When predicting yearly trends, experts can focus on being entertaining or accurate. Here are five trends leaning towards veracity …
As 2019 comes to an end, one thing you can be sure to see is a barrage of cybersecurity predictions ranging from the more “realistic” predictions to the “finger to the wind” guesses that are just interesting to read, even if they never come true.
In cybersecurity, preparedness is critical. Therefore, my pro-realistic predictions will focus on the issues that we are likely to see in 2020, with an emphasis on which attack vectors are most likely to be exploited and more importantly, what you can do about it.
Here are five cybersecurity threat predictions to consider for 2020:
1. Targeted enterprise ransomware escalates
Although enterprise ransomware is not new, attacks that were once the domain of consumers whilst on the decline in numbers have now spawned new monetization schemes. As such, ransomware will continue to be a huge issue in 2020. Attackers have realized that business and governments have more valuable information to target, more money for ransom payments, and more vulnerable cyber hygiene. This strongly indicates 2020 will see an escalation in targeted enterprise ransomware. 2019 saw over 70 state and local governments crippled with ransomware.
Just the Ryuk ransomware alone impacted hundreds of schools, and attackers globally have seen the level of damage they can inflict; and the ransom payments to recover are massive! In 2019, multiple U.S. organizations reported ransomware payments ranging in the hundreds of thousands to nearly half of a million dollars made to cybercriminals. As ransom requests get bigger and cybercriminals globally are watching, cybercriminals have moved away from the spray- and-pray method to become more globally organized from an operations standpoint, securing larger and larger payouts.
2. Server Message Block (SMB) threats to increase in 2020
The old adage in cybersecurity, “old vulnerabilities cause big damage” will ring true in 2020. Attackers will look to increase development of exploits that take advantage of the vulnerability in Microsoft’s SMB protocol and they will do it with great success. Ransomware such as Ryuk allows an attack on a single infected device to quickly spread throughout an organization. This continues to indicate that the family of exploits used in the ransomware attacks of 2017 will continue to devastate the millions of still unpatched endpoints.
3. Iran’s continued development and potential use of destructive attacks will increase
Iranian adversaries have carried out some of the most destructive attacks in recent years. As such, intelligence gathered in the last few months of 2019 suggest the groundwork is being laid for more destructive cyberattacks in 2020, rather than cyber espionage and intelligence gathering. Iranian adversaries continue to show advanced skills and techniques, which includes the development of destructive malware that can be used to target other governments around the world.
4. Increased balkanization of technology domains to protect national interest and infrastructure
Internet balkanization refers to the segmentation of one global open Internet into multiple smaller Internets, potentially aligned against geopolitical boundaries. The balkanization of the Internet in 2020 will continue due to technological, political, economic and nationalistic agendas. 2020 will see more government efforts to reclaim the Internet—with China, Russia and Iran continuing to take technical control over the Internet. Additionally, we will see more balkanization of technology domains to protect national interests and infrastructures. This is based on historical precedents linked to governments being banned from international competitions.
With Russian being banned for four years from participation in international athletic competitions, including events such as the Tokyo 2020 Olympics and Paralympics, Russian state-nexus adversaries may respond with targeted intrusions and/or information operations targeting event organizations, although no such efforts have been observed as of this writing. And with some countries banning technology from certain Chinese and Russian companies (and the increase in risk from nation-state cyberattacks), we expect to see greater balkanization of the Internet and technology domains.
5. State-sponsored and eCrime behavior will continue to coalesce
We have seen the blurring of the lines between nation-state and eCrime actors for multiple years now, and this trend has continued to escalate since 2017. It is not just because eCrime actors are becoming more sophisticated (actually they are), but it is also largely because state-sponsored adversaries are leaning more towards using lower-level tactics and techniques in order to thwart attribution efforts and to reserve their custom/advanced capabilities for more extreme needs.
Regardless of the nature of predicted threats, the best defense is to implement true next-generation solutions that offer endpoint detection and response (EDR); managed threat hunting; antivirus safeguards offering behavioral analytics and machine learning; and automated threat intelligence. These tools are key to gaining the visibility and context businesses need to meet critical outcome-driven metrics, and to be on guard against even the most sophisticated adversaries.