Bitdefender 2020 Cybersecurity Predictions

With 2020 just weeks away, here at Bitdefender we wanted to share our forecast for the year to come. That said, here are our top predictions for the cybersecurity space in 2020 and what we should be looking out for.

More vulnerabilities with greater impact

Reports of vulnerabilities and exploits are likely to rise in 2020. The number of CVEs has increased steadily over the past couple of years, and it has never fallen two years in a row. Also, given the increased fragmentation of hardware and software, and the adoption of large-scale open source and “tweaked” hardware design, we can likely expect a cascade effect when a vulnerably is found in a component and used en masse. These vulnerabilities will affect many vendors and manufacturers, potentially with profound consequences on consumers and organizations.

Increased adoption of bounty programs by companies and organizations has also stimulated the growth of ethical disclosures. However, non-disclosure timelines have sometimes been pushed to more than six months, which will cause a rollover in 2020 of vulnerabilities reported in 2019.

As of August 2019, over 100 certified CVE numbering authorities (CNA) have voluntarily picked up the task of documenting and assigning CVE scores and numbers to reported vulnerabilities. This increase also indicates that more vulnerabilities are being - and will be - reported, requiring more resources to document and process them.

Complexity of software and knowledge needed for attacks and protection will increase. Malware sophistication grows

Successful attacks targeting everything from web and cloud to social engineering, artificial intelligence, and even low-level hardware flaws will require far more advanced and in-depth knowledge from hackers. This will lead to increased malware sophistication, with attackers potentially developing new tools and techniques for dodging traditional security layers.

Increased diversification of IoT without proper security: attacks on infrastructures and reruns of old CVEs

With an estimated more than 20 billion IoT devices to be connected to the internet in 2020, the number of attacks targeting unpatched vulnerabilities will Increase. With no security frameworks or regulations available to ensure the security of the devices and the data they collect, process, and distribute, and a lack of regular patch cycles pushed by vendors to address known vulnerabilities, we’ll likely see old CVEs used time and again to compromise IoTs. Industrial IoTs are also likely to become more appealing for threat actors, potentially government-motivated, as they can be used to disrupt critical services and infrastructures.

State actors will increasingly use cyber-warfare, at least covertly. Attribution to other nations

The Shadow Brokers leak, which revealed tools specifically built to plant artifacts within APTs that point to various countries, helps illustrate how cyber-warfare malware will become increasingly difficult to attribute to a specific nation or nation-sponsored cybercriminal group. Geopolitical context will fuel development and use of cyber weapons, either for espionage or political manipulation, or even to disrupt critical infrastructures. With US presidential elections playing a vital role in the world of global politics, more APTs will likely be uncovered and attributed to political motives.

Fight against government censorship (fight for privacy) will increase

Backlash from legislation to bolster censorship or weaken encryption tools and services will continue throughout 2020 as privacy advocates and organizations fight against it. The Australian government recently faced backlash from large tech companies after proposing legislation enabling law enforcement to decrypt specific communications and provide "voluntary" help by sharing technical details regarding new technologies and services being developed.

As such, more privacy and encryption-oriented tools and services are likely be adopted by both average users and cybercriminals.

DeepFakes/FakeNews

DeepFake techniques will improve and may spur new waves of cybercrime. DeepFake audio phone calls have already been used in scams, tricking organizations into transferring funds to attacker-controlled accounts. Cybercriminals got away with $243,000 by impersonating a Germany energy company’s CEO. The DeepVoice scam persuaded the CEO of the U.K. branch to wire the funds to a Hungarian supplier, within the hour.

These incidents show how artificial creation of video and audio content using machine learning will likely result in more social engineering scams by fraudsters.

The 2020 United States presidential elections, an event of extreme importance, may also give rise to fake news and scams. Allegations of interference from outside states generated intense controversy in the last presidential election, and security and media outlets are likely to spot more deepfakes and fake news in 2020.

Targeted ransomware

While the GandCrab ransomware family has been decommissioned by its operators, others with striking similarities and the same business model – such as Sodinokibi – have become increasingly popular. Ransomware families that target specific verticals, such as healthcare, critical infrastructure and education, will become more prevalent. More GrandCrab spinoffs, perhaps even developed by the same group, will likely emerge with new “features” to dodge security and maximize profit.

Ransomware campaigns targeting service providers could also intensify, as successful compromise could lead attackers to more infrastructures and, implicitly, more endpoints. New targeted ransomware attacks are also likely to exploit vulnerabilities at the network layer by scanning for exposed and vulnerable services, such as terminal services, coupled with tools designed for lateral movement.

FinTech attacks

As financial institutions come under increasing pressure to create APIs and open up their infrastructures to FinTech companies, cybercriminals will likely target these organizations, both because they may have lax security measures and because they store, process and have access to critical financial and sensitive user data.

FinTech startups are more likely to be vulnerable to phishing, web and mobile application security attacks, due to outdated commercial software, open-source and lacking security procedures. In fact, a significant issue facing fintech startups is the creation of better security protocols to enhance security and data protection. Recent security findings suggest that companies’ main websites fail PCI DSS compliance tests, while mobile app backends have privacy issues or serious misconfigurations related to encryption and insufficient web server security hardening.

In 2019 we’ve already seen fintech data breaches (including victims tagged as Fortune 500 companies) that occurred because personal data was improperly stored (for example, in log files), weak authentication procedures that allowed attackers to reset the online backing password for customers, or by inadvertently exposing internal documents in public areas.

Perhaps one of the most elaborate examples involves hackers using spoofed emails and fake domains to hijack $1 million in seed money from a venture capital firm to an Israeli startup. This type of BEC (Business Email Compromise) attack shows that fintecs could risk much more than exposing customer data, but also losing large amounts of money from investment funds.

Franken-malware – multi-purpose malware components that drop anything from crypto miners, ransomware, exploits, etc.

The malware-as-a-service industry will start repurposing and improving previously known malware components and tools designed for infiltration and persistency, in order to allow their “client” to deploy any type of malware, ranging from ransomware to cryptocurrency miners and spyware. We’ve already seen an increase in droppers reused in malware campaigns and potentially by different cybercriminals, spreading multiple types of financially motivated threats. Malware developers will likely start focusing on providing tools that offer the means to infiltrate and drop malware payloads based on their “clients’” demands.

Cloud-based threat vectors

With cloud adoption continuing to increase, companies will likely see more attacks stemming from cloud-based threat vectors revolving around vulnerabilities and misconfigurations that quickly spread across private, public, or hybrid infrastructures. The adoption of IaaS infrastructures coupled with multitenancy of cloud environments will place even more strain on data isolation and data privacy if attackers compromise those infrastructures. The proliferation and diversification of cloud technologies meant to boost productivity, efficiency, and scalability are likely to further expand an already sizeable attack surface.

Cybercriminals will also start using the cloud more often to deliver threats and remotely control victims using cloud services. More malware will start abusing popular web development platforms, such as GitHub, to act as conduits for command and control communications. This will let threat actors abuse legitimate cloud services to fly under the radar of endpoint and network security solutions.