2020 Cyber Attack Predictions

Uploaded on 2019-12-17 in TECHNOLOGY--Hackers, FREE TO VIEW

According to some the prediction, hackers will use new technologies and a few old vulnerabilities to wreak havoc across the globe in the year ahead. 

Phishing, through short message service (SMS), will be among the main methods of obtaining sensitive and banking data. Hackers will mostly target people joining like-minded social media groups, to provide financial support to social causes or political candidates. Drones that operate across the sky may be fitted with “affordable mobile hacking devices”, that criminals could use to steal sensitive data from the people below. Experian says there are more than a million drones flying across the US at present.

As the 2020 budget meetings come and go, business teams are forced to assess their current defences by analysing their historical attacks in order to anticipate/predict future attack trends.  A difficult but worthwhile exercise for security leadership as they attempt to assess the adversaries' trajectory and work to remain several moves ahead. More often than not, adversaries stay true to their methods but only make slight variations to their attacks often the criminal thinks, why change what historically works? 

A Sharper Concentration Of Cloud Attacks 

Companies continue to flock to cloud deployments, both private and public, to regain budget and unburden their IT departments. Teams have slightly more control and oversight over private cloud deployments but the public multi-tenant cloud deployments are target rich for an attacker. No need for the adversary to enumerate their prey when they can infiltrate the 'entire herd'. By studying how a single cloud technology operates from infrastructure to defences, adversaries become more efficient and significantly decrease their attack costs.

Most adversaries are driven by financial gains and a significant operating metric for them revolves around their operational costs. Very similar to defensive budgets, adversaries must weigh their operating costs against their potential profits. Therefore, their motivation to gain access to cloud environments provide an exponential financial gain.

This is not saying "all" cloud deployments are doomed but security teams must absolutely have a voice at the table when deciding 'which' cloud environment. 

Security teams must evaluate and scrutinise cloud security practices to ensure due diligence is being performed by the vendor, for instance, ensuring the cloud vendor is undergoing routine penetration tests and not only resolving any weaknesses, but how quickly is their security team identifying the penetration test.

A Staggering Surge of Botnet Armies.

Botnet armies are nothing new, however, as endpoint devices in households become "connected" and schools provide each individual student with personal computing devices it opens the doors for widespread takeover. As with any botnet army the individual devices don't hold any real threat value but when controlled in the masses they provide a formidable attack mechanism for cyber criminals. Whether used for computation resources, like brute forcing passwords or used to launch denial of service attacks against a target, the volume of botnet armies will surely increase exponentially.

An Operational Technology Will Fall Victim To Ransomware 

Operational Technology (OT) networks are the primary life source for oil, gas and energy companies, as well as, massive manufacturing industries such as automotive and shipping. These environments typically rely heavily on older infrastructure and technology and are infrequently updated to the latest security levels. 

OT networks are often overlooked because they don't have the traditional weak points most organisations are defending for two primary reasons: 

  • They generally are not connected to the Internet. 
  • They do not have the high number of end users who are susceptible to crafty email spear phish attacks or 'click-happy' web-surfing.

But as manufacturers live and die by product branding, the importance for a company to comply with criminal demands warrants a lofty ransom threat. 

Corporate systems and data are already critical assets for many enterprises. As digitisation continues to transform the business landscape, their value will rise yet further, and protecting them from infiltration and attack will be a chief priority for leaders across all industries and sectors. 

Against that backdrop, exploring emerging security models such as zero trust, which may be able to reduce the risk of compromise more effectively than the legacy, perimeter-based arrangements of yesteryear, makes sound sense.
2020 will see at least one high-value OT network get infiltrated and held for ransom.

ITWeb Africa:         CSO Online:      ITProPortal

You Might Also Read:

Reduce Business Disruption - Make Cyber Security A Priority:

 

 

« Going To The Dark Web
Microsoft Warning: Avoid Reusing Passwords »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

BlueHalo

BlueHalo

BlueHalo is purpose-built to provide industry capabilities in the domains of Space Superiority and Directed Energy, Missile Defense and C4ISR, and Cyber and Intelligence.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

Mobb

Mobb

Mobb's AI-powered technology automates vulnerability remediations to significantly reduce security backlogs and free developers to focus on innovation.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.