Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

Top 8 Cybersecurity Threat Predictions for 2020

Cyber Threats Are Expected to Be More Sophisticated and Collaborative

Making a prediction is one of the most challenging tasks, be it be a weather forecast or something else. Here, we’ll be making guesses regarding cybersecurity threats, based on what happened this year and where the trend will go in the coming days.

No one is aware of how big these threats will be and how many attacks we will see in 2020. Nor does anyone has a crystal ball, which will give an accurate prediction, especially about the future of the developing technologies.

As per the knowledge and observations of cybersecurity experts, APT attacks are expected to rise.

1. Advancement in False Flag Attacks

False flag attacks have been rising among many ATP groups. In the past, attackers usually involved these false flag attacks to avoid detection. For example, the use of Russian words in the malware made by Lazarus group or Romanian words used by the Wild Neutron group. Another famous Olympic Destroyer attack believed to be made by the Hades ATP group, where they tried to forge elements of the attack to make others think it’s a work of different threat actors.

Based on these examples, it can be said that these types of attacks will develop further. Because threat actors are not only trying to avoid attention made by their attack but they also try to blame it on someone else.

Furthermore, we should understand these actors make good use of commodity malware, publicly available tools, administrator software, or scripts for their attacks, making it more difficult to catch them. Mixing few false flags in these will be more than enough to blame it on someone else.

2. A rise in Targeted Ransomware

In the last couple of years, we have seen a decline in all-purpose widespread ransomware attacks. And, cyber attackers are shifting their attention towards targeted use of ransomware, focusing on selected industries who will readily make the payment for the recovery of their data. We simply call this targeted ransomware.

Throughout 2019, it has been noticed that attackers used targeted ransomware and it’s likely that in the future, it will become more sophisticated and aggressive in their methods to extort money from the victims. However, a certain change will be seen in the targeted ransomware attack. Attackers will likely threaten to publish data stolen from the victim organization publicly.

Additionally, it’s quite inevitable that the cybercriminals will try to make their attacks on other types of devices except for servers and PCs. For example, ransomware attacks in consumer products like smartwatches, smartphones, smart TVs, smart cars, or smart houses.

3. Advanced Payments & Online Banking Attack Vectors

As online banking, payment methods, and their regulations keep on evolving with the technologies, it can open new doors to attacks. For instance, regulatory requirements of PSD2 ( Payments Services Directive) for companies who offer payment services, including the usage of personal data by companies who are not part of the well-established banks. Such companies can become an easy target of an attacker’s new fraudulent schemes.

4. Increase in Infrastructure Attacks

Threat actors have not been limited to Windows and PC systems. They have increased their toolsets. Due to this, it has increased its flexibility to attack such networking and hardware devices. For instance, a malware-less attack, where hackers had attacked the networks of a minimum of 10 cellular Telcos around the globe and remained hidden entirely for many years. Another example, last December, at the UK’s Gatwick airport had to halt their services due to fear of possible collision with a drone that was sighted above one runway. And, it’s still not clear whether the drone owner was any hobbyist or any potential attacker. So, there’s a high possibility of seeing an increase in infrastructure attacks.

5. Increased Cyber-Risk in Specific Regions

We have come across many examples in the past, like the interference of Russian attackers in the US elections. It will likely increase in many areas as many political intelligence and others like to secure their interests at home or abroad without strong security to conceal the operations. And, it may attract the attackers to plan their attacks in certain regions like Asia, Europe, Africa, and Turkey with the aggressive use of the technology and intercept the operations undertaken by the governments.

6. Advancement in Methods of Sophisticated Attack

It’s not that easy to know how advanced the top-class attackers are and what type of resources they entail. Every year we find something new. For example, an endless zero-day supply for well-resourced attackers was available to those who were ready to pay for them and some other incidents like Google, exposed exploits for iOS.

Additional examples include the implementation of new methods for Microsoft Word and other software where it’s targeted in spear-phishing campaigns, which can give ease in the delivery of malware, especially to the new attackers. Also, attacks like Quantum insert is already being used and it will be used widely, as well.

Also, attackers will withdraw data using Wi-Fi/4G or signaling data. Attacks will become more frequent with DoH (DNS over HTTPS) to hide the activities of the attackers.

7. Increase in Mobile Attacks

From the past decade, the usage of mobiles has been increased compared to PC. And, many cybercriminals are aware of how much valuable data is stored on these smartphones. To take advantage of this opportunity, they focus on developing advanced attack tools, especially for mobile phones. For example, full persistent Android zero-click exploits and 14 zero-day vulnerability found in iOS to target certain minorities in Asia. It clearly says how serious the attackers are and it’s likely that they will carry out more mobile attacks.

8. Increase in Abusing Personal Information

It’s not hard to admit that data leaks prove helpful to attackers in making their advanced social engineering attacks successful. In an era where logged data is continuously growing, including sensitive data like biometric information, we can say that it will continue to become a threat.

Also, deepfakes will be widespread, as it provides enough resources and technology to attackers, which makes these attacks more sophisticated and harder to detect. For example, a deepfake audio used by cybercriminals to perform AI cyber-attacks by posing as a legit executive to convince employees to approve the transfer of money.

Yes, all these attacks can take a rise or not, as it’s a general cybersecurity threat prediction for 2020. But again, these attack techniques are already in use and many others are there that are out of the scope of this article. So, it’s better to stay prepared by practicing proper security regulations and protocols as no one knows what the future holds.

95%
OFF

comodo-square-logo

Comodo Positive SSL

$6.55

Vendor Price: $41.73

Coupon Code: ASCSCPSSL4

Get It Now

78%
OFF

rapidssl-coupon-square-logo

RapidSSL Certificate

$13.45

Vendor Price: $69

Coupon Code: ASRSRSSL2

Get It Now

95%
OFF

comodo-square-logo

Comodo PositiveSSL Multi-Domain

$17.54 – 2 SAN Included

Vendor Price: $41.73

Coupon Code: ASCSCPMD4

Get It Now

Related Articles:

Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More