain text and before the number is encrypted and the CVV number is discarded. Magecart attacks are more likely to become more sophisticated through 2020.
Targeted ransomware
According to Kevin, "until all organizations refuse to pay ransoms – which is unlikely if not impossible – criminals will continue to use ransomware. The bigger the target, the more it can afford to pay; so ransomware will increasingly be targeted at large organizations: manufacturing, healthcare, and municipalities."
Malware-as-a-service (MaaS)
Malware-as-a-service is growing rapidly and this is where elite or competent hackers develop malware that is then hired out to less tech-savvy criminals. MaaS appears as a quick, easy, and cheap way for wannabe criminals to steal money online and through 2020, this will grow even more.
