As technology continues to rapidly evolve, we can expect that cybercrimes will also increase. Hackers and cybercriminals will always try to find new vulnerabilities and loopholes. This year, we have witnessed some of the most high-end cyber-attacks. These have targeted both governmental organizations and worldwide companies.
In March 2019, Russian hackers targeted different European agencies ahead of the European Union elections in May. The same month this year, United States officials reported that 27 universities had been a target of Chinese hackers. A month later, a pharmaceutical company known as Bayer announced that it had prevented hackers from stealing its sensitive intellectual property. And they are just the reported attacks. It's clear this type of activity will not be slowing down.
In this article, we are going to look at the top five cybersecurity trends for 2020.
1. Increase in Mobile Malware
With mobile usage at an all-time high, this gives cyber criminals a very big audience to target. With thousands of apps being downloaded every day, from mobile banking to online shopping, it's no wonder mobiles are becoming the prime target. A report by CrowdStrike predicts criminals, as well as adversary groups, will increase their attacks on mobile devices in 2020, with sham mobile apps on the increase. According to Kaspersky Lab, there was a worrying rise in mobile malware disguised as legitimate banking apps that were designed to steal money and credentials from users' accounts. The majority of mobile malware is widely distributed from third party sources. Users should therefore be on the lookout for phishing messages that are delivered by email or SMS. It should go without saying that you should only ever download apps from trusted app stores.
2. Internet of Things (IoT) attacks
Statista predicts that there will be over 30 billion connected devices come 2020. The truth of the matter is that Information Technology has been outpaced by the adoption of the Internet of Things. As a result, IoT devices will remain unmanaged leading to a huge visibility gap. As the 5G network continues to roll-out worldwide, cybersecurity will be a problem as data volumes and connected IoT devices rise, thus giving hackers more and more opportunities. There has been an increase in IoT attacks since the famous Mirai botnet attack back in 2016. We can expect this type of cyber-attack to increase in 2020. Hackers will try to leverage more devices that can be used to deliver attacks such as misinformation and malware. Due to the nature of IoT, there are a lot of devices in several industries that can be targeted. These include medical devices, industrial control systems and even cars. Getting access to these types of systems will allow hackers to pose a significant threat. If an IoT gadget does become compromised, your whole network could be next. Businesses must eliminate Internet of Things blind spots. They need to classify and discover the devices in the whole enterprise environment.
3. Targeted Ransomware
The third trend to look out for in 2020 is targeted ransomware. This form of attack is very dangerous and poses a growing threat to many organizations today. In the last 2 years there has been a significant increase in targeted ransomware. If this type of attack is successful, it can be devastating for any business large or small. In 2019, more and more groups have appeared like RobbinHood, GoGalocker, and MegaCortex. GoGalocker, for example, deploys different detection evasion techniques, such as digitally signing ransomware using legit certificates. This reduces the likelihood that they will get flagged for being untrustworthy. You can be sure in 2020 we will see a few high-profile attacks of this kind.
4. Open source hacking tool adoption
Businesses are quickly adopting open source software. However, this presents a myriad of risks and security vulnerabilities. Open-source hacking is another cybersecurity threat that is expected to increase in 2020. This type of attack was seen in 2018 and 2019 and is favoured by hackers compared to custom-made malware. We saw new hacking tools being released by attackers in 2019 in dark web marketplaces as well as hacking forums. So, as we enter 2020, you can expect to see cybercriminals launching more complicated attacks. Using better social engineering techniques, better tools, as well as broader targets. To safeguard against this risk, you need to evaluate security controls to ensure even the most basic security measure is followed. The Center for Internet Security offers organizations a prioritized number of tools that should be implemented.
5. Managed Service Providers (MSPs) are targeted by cybercriminals
In 2019, cybercriminals aimed their attacks at external companies that remotely manage an organisation's IT systems (otherwise known as MSPs). They seized tools that were used to manage customer information, technology systems and vehicles. Managed Service Providers have been centre stage for high profile attacks, which have eroded customer confidence. In recent years, ransomware attacks have aimed their attacks at software that many Managed Services Providers use to manage operations. In 2019, Wipro warned that employee accounts were compromised during a phishing campaign that allowed attackers to use its systems to launch cyberattacks on customers. MSP attacks usually revolve around weak password management and compromised user credentials. To protect yourself against MSP attacks, you need to enforce a strong password policy. You can also enforce a multifactor authentication as a policy in case your systems are at high risk.
It is expected that cybersecurity will continue to be a top priority for companies in the coming years. Businesses of all sizes are taking these threats more and more seriously, which of course they should be doing.
Data breaches continue to rise and cybercriminals are using complicated techniques such as Artificial Intelligence to penetrate well-secured systems.
Cybersecurity threats are becoming more dangerous than ever. Businesses need to employ new methods to protect and combat against these cyber threats throughout 2020 and beyond.
About the Author:
Jonathan Krause, Founder & Owner, Forensic Control
Jonathan is a leading cyber security and digital forensic specialist based in London, UK. After working as a computer forensic specialist in the Hi-Tech Crime Unit for the Metropolitan Police at New Scotland Yard, Jonathan founded Forensic Control in 2008. Since then, Jonathan and his team have advised on hundreds of data breaches for corporate clients of all sizes. Jonathan can be reached online at [email protected] and at our company website https://www.forensiccontrol.com/