The new year is a time for
reflecting on the old and considering the new. In cybersecurity, this leads to
a prediction-fest where vendors tell us what to expect over the next 12 months.
But to really understand what is likely to happen, we need to examine not what
happened over the last year, but what has been bubbling under the surface. From
there we can assess how the criminals are likely to respond in their drive for
either money or political advantage.
The
global background
2019 was dominated by a
global rise in geopolitical tensions between China, North Korea, Iran, and
Russia and the liberal democracies. This is a war being fought economically and
in cyberspace, and it is likely to increase throughout 2020.
In cyber, this means
increased efforts to disrupt public opinion and affect elections – especially,
of course, the U.S. presidential election – and increased efforts to steal
western intellectual property and money.
But the adversaries have
slightly differing motives. Iran and North Korea seek to punish the West for
real or imagined slights. With tensions heightened, Iran may feel justified and
motivated for cyberattacks on America. Russia seeks to weaken the West. China,
however, seeks to learn from, emulate, and overtake the west both economically
and militarily. In all cases, there is a blurring (and sometimes an
elimination) of lines between the elite criminal hackers and the state hackers.
Both benefit. The state acquires increased expertise while the criminals get
access to resources and state protection.
The effect in 2020 will be
an increase in sophisticated attacks by the world’s elite hackers. Russian
attacks will be disruptive; on the one hand seeking to sow discord within
western populations, and on the other hand testing its cyber weapons. Iranian
and North Korean attacks are likely to be noisy and dramatic – these two
countries have little to lose either economically or in public opinion.
But the Chinese attacks are
likely to be the most dangerous. China is playing a long game. In the Chinese
philosophy and culture, it doesn’t matter if it takes 100 or more years to
succeed. These attacks will be less dramatic as China seeks to infiltrate
western companies, steal military and technology secrets, dominate western
economies, and learn how to disrupt critical industries. There are rumors, for
example, that China is intercepting and storing massive volumes of secret
encrypted telecommunications, waiting for the time it can decrypt everything
through the power of quantum computers. We may not even hear about the majority
of China’s attacks.
The
technology background
The two big technology
developments were the proliferation of wireless connected devices (IoT) and the
emergence of drones. Neither were new to 2019, but both reached a tipping point
during the year.
The
Internet of Things
The growth of IoT devices in
the business world is being driven by business transformation, sometimes known
as Industry 4.0. This process will gather pace through 2020, and the use of IoT
will increase accordingly. Many new IoT devices will be manufactured in China;
and even when they are designed and assembled in the West, the components will
still mostly come from China.
There are two primary
threats. The first is to the supply chain. There is the potential for hidden
backdoors that can be exploited in the future, or methodologies for sending
data back to the country of origin. The second is a more widespread lack of
security. Whenever there is a burgeoning market, manufacturers rush to get new
products to that market. And when they rush, security gets forgotten.
The result in 2020 will be
an increased targeting of IoT devices by both nation-state and criminal
hackers. This will apply to business IoT, smart devices in the home (such as
cameras and routers), and personal devices (such as watches and activity
trackers).
We should not forget that
self-driving vehicles are effectively local collections of many IoT devices.
The potential for hijacking smart cars has been frequently demonstrated in the
past. As driverless vehicles – especially driverless trucks – take to the road,
we will undoubtedly see attempts to hijack them.
Drones
Drones, like IoT devices,
are not new. 2019, however, saw them transition from specialty to commodity
items. At the lowest level, their nuisance and privacy intrusion activity will
boom. Thousands of people have received low cost drones with cameras this
Christmas, and many will be used to snoop on friends, neighbors, and strangers.
Higher up the criminal
chain, drones will be equipped with Raspberry Pi computers and Wi-Fi sniffers
to intercept and listen in on telecommunications. These will be listening for
sensitive information and for credentials to access corporate networks.
Activists will also use
drones to disrupt events or to make a political point – such as flying into
commercial airspace to protest environmental pollution. At the opposite end of
the same purpose, law enforcement agencies will use drones with facial
recognition capabilities to monitor suspects and disrupt criminal activity.
Activist use is a short step
from terrorist use. In September 2019 a successful drone attack against Saudi
oil facilities was almost certainly directed by Iran. While this attack
involved nation-state support, the use of drones as a weapon is no longer
beyond the reach of even small terrorist groups. This is a danger that will
grow throughout 2020.
The cyber background
Malware
Here, the standard
prediction will be correct – there will be more malware throughout 2020.
Nevertheless, three areas will be noteworthy:
Magecart: Financial fraud
using stolen payment card details will increase. The transition to chip-based
Europay, Mastercard, and Visa cards has driven criminals from card-present
fraud to card-not-present fraud – that is, the use of card details for online
purchases. It is easier to get card numbers from online databases. However,
since the card number alone is not enough without the CVV number (which cannot
be stolen from card databases), there has been a growth in Magecart-style
attacks. This involves “skimming” the details from the retailer’s website as
the payment details are entered in plain text and before the number is
encrypted and the CVV number is discarded. The number of these attacks will
grow and the attacks will become more sophisticated through 2020.
Targeted ransomware: Until
all organizations refuse to pay ransoms – which is unlikely if not impossible –
criminals will continue to use ransomware. The bigger the target, the more it
can afford to pay; so ransomware will increasingly be targeted at large
organizations: manufacturing, healthcare, and municipalities.
Malware-as-a-service (MaaS): Is growing rapidly. This is where elite or competent hackers develop
malware that is then hired out to less tech-savvy criminals. It is a quick,
easy, and cheap way for wannabe criminals to steal money online. Through 2020,
this will grow. Users of up-to-date anti-malware products will largely be kept
safe – but those who don’t defend themselves will be exposed to far more
malware attacks.
Artificial intelligence (AI)
AI has so far been seen as
the great hope for cybersecurity. In the future, it will also be used as a
weapon by cybercriminals. In future years it will become a major threat, but it
has already started and will increase through 2020 in two significant ways:
Deepfakes: involves the use of machine learning to transpose the static image and recorded voice of
a target onto a video of an actor. The quality is improving rapidly, and the
technology will be used in various scams, particularly business email scams. It
will also be used to sow discord and ruin reputations ahead of elections.
Highly targeted malware: The
ability to build intelligence into malware will enable highly targeted malware
that is virtually undetectable. It could be trained to detonate only if it
recognizes a specific person or target. Such precision targeting will not
appeal to average criminals seeking to infect as many victims as possible, but
it has a ready home with nation-state espionage activities.
Cybersecurity insurance
Cybersecurity insurance has
been around for about 10 years but is only now beginning to gain a serious
foothold. While this should, in theory, be a safeguard rather than a threat, it
will affect the security landscape in ways we cannot yet imagine. The main
cause for this is its expected growth – it has the potential to become a larger
industry than the entire existing cybersecurity industry. The question then
will be whether the larger industry will refrain from dictating to the smaller
industry.
While the cybersecurity
industry is focused on defeating cyberthreats, the insurance industry will
focus on minimizing losses. Today it does not dictate whether clients should or
should not pay a ransom. This is unlikely to continue. When the insurer
believes that it will be cheaper to pay the ransom than pay for recovery from
encryption, it will do so. What then for the criminals? It will become a
question of mathematics – criminals will be encouraged to cause more severe
damage in the expectation that the insurer will pay.
Summary
Predictions are a balance
between what is happening and what could happen, influenced by underlying
factors. The influencing factors here are geopolitics, globalization, business
transformation, artificial intelligence, and new technology. Against this background,
criminals seek to make money while nation-states seek information and political
advantage. We’ve looked at some of the ways they are likely to do this in 2020,
but the reality is that they will always come up with new ways and new weapons
to do so. Those we cannot predict.
*This article is culled from Avast Blog.
Read the original post at here
No comments:
Post a Comment