Eight cyber threats to watch out for next year
2020, year of cyberattacks?
With attackers predicted to leverage AI in building a guerilla warfare strategy to throw cyber defences off balance and maximise the impact, 2020 is set to be a challenging year for businesses, governments and civilians. Attacks like deepfakes, APTs, ransomware and web skimming will take centre stage in 2020, according to a report by IT security firm Seqrite. The report paints a grim picture, of an impending perfect storm of cyber threats. Here are the top threat predictions.
Magecart proved to be a prominent web-skimming attack in 2019, with thousands of websites compromised to deliver skimming code. Similar to Magecart, Pipka is another web skimmer which has recently emerged having self-deleting code abilities. Skimming attacks are set to increase in 2020, with a huge number of new and more dangerous threats emerging.
Deepfakes to cyber frauds
2020 promises to be the year deepfakes come of age. Created using deep learning technology, deepfakes can be used to create fake news and even carry out cyber frauds. A company’s CEO featuring in a deepfake video asking colleagues or employees to transfer funds is a classic example of a deepfake video.
Until now, publicly available exploit codes for Bluekeep could only achieve DoS attacks on a victim’s machine. It’s only a matter of time before attackers will figure out ways to exploit the vulnerability to its full potential and deliver Trojans and ransomware. In fact, ransomware authors are constantly on the lookout for such wormable exploits, as it makes lateral movement easier.
Apt attacks on critical infrastructures
The APT attack on Kudankulam Nuclear Power Plant underlines the significance of security of the critical infrastructure. We may witness a rise in APT attacks on critical public infrastructure like transportation networks, power plants and telecommunication systems. Such attacks can function in hiding for days, even months, stealing very large chunks of data before being detected.
Macro-based office exploits
As Microsoft has taken many steps to block MS Office exploits in the newer version of Windows, it’s hard to execute exploit code on Windows. However, Macros will execute in all versions of MS Office. There are many open source obfuscators and macrogeneration tools freely available to create a macro-based payload.
A window opens
Since Microsoft is ending its support for Windows 7 from January 14, 2020, technical support and updates will no longer be available. In the last quarter, we saw 67% of attacks on Windows 7 itself, which will increase in 2020 because of the lack of support.
Rise & rise of lolbins
Cybercriminals will increase the use of ‘Living Off the Land’ techniques to bypass traditional security tools and application whitelisting. They may adopt new techniques to bypass behavioural-based detections.
Ransomware to darken the cloud
Apart from attacks on individual computers and critical infrastructure, ransomware will be directed towards the fairly nascent concept of data stored on the cloud. Cloud infrastructure has vulnerabilities which, perhaps, the attackers are aware of but aren’t brought to the attention of respective cloud technology developers. Hackers will ensure exploiting the cloud to steal copious amounts of data.