Technologies develop and become more complex year after year, and along with them, attack techniques improve. Modern realities require online applications, cloud services and virtualization platforms, so it is no longer possible to hide behind a corporate firewall and not stick your nose into the “dangerous Internet”. All this, together with the spread of IoT/IIoT, the development of fintech and the growing popularity of remote work, has changed the threat landscape beyond recognition. Let's talk about the cyber attacks that 2020 has in store for us.
Exploitation of 0day vulnerabilities will outpace the release of patches
The complexity of software systems is growing, so they inevitably contain errors. Developers release fixes, but to do this, the problem must first be identified, spending the time of related teams - the same testers who are forced to conduct tests. But many teams are sorely short of time. The result is an unacceptably long patch release, or even a patch that only partially works.
Released in 2018 , i.e. did not eliminate the problem completely.
In 2019, Cisco released .
In September 2019, researchers , however, they did not correct the error within 90 days.
Blackhat and Whitehat hackers are focused on looking for vulnerabilities, so they are much more likely to be the first to discover a problem. Some of them seek to receive rewards through Bug Bounty programs, while others pursue very specific malicious goals.
More deepfake attacks
Neural networks and artificial intelligence are developing, creating new opportunities for fraud. Following fake porn videos with celebrities, very specific attacks with serious material damage appeared.
In March 2019. The “head of the parent company” instructed the head of the branch to transfer money to the contractor from Hungary. The CEO's voice was faked using artificial intelligence.
Given the rapid development of deepfake technology, we can expect that cyber-villains will incorporate the creation of fake audio and video into BEC attacks and tech support scams to increase user trust.
The main targets for deepfakes will be top managers, since recordings of their conversations and speeches are freely available.
Attacks on banks via fintech
The adoption of the European payment services directive PSD2 has made it possible to carry out new types of attacks on banks and their customers. These include phishing campaigns against users of fintech applications, DDoS attacks on fintech startups, and theft of data from a bank through an open API.
Sophisticated attacks via service providers
Companies are increasingly narrowing their specialization, outsourcing non-core activities. Their employees develop trust in outsourcers who handle accounting, provide technical support, or provide security. As a result, to attack a company, it is enough to compromise one of the service providers in order to introduce malicious code into the target infrastructure through it and steal money or information.
In August 2019, hackers penetrated the infrastructure of two IT companies providing data storage and backup services, and through it
An IT company serving the New York City Police Department crashed its fingerprint database for several hours.
As supply chains become longer, there are more weak links that can be exploited to attack the biggest game.
Another factor that will facilitate supply chain attacks will be the widespread adoption of remote work. Freelancers working over public Wi-Fi or from home are easy targets, and they can interact with several serious companies, so their compromised devices become a convenient springboard for preparing and carrying out the next stages of a cyber attack.
Widespread use of IoT/IIoT for espionage and extortion
The rapid growth in the number of IoT devices, including smart TVs, smart speakers and various voice assistants, coupled with the large number of vulnerabilities identified in them, will create many opportunities for their unauthorized use.
Compromising smart devices and recognizing people's speech using AI makes it possible to identify the target of surveillance, which turns such devices into a kit for extortion or corporate espionage.
Another direction in which IoT devices will continue to be used is the creation of botnets for various malicious cyber services: spamming, anonymization and conducting .
The number of attacks on critical infrastructure facilities equipped with components will increase . Their goal could be, for example, extorting a ransom under the threat of stopping the operation of the enterprise.
The more clouds, the more dangers
The massive move of IT infrastructures to the cloud will lead to the emergence of new targets for attacks. Errors in the deployment and configuration of cloud servers are successfully exploited by attackers. The number of leaks associated with insecure database settings in the cloud is growing every year.
In October 2019, an ElasticSearch server containing
At the end of November 2019 of the year , which contained the full names of subscribers, email addresses and phone numbers, as well as the texts of SMS messages.
Leaks of data stored in the clouds will not only damage the reputation of companies, but will also lead to the imposition of fines and penalties.
Insufficient access restrictions, poor permission management, and careless logging are just some of the mistakes that companies will make when setting up their cloud networks. As cloud migration progresses, third-party service providers with varying security expertise will become increasingly involved, providing additional attack surfaces.
Exacerbation of virtualization problems
Containerization of services makes it easier to develop, maintain and deploy software, but at the same time creates additional risks. Vulnerabilities in popular container images will continue to be a problem for anyone who uses them.
Companies will also have to contend with vulnerabilities in various components of the container architecture, from runtime bugs to orchestrators and build environments. Attackers will look for and exploit any weaknesses to compromise the DevOps process.
Another trend related to virtualization is serverless computing. According to Gartner, . These platforms offer developers the ability to run code as a service, eliminating the need to pay for entire servers or containers. However, moving to serverless computing does not provide immunity from security issues.
Entry points for attacks on serverless applications will be outdated and compromised libraries and an incorrectly configured environment. Attackers will use them to collect confidential information and penetrate enterprise networks.
How to face threats in 2020
Given the increasing complexity of cybercriminal impacts, companies will need to increase collaboration with security professionals to mitigate risk across all sectors of their infrastructure. This will allow defenders and developers to gain additional information and better control network-connected devices and eliminate their vulnerabilities.
The constantly changing threat landscape will require the implementation of multi-layered protection based on security mechanisms such as:
- identifying successful attacks and mitigating their consequences,
- managed detection and prevention of attacks,
- behavioral monitoring: proactive blocking of new threats, and detection of anomalous behavior,
- endpoint protection.
Skill shortages and low quality cybersecurity knowledge will determine the overall level of security of organizations, so systematic training of secure behavior of employees in combination with increasing awareness in the field of information security should be another strategic goal of their management.
Source: habr.com