F-Secure Business Predictions: Cyber Security Threats in 2020
New types of threats will appear in 2020, but cybercriminals will also develop proven methods – including sending spam. The place of malware that blocks data and extorts ransom (Ransomware) is already massively occupied by cryptocurrency excavators extorting the computing power of our devices (Cryptojacking).
Artificial intelligence will be increasingly used in both security solutions and cyber attacks. The hackers’ crosshairs will certainly include Internet of Things (IoT) devices. Due to the entry into force of the GDPR, more companies will appear in the circle of cybercriminals’ interest, and cloud solutions providers should exercise extreme caution.
Computing Power Instead of Ransom
Ransomware is losing importance – the number of new threats of this type has dropped from almost 350,000, at the end of 2017 to approximately 64,000 in the first quarter of 2018. Mobile App took their place regularly. The increase in interest in cryptocurrency excavators, which quietly use the computing power of the victim’s devices, is a rational move on the part of cyber criminals. Ransomware is a brutal tool that attracts media attention, and not everyone wants and is able to pay the ransom. The effect is the same and the risk is smaller – hackers are already choosing a “safer” solution, and the trend will definitely continue in 2020.
Two Faces of Artificial Intelligence
More and more solutions using Artificial Intelligence (AI) are emerging. Extensive machine learning opportunities are used by both application and system developers as well as cybersecurity manufacturers – combining AI with experience and expert knowledge. In the coming years, we can witness the use of this technology also by hackers and the development of cybermanipulation methods based on it. Examples include algorithms that can pretend to be a person’s voice or generate spoofed video. These are powerful tools that can be used, among others to influence public opinion through so-called fake news. Distinguishing them from real information will be increasingly difficult and maybe even impossible.
Internet of Things in the Crosshairs
There are already more devices in the field of IoT than people in the world. Manufacturers are launching more gadgets without prioritizing their security. Meanwhile, smart refrigerators or washing machines can become a gateway to access your home network for hackers. Given the scale of the phenomenon, governments should take steps to impose appropriate legal regulations on device safety on manufacturers.
Microchips and Cyber Espionage
The cases of industrial espionage are interesting, but they are rarely confirmed in one hundred percent by independent sources. An example is the situation revealed in 2018 related to the largest giants of the technology scene – the alleged attack consisted of the implantation of a microchip into the server motherboard by one of the Chinese manufacturers. The chip pretending to be a standard electronic component was to enable remote infection of the operating system of the machine on which it was installed. Regardless of whether the story was true in this case, this type of attack is completely technically feasible. This can bring further conflicts and increase distrust of technologies developed by political or business adversaries.
GDPR is a new excuse in attacks on companies
Since May 2018, new provisions of the GDPR have been in force that spread terror among entrepreneurs. In connection with the regulation, we can expect a new type of attacks based on data theft and ransom extortion – under threat of disclosure of information about the leak and receiving a penalty. As a result, more companies can now be targeted by hackers. This applies even to enterprises that until now have not been of interest to them.
Which trends will stay with us longer?
Security systems are increasingly dealing with common cyber threats, such as software vulnerabilities. For this reason, cyber criminals will continue to spread malware and steal and extort confidential data by sending malicious links and attachments in emails. Phishing is still a very effective method in this context – especially in attacks against companies. The widespread use of cloud technologies is also a growing trend. However, examples from the past show that the providers of such services can be used by hackers as an access point to the organization’s data – that’s why it is important to integrate cloud solutions with security mechanisms.
Effective protection for 2020
In the cybersecurity industry, EDR solutions will be increasingly used, consisting of rapid detection of an intruder in the system and response to an incident. In order to better detect attacks, manufacturers will more confidently resort to artificial intelligence mechanisms. Still, it is not a stand-alone technology, but only a component of the attack detection chain. Due to the global shortage of cyber security specialists, manufacturers will also try to lower the bar for operators and provide solutions that are easy to use and allow easy interpretation of incidents. Some of these solutions will automatically respond to detected attacks, for example cutting off the access of a particular machine to the network.