As we welcome the new year, here at CSA we have received quite a number of different cybersecurity predictions, risks and trends to look out for in 2020, sent in by vendors and experts in the field. In this article, we will attempt to share with you some of the top predictions and those that have definitely caught our eyes.
Ransomware Is Here to Stay
First, let’s start with the obvious – ransomware. It has shown no sign of letting up and according to Jeff Hurmuses, Area Vice President and Managing Director, Asia Pacific at Malwarebytes, ransomware attacks on businesses and governments will continue at a more rapid pace, thanks to newly found vulnerabilities.
“In 2019, we have seen more malware developed to focus on business targets as opposed to the consumer. Compared to last year, we saw a 235% increase in threats aimed at organisations from enterprises to small businesses, with ransomware as a major contributor,” said Jeff.
He shared statistics from a Malwarebytes report which stated that in Singapore alone, ransomware detections against businesses in the last year have risen by 81%. Jeff predicts that more malicious tools will be designed to leverage more vulnerabilities to attack networks more effectively and “we are likely to see more non-affiliated cybercriminals utilising tricks developed by state-sponsored malware groups (APT) as we did with EternalBlue.”
Michael Sentonas, VP of Technology Strategy at CrowdStrike, concurred that ransomware will continue to be a huge issue because although enterprise ransomware is not new, attacks that were once the domain of consumers, whilst on decline in number, have spawned new monetisation schemes.
“Attackers have realised that businesses and governments have more valuable information to target, more money for ransom payments and poor cyber hygiene, which indicates 2020 will see an escalation in targeted enterprise ransomware,” he said.
Michael added that the Ryuk ransomware alone impacted hundreds of organisations. Attackers globally have seen the level of damage they can inflict and the massive ransom payments people were willing to make to recover their assets – ranging in the hundreds of thousands to nearly half of a million dollars for various payments made to cybercriminals.
As ransom requests are getting bigger and attackers globally are watching, Michael said cybercriminals will be moving away from the spray and pray method to become more globally organised from an operations standpoint in order to secure larger and larger pay-outs.
Cybercriminals are always looking for new ways to innovate and add new skills and techniques to their arsenal. Among the predictions we received, there were a few not-so-common modes of attacks that our experts thought would gain prominence in 2020.
Steganography, the process of hiding files within different files or formats, was one such threat mentioned by Josh Lemos, Vice President of Research and Intelligence, BlackBerry Cylance. He believes that steganography will grow in popularity as online blogs make it possible for threat actors to grasp the technique.
For instance, recent BlackBerry research found malicious payloads residing in WAV audio files, which have been utilised for decades and categorised as benign.
In response to this kind of threat, Josh said businesses will begin to recalibrate how legacy software is defined and treated, and look for ways to secure less commonly weaponised file formats, like JPEG, PNG, GIF, etc. without hindering users as they navigate the modern computing platforms.
Phishing, a very common (and not to mention effective) form of cyber fraud, will continue to evolve beyond email to be utilised in other formats such as SMS or video. This was one of the predictions made by Daniel Mountstephen, the Regional Vice President of Centrify in Asia Pacific & Japan, who said APAC has seen a dramatic increase in phishing attacks over SMS, WhatsApp or Facebook messenger — with the messages claiming to be from local banks, telcos and even supermarkets.
“Hackers have proven to be very capable of evolving to get around increased cybersecurity awareness, and phishing will continue to focus more on SMS and personal messaging services”, he said, before adding that phishing attacks by SMS (“SMishing”) will increase by more than 100% in 2020. “We’ll [also] see the first successful spear-phishing by video, as hackers leverage new tools like DeepFake technology to look and sound like a trusted person (for example, a Facetime with an attacker posing as the CEO),” Daniel added.
DeepFake was also mentioned by Jeff Hurmuses from Malwarebytes as among the technologies that will be used even more widely for malicious purposes this year. For example, he said scammers and malware authors will attempt to sabotage electoral candidates or politicians by spreading falsehoods. There may be more incidents like the controversial video of a Malaysian Minister or even the use of such technology to make women the victims of digital sexual crimes.
In Jeff’s view, DeeFake tech will either be incredibly subtle or incredibly convincing to the point where it would require a lot of digging to determine whether it was fake. “Regardless of the tactics for scamming, the real threat will be the attacks on our hearts and minds through social media and media manipulation,” he explained.
State-Sponsored Threats to Take Centre Stage
According to Josh Lemos from BlackBerry Cylance, state and state-sponsored cyber groups are the new proxies for international relations. He remarked that cyber espionage has been going on since the introduction of the internet, with Russia, China, Iran and North Korea seen as major players.
“In 2020, we will see a new set of countries using the same tactics, techniques, and procedures (TTPs) as these superpowers against rivals both inside and outside national borders,” Josh added.
Mobile cyber espionage will also become a more prevalent threat vector as mobile users are a significant attack vector for organisations that allow employees to use personal devices on company networks.
“We will see threat actors perform cross-platform campaigns that leverage both mobile and traditional desktop malware,” Josh said. He also shared that recent research discovered nation-state based mobile cyber espionage activity across the Big 4, as well as in Vietnam and there are likely going to be more attacks coming in the future. “This will create more complexity for governments and enterprises as they try to attribute these attacks, with more actors and more endpoints in play at a larger scale.”
This view was mirrored by Michael Sentonas from Crowdstrike, who said that state-sponsored and eCrime behaviour will continue to blend together. He elaborated by saying, “We have seen the blurring of the lines between nation-state and eCrime actors for multiple years now, and this trend has continued to escalate since 2017. It is not just because eCrime actors are becoming more sophisticated (they are), but it’s also largely because state-sponsored adversaries are leaning more towards using lower-level TTPs in order to thwart attribution efforts and to reserve their custom/advanced capabilities for more extreme needs.”