Technologies are developing and becoming more complicated year after year, and attack techniques are being improved along with them. Modern realities require online applications, cloud services and virtualization platforms, so you won’t be able to hide behind a corporate firewall and don’t stick your nose on the “dangerous Internet”. All this, together with the spread of IoT / IIoT, the development of fintech and the growing popularity of remote work beyond recognition, has changed the landscape of threats. Let’s talk about cybermawks that 2020 is preparing for us.
The exploitation of 0day vulnerabilities will be ahead of patches
The complexity of software systems is growing, so they inevitably contain errors. Developers release patches, but for this, the problem must first be identified by spending time including related teams – the same testers who are forced to conduct tests. But just the time of many teams is sorely lacking. The result is an unacceptably long release of the patch, or even the appearance of a patch that only works partially.
Released in 2018 patch for 0day vulnerability in Microsoft Jet engine was incomplete, i.e. Did not eliminate the problem completely.
In 2019, Cisco released patches for vulnerabilities CVE-2019-1652 and CVE-2019-1653 in the firmware of routers that did not fix errors.
In September 2019, researchers discovered a 0day vulnerability in Dropbox for Windows and notified the developershowever, they did not fix the error within 90 days.
Blackhat and Whitehat hackers are focused on looking for vulnerabilities, so the likelihood that they will be the first to find the problem is significantly greater. Some of them seek rewards through Bug Bounty programs, while others pursue very specific malicious goals.
More Dipfake Attacks
Neural networks and artificial intelligence are developing, creating new opportunities for fraud. Following the fake porn videos with celebrities, quite specific attacks appeared with serious material damage.
In March 2019criminals stole $ 243 thousand from an energy company with a single phone call. The “head of the parent company” instructed the branch manager to transfer money to the contractor from Hungary. The CEO’s voice has been tampered with with artificial intelligence.
Given the rapid development of the technology of creating diphakes, it can be expected that cyber villains will introduce the creation of fake audio and video clips as part of BEC attacks and fraud schemes with technical support to increase user confidence.
Top managers will become the main target for dipfeiks, since recordings of their conversations and speeches are in the public domain.
Attacks on banks through fintech
The adoption of the European Directive on payment services PSD2 made it possible to conduct new types of attacks on banks and their customers. These are phishing campaigns against users of fintech applications, and DDoS attacks on fintech startups, and data theft from the bank through an open API.
Complex attacks through service providers
Companies are increasingly narrowing their specialization, outsourcing non-core activities. Their employees are imbued with trust in outsourcers who conduct bookkeeping, provide technical support or ensure safety. As a result, in order to attack a company it is enough to compromise one of the service providers in order to inject malicious code into the target infrastructure and steal money or information.
In August 2019, hackers entered the infrastructure of two IT companies that provide data storage and backup services, and already through it implemented extortion software in several hundred dental offices in the United States.
The IT company serving the New York City Police Department has disabled the fingerprint database for several hours, by connecting the infected Intel NUC mini-computer to the police network.
As supply chains become longer and longer, more and more weak links are emerging whose vulnerabilities can be exploited to attack the largest booty.
Another factor that will facilitate attacks through the supply chain will be the massive spread of remote jobs. Freelancers working through public Wi-Fi or from home are easy prey, and they can interact with several serious companies, so their compromised devices become a convenient base for preparing and conducting the next stages of cyber attack.
Widespread use of IoT / IIoT for espionage and extortion
The rapid growth in the number of IoT devices, including smart TVs, smart speakers and various voice assistants, together with a large number of vulnerabilities identified in them, will create many opportunities for their unauthorized use.
Compromising smart devices and recognizing people’s speech using AI allows you to identify the object of surveillance, which turns such devices into a set for extortion or corporate espionage.
Another area in which IoT devices will continue to be used is the creation of botnets for various malicious cyber services: spamming, anonymization and conducting DDoS attacks.
The number of attacks on critical infrastructure facilities equipped with components will increase industrial internet of things. Their goal may be, for example, extortion of a ransom under the threat of stopping the enterprise.
The more clouds, the more dangers
The massive move of IT infrastructures to the clouds will lead to the emergence of new objects for attacks. Errors in deploying and configuring cloud servers are successfully exploited by cybercriminals. The number of leaks associated with insecure database settings in the cloud is growing every year.
In October 2019, ElasticSearch server was discovered in the public domain, containing 4 billion records with personal data.
At the end of November 2019 in the cloud of Microsoft Azure in the public domain was found the True Dialog company database containing almost 1 billion entries, which included the full names of subscribers, email addresses and phone numbers, as well as the texts of SMS messages.
Leaks in the data clouds will not only damage the reputation of companies, but also lead to fines and penalties.
Insufficient access restrictions, improper permission management and negligence in logging are just some of the mistakes that companies will make when setting up their “cloud” networks. As you migrate to the clouds, third-party service providers with varying security competencies will increasingly become involved in this process, which will provide additional opportunities for attacks.
Aggravating Virtualization Issues
Containerization of services facilitates the development, maintenance and deployment of software, but at the same time creates additional risks. Vulnerabilities in popular container images will continue to be a problem for everyone who uses them.
Companies will also have to deal with vulnerabilities in various components of the container architecture, from runtime errors to orchestrators and build environments. Attackers will look for and exploit any weaknesses to compromise the DevOps process.
Another trend related to virtualization is serverless computing. According to Gartner’s forecast, in 2020, more than 20% of companies will use this technology. These platforms offer developers the ability to execute code as a service, eliminating the need to pay for entire servers or containers. However, switching to serverless computing does not provide immunity from security problems.
The entry points for attacks on serverless applications will be outdated and compromised libraries and improperly configured environments. Attackers will use them to collect confidential information and infiltrate enterprise networks.
How to counter threats in 2020
Given the increasing complexity of cybercrime, companies will need to expand their engagement with security professionals to reduce risks in all sectors of their infrastructure. This will allow defenders and the developer to obtain additional information and better control devices connected to the network and eliminate their vulnerabilities.
An ever-changing threat landscape will require the introduction of multi-level protection based on security mechanisms such as:
- identification of successful attacks and mitigation of their consequences,
- guided attack detection and prevention,
- behavioral monitoring: proactively block new threats, and detect abnormal behavior,
- endpoint protection.
Lack of skills and low quality of knowledge in the field of cybersecurity will determine the overall level of security of organizations, so another strategic task for their leadership should be the systematic training of safe behavior of employees in combination with raising awareness in the field of information security.