2020 Cyber Attack Predictions

According to some the prediction, hackers will use new technologies and a few old vulnerabilities to wreak havoc across the globe in the year ahead. 

Phishing, through short message service (SMS), will be among the main methods of obtaining sensitive and banking data. Hackers will mostly target people joining like-minded social media groups, to provide financial support to social causes or political candidates. Drones that operate across the sky may be fitted with “affordable mobile hacking devices”, that criminals could use to steal sensitive data from the people below. Experian says there are more than a million drones flying across the US at present.

As the 2020 budget meetings come and go, business teams are forced to assess their current defences by analysing their historical attacks in order to anticipate/predict future attack trends.  A difficult but worthwhile exercise for security leadership as they attempt to assess the adversaries' trajectory and work to remain several moves ahead. More often than not, adversaries stay true to their methods but only make slight variations to their attacks often the criminal thinks, why change what historically works? 

A Sharper Concentration Of Cloud Attacks 

Companies continue to flock to cloud deployments, both private and public, to regain budget and unburden their IT departments. Teams have slightly more control and oversight over private cloud deployments but the public multi-tenant cloud deployments are target rich for an attacker. No need for the adversary to enumerate their prey when they can infiltrate the 'entire herd'. By studying how a single cloud technology operates from infrastructure to defences, adversaries become more efficient and significantly decrease their attack costs.

Most adversaries are driven by financial gains and a significant operating metric for them revolves around their operational costs. Very similar to defensive budgets, adversaries must weigh their operating costs against their potential profits. Therefore, their motivation to gain access to cloud environments provide an exponential financial gain.

This is not saying "all" cloud deployments are doomed but security teams must absolutely have a voice at the table when deciding 'which' cloud environment. 

Security teams must evaluate and scrutinise cloud security practices to ensure due diligence is being performed by the vendor, for instance, ensuring the cloud vendor is undergoing routine penetration tests and not only resolving any weaknesses, but how quickly is their security team identifying the penetration test.

A Staggering Surge of Botnet Armies.

Botnet armies are nothing new, however, as endpoint devices in households become "connected" and schools provide each individual student with personal computing devices it opens the doors for widespread takeover. As with any botnet army the individual devices don't hold any real threat value but when controlled in the masses they provide a formidable attack mechanism for cyber criminals. Whether used for computation resources, like brute forcing passwords or used to launch denial of service attacks against a target, the volume of botnet armies will surely increase exponentially.

An Operational Technology Will Fall Victim To Ransomware 

Operational Technology (OT) networks are the primary life source for oil, gas and energy companies, as well as, massive manufacturing industries such as automotive and shipping. These environments typically rely heavily on older infrastructure and technology and are infrequently updated to the latest security levels. 

OT networks are often overlooked because they don't have the traditional weak points most organisations are defending for two primary reasons: 

  • They generally are not connected to the Internet. 
  • They do not have the high number of end users who are susceptible to crafty email spear phish attacks or 'click-happy' web-surfing.

But as manufacturers live and die by product branding, the importance for a company to comply with criminal demands warrants a lofty ransom threat. 

Corporate systems and data are already critical assets for many enterprises. As digitisation continues to transform the business landscape, their value will rise yet further, and protecting them from infiltration and attack will be a chief priority for leaders across all industries and sectors. 

Against that backdrop, exploring emerging security models such as zero trust, which may be able to reduce the risk of compromise more effectively than the legacy, perimeter-based arrangements of yesteryear, makes sound sense.
2020 will see at least one high-value OT network get infiltrated and held for ransom.

ITWeb Africa:         CSO Online:      ITProPortal

You Might Also Read:

Reduce Business Disruption - Make Cyber Security A Priority:

 

 

« Going To The Dark Web
Microsoft Warning: Avoid Reusing Passwords »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Brit

Brit

Brit PLC is a market-leading global specialty insurer and reinsurer, focused on underwriting complex risks including cyber, privacy and technology.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

CipherBlade

CipherBlade

CipherBlade specializes in blockchain forensics, data science and transaction tracking.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Zama

Zama

Zama - pioneering homomorphic encryption. We believe people shouldn't care about privacy. Not because it doesn't matter, but because it shouldn't be an issue!

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.

Harmonia Holdings Group

Harmonia Holdings Group

Harmonia Holdings Group was born in 2006 with the vision to bring innovation and change to the federal IT sector.