author photo
By Bruce Sussman
Thu | Dec 12, 2019 | 8:59 AM PST

We just finished reading a new report on cyber threat predictions for 2020. It catches you right at the start with the tagline:

"The Future is Complex, Exposed, Misconfigured, and Defensible."

Yes, we can picture that. Now let us share some specifics.

15 cyber threat predictions for 2020

Cybersecurity firm Trend Micro is known for quality research on cybersecurity topics and trends. 

Here is what the company's research team is predicting around 2020 cyber threats that organizations are expected to face, and why:

1. Patching dilemma

"System administrators will find themselves in a dual predicament: ensuring the timeliness as well as the quality of patches being deployed.

Patch-related issues leave open windows of exposure that attackers will use as points of entry. We anticipate more cases of patch bypass when the patch released is insufficient. For example, an attacker can trigger an exploit by changing a couple of lines to the fix's code. Last year, a patch for a then zero-day vulnerability in the Microsoft Jet Database Engine was found to be 'incomplete,' that is, the flaw was only limited and not eliminated. This year, hackers exploited vulnerabilities in Cisco routers that were later found to have incomplete fixes."

2. Enterprise deepfakes added to BEC/CEO fraud attacks

"Deepfakes will be the next frontier for enterprise fraud. News of cybercriminals using an AI-generated voice in social engineering surfaced in 2019. An energy company was reportedly defrauded of US$243,000 by scammers who used AI to mimic the voice of the firm's CEO. More attempts will exploit the technology, using deepfakes of decision-makers to deceive an employee into transferring funds or making critical decisions."

3. Attacks will use 'wormable flaws'

"We will hear more of BlueKeep, and exploitation attempts on other known high-severity vulnerabilities will be forthcoming. Widely used protocols, such as Server Message Block (SMB) and Remote Desktop Protocol (RDP), will be in the spotlight for attackers seeking to exploit unprotected systems. The SMB protocol was notably the vehicle for the infamous WannaCry and NotPetya attacks. RDP is no stranger to security issues as well. Aside from being accessed by BlueKeep to run, it is also a common entry vector for ransomware; attackers behind the SamSam ransomware scan for devices with exposed RDP connections."

4. 5G implementation = new opportunities for cybercriminals

"Full 5G implementation in 2020 will introduce new challenges: vulnerabilities simply on account of the newness of the technology and vendors' unpreparedness for threats that may take advantage of it. Since 5G networks are software-defined, Trend Micro says threats will stem from vulnerable software operations and the distributed topology."

5. More attacks on critical infrastructure

"Ransomware will still be the threat actors' weapon of choice given its destructive impact, but we'll also see other cyberattacks: botnets mounting distributed denial-of-service (DDoS) attacks against operational technology (OT) networks; attacks on manufacturing systems that use cloud services; supply chain attacks where third-party vendors are compromised as springboards for threat actors to target critical sectors."

6. Cloud and DevOps migrations increase risks

"Vulnerabilities in container components will be top security concerns for DevOps teams. The container space is fast-paced: Releases are quick, architectures are continually integrated, and software versions are regularly updated. Traditional security practices will not be able to keep up. An application may now require an organization to secure hundreds of containers spread across multiple virtual machines in different cloud service platforms."

7. Serverless platforms will introduce an attack surface

"Hackers will exploit this surface through misconfiguration and vulnerable codes. Serverless platforms offer 'function as a service,' allowing developers to execute codes without the organization having to pay for entire servers or containers. Outdated libraries, misconfigurations, as well as known and unknown vulnerabilities will be the attackers' entry points to serverless applications." 

8. Code injection attacks in the cloud

"Code injection attacks, either directly to the code or through a third-party library, will be prominently used against cloud platforms. These attacks—from cross-site scripting and SQL injection—will be carried out to eavesdrop, take control of, and even modify sensitive files and data stored in the cloud."

9. Hackers moving to the cloud, too

"Cloud-related data breaches will increase as software-, infrastructure-, and platform-as-a-service (SaaS, IaaS, PaaS) cloud computing models are widely adopted."

10. Increasing OT and IIoT attacks

These attacks will go beyond critical infrastructure: "Apart from the utilities sector, we anticipate attacks on the food production, transportation, and manufacturing sectors, which increasingly use IoT applications and human-machine interfaces (HMIs).

The increased migration to the cloud, for instance, exacerbates human error: Misconfigurations contribute to the possibility of exponential compromise. The sheer number of connected assets and infrastructures further creates a slew of issues that opens doors to threats. Enterprise threats will be no less complex, mixing traditional risks with new technologies, like artificial intelligence (AI) in business frauds."

11. Cybercriminals will turn to Blockchain, too

"Trust will play a more critical role in underground markets, as evidenced by the implementation of vetting and escrow payments in high-risk transactions. Blockchain will be seen as a new means to establish a distributed trust system among buyers and sellers; smart contracts will enable cybercriminals to formalize cryptocurrency payments and record them on the blockchain."

12. Managed Service Providers (MSPs) face increasing attacks

"Managed service providers will be compromised for malware distribution
and supply chain attacks. Also, attackers will find distributors or suppliers with weak security postures to spread malware to customer organizations. For instance, a breach in a software provider's infrastructure allowed hackers to deploy ransomware on hundreds of dental offices' systems. This trend will continue, if not pick up pace."

13. IoT devices will be used for espionage and extortion

"We foresee cybercriminals and threat actors using machine learning and AI to listen in on connected devices in enterprise settings, such as smart TVs and speakers. They can use language recognition and object
identification to snoop on personal and business conversations. From there, they can identify a set of targets for extortion or gain a foothold for corporate espionage."

14. Remote work re-defines supply chain attacks

"Organizations will have to be wary of risks introduced by work-from-home arrangements and internetconnected home devices that blur the lines in enterprise security. After all, working in home environments is not as secure as being in the corporate network.

Using the troves of personal information they have already amassed, cybercriminals will design enterprise attacks using home and public networks by impersonating employees. These increasingly sophisticated
attacks will extend business email and process compromise well past simple redirection of funds or malware infection. The employee's home environment will become a launch point for supply chain attacks."

15. Deserializaiton bugs will be exploited

"Rather than finding several flaws to chain together for code execution, attackers can exploit deserialization bugs instead to easily gain complete remote control and execute code automatically even in complex environments. Serialization and deserialization are important concepts in Java applications and are common to many web applications and middleware products. Serialization is a technique that many programming languages use to translate an object into a format that can be stored or transmitted. Deserialization is the reverse of that process."

Strategy for defending against 2020 cybersecurity threats

The cyber threat predictions report also includes a significant list of elements that should be considered in your 2020 cybersecurity strategy.

This is how researchers describe attack mitigation: "A  cross-generational blend of multilayered and connected defense."

For many more specifics on the defenses and the cyber threats, read the report for yourself:
The New Norm: Trend Micro Security Predictions for 2020

Comments