According to experts, the threat landscape will be more complicated next year with the growth of ransomware and rise of deepfakes. This will be used to drive large-scale enterprise frauds, while advanced persistent threat (APT) attacks will be deployed against critical enterprise infrastructure to steal sensitive data.
Right now, most ransomware authors target individual users and devices. “Ransomware will continue to be a major player in the threat landscape as long as victims remain easily identifiable. The low-hanging fruit of exposed services, unpatched systems and compromised credentials will provide an ample bounty to both skilled and unskilled attackers,” said Mark Loman, Director of Engineering for Next-generation Tech, at cybersecurity firm Sophos.
This is expected to change in the future with a projected increase in the number of complex ransomware attacks directed at Cloud infrastructures, said security researchers at Seqrite, the enterprise security solutions brand of Quick Heal Technologies Ltd.
The Seqrite security researchers also highlighted that the recent advanced persistent threat attack on Kudankulam nuclear power plant has emphasised on the significance of security of critical infrastructure. They warned that India may witness a rise in such attacks on critical public infrastructure like transportation networks, power plants and telecommunication systems. Such attacks can function in hiding for days, even months, stealing large chunks of data before getting detected.
Cybercriminals are also expected to move beyond denial-of-service (DoS) attacks to target BlueKeep-like wormable exploits in 2020, according to Seqrite.
’Deepfake’ techniques present realistic Artificial Intelligence-generated videos or audios of real people doing and saying fictional things. They can be used to create fake news and even carry out cyber frauds. It is reportedly expected that deepfakes will be deployed to impersonate high-level targets at enterprises in order to scam employees to transfer money into fraudulent accounts.
“In 2020, we foresee the threat landscape become more challenging, as a large number of cybercriminals deploy AI to scale up their attacks. State-sponsored threat actors will increase their use and sophistication of AI algorithms, to scrutinise defence mechanisms and customise attacks targeted to vulnerable areas in the enterprise network. We also expect attacks like deepfakes, APTs, ransomware, web skimming to take centre stage in 2020,” said Sanjay Katkar, CTO & Joint Managing Director, Quick Heal Technologies.
Seqrite expects the threat exposure to increase substantially, considering 5G-driven seamless interconnectivity has become a tangible reality in future.
Researchers have warned that with Microsoft announcing the end of technical support for Windows 7, the number of attacks deployed against Windows 7 devices is expected to increase in 2020. Amongst other enterprise security trends predicted by Seqrite is an increase in complexity and volume of web skimming attacks. Web skimmers such as Magecart wreaked much havoc in 2019 and compromise thousands of websites to deliver skimming codes.
After a number of personal data leaks that happened in the past years, the number of personal details available made it easier for attackers to perform targeted attacks, based on victims leaked info.
“Smart home devices will continue to attract sophisticated and persistent attacks in 2020. In 2019, hackers began using behaviour-based targeting methods to target smart doorbells, lamps and cameras,” said Kiran Zachariah, Vice-President, IoT Business Solutions, Subex.
*Edited from an IANS report.