Security researchers from Blackberry Cylance offer their dire predictions for next year and beyond …
As we head into a new decade, what does technology have in store for organizations, especially when it comes to cybersecurity? Josh Lemos, Vice President of Research and Intelligence, BlackBerry Cylance has shared insights on how:
- Uncommon attack techniques will emerge in common software
- Changing network topologies challenge traditional assumptions, require new security models
- 2020 will see more cyber/physical convergence
- State and state-sponsored cyber groups are the new proxy for international relations
But first, let us meet PyXie: A nefarious new Python RAT (remote access tool) that will catch organizations off guard. The previously RAT has been around since at least 2018, but the cybersecurity industry has not paid it much attention. But analysts have found evidence that threat actors have deployed PyXie in an ongoing campaign that targets a wide range of industries. This includes their attempts to deliver ransomware to the healthcare and education industries using PyXie.
Some key highlights of the PyXie campaign include: Legitimate LogMeIn and Google binaries used to sideload payloads; a Trojanized Tetris app to load and execute Cobalt Strike stagers from internal network shares; and the use of Sharphound to collect active directory information from victims. Read more about PyXie here.
Four predictions to keep the world busy next year
Besides the threat of PyXie, four other cyber predictions loom large for next year and beyond, says Josh.
1. Uncommon attack techniques will emerge in common software
Steganography, the process of hiding files in a different format, will grow in popularity as online blogs make it possible for threat actors to grasp the technique. Recent BlackBerry research found malicious payloads residing in WAV audio files, which have been utilized for decades and categorized as benign. Businesses will begin to recalibrate how legacy software is defined and treated and effectively invest in operational security around them. Companies will look for ways to secure less commonly weaponized file formats, like JPEG, PNG, GIF, etc. without hindering users as they navigate the modern computing platforms.
2. Changing network topologies challenge traditional assumptions, require new security models
Network-based threats that can compromise the availability and integrity of 5G networks will push governments and enterprises alike to adopt cybersecurity strategies as they implement 5G spectrum. As cities, towns and government agencies continue to overhaul their networks, sophisticated attackers will begin to tap into software vulnerabilities as the higher bandwidth that 5G requires will create a larger attack surface. Governments and enterprises will need to retool their network, device and application security, and we will see many more organizations lean towards a zero-trust approach for identity and authorization on a 5G network. Threat detection and threat intelligence will need to be driven by AI/ML to keep up.
3. 2020 will see more cyber/physical convergence
As all sectors increasingly rely on smart technology to operate and function, the gap between the cyber and physical will officially converge. This is evident given the recent software bug in an Ohio power plant that impact hospitals, police departments, subway systems and more in both the U.S. and Canada. Attacks on IoT devices will have a domino effect and leaders will be challenged to think of unified cyber-physical security in a hybrid threat landscape. Cybersecurity will begin to be built into advanced technologies by design to keep pace with the speed of IoT convergence and the vulnerabilities that come with it.
4. State and state-sponsored cyber groups are the new proxy for international relations
Cyber espionage has been going on since the introduction of the internet, with Russia, China, Iran and North Korea seen as major players. In 2020, we will see a new set of countries using the same tactics, techniques, and procedures (TTPs) as these superpowers battle against rivals both inside and outside national borders.
Mobile cyber espionage will also become a more common threat vector as mobile users are significant attack vector for organizations that allow employees to use personal devices on company networks. We will see threat actors perform cross-platform campaigns that leverage both mobile and traditional desktop malware. Recent research discovered nation-state based mobile cyber espionage activity across the Big 4, as well as in Vietnam and there’s likely going to be more attacks coming in the future. This will create more complexity for governments and enterprises as they try to attribute these attacks, with more actors and more endpoints in play at larger scale.
With all these forewarnings given to us, we will hopefully have a merry decade ahead nevertheless!