By Michael Sentonas, VP of Technology Strategy at CrowdStrike
As 2019 is coming to an end and we look forward to the new year, one thing you can be sure to see is a barrage of cybersecurity predictions ranging from more “real” predictions to “finger in the sky” guesses that will make for interesting reading, even if they never come true. As you know, preparation in cybersecurity is critical. The following predictions focus on the issues that we are likely to see in 2020, with an emphasis on which attack vectors are most likely to be exploited and more importantly, what you can do about it.
Here are 5 cybersecurity threat predictions to consider for 2020:
1. Targeted enterprise ransomware escalates. Although enterprise ransomware is not new, attacks that were once the domain of consumers whilst on decline in number have spawned new monetization schemes. As such, ransomware will continue to be a huge issue in 2020. Attackers have realized that business and governments have more valuable information to target, more money for ransom payments and poor cyber hygiene, which indicates 2020 will see an escalation in targeted enterprise ransomware. 2019 saw over 70 state and local governments crippled with ransomware. The Ryuk ransomware alone impacted hundreds of schools, and attackers globally have seen the level of damage they can inflict and the ransom payments to recover are massive! Over 2019, multiple U.S. organizations reported ransomware payments ranging in the hundreds of thousands to nearly half of a million dollars for various payments made to cyber criminals. As ransom requests are getting bigger and attackers globally are watching, cyber criminals have moved away from the spray and pray method to become more globally organized from an operations standpoint, securing larger and larger payouts.
2. SMB threats to increase in 2020. The old adage in cybersecurity, “old vulnerabilities cause big damage” will ring true in 2020. Attackers will look to increase development of exploits that take advantage of the vulnerability in Microsoft’s Server Message Block (SMB) protocol and they will do it with great success. Ransomware such as Ryuk allows an attack on a single infected device to quickly spread throughout an organization. This continues to indicate that the family of exploits used in the ransomware attacks of 2017 will continue to devastate the millions of still unpatched endpoints.
3. Iran’s continued development and potential use of destructive attacks will increase. Iranian adversaries have carried out some of the most destructive attacks in recent years. As such, intelligence gathered in the last few months of 2019 suggest the groundwork is being laid for more destructive cyberattacks in 2020, rather that cyber espionage and intelligence gathering. Iranian adversaries continue to show advanced skills and techniques, which includes the development of destructive malware that can be used to target other governments around the world, and indicating a bigger threat from Iran in 2020.
4. Increased balkanization of technology domains to protect national interest and infrastructure. The balkanization of the Internet in 2020 will continue due to technological, political, economic and nationalistic agendas. Internet balkanisation refers to the segmentation of one global open Internet into multiple smaller Internets, potentially aligned against geopolitical boundaries. 2020 will see more government efforts to reclaim the Internet with China, Russia and Iran continuing to take technical control over the Internet. Additionally, we will see more balkanization of technology domains to protect national interest and infrastructure. This is based on historical precedent from the Russian government ban from participation in international athletic competition for four years, including events such as the Tokyo 2020 Olympics and Paralympics. Russian state-nexus adversaries will respond with targeted intrusions and/or information operations targeting these organizations, although no such efforts have been observed as of this writing. With some countries banning technology from certain Chinese and Russian companies (and the increase in risk from nation-state cyberattacks), we expect to see greater balkanization of the Internet and technology domains.
5. State-sponsored and eCrime behavior will continue to blend together. We have seen the blurring of the lines between nation-state and eCrime actors for multiple years now, and this trend has continued to escalate since 2017. It is not just because eCrime actors are becoming more sophisticated (they are), but it’s also largely because state-sponsored adversaries are leaning more towards using lower-level TTPs in order to thwart attribution efforts and to reserve their custom/advanced capabilities for more extreme needs.
Whether you are dealing with nation-state attackers, eCrime actors or hacktivists, ultimately your best defense is to make sure your organization is deploying true next-generation solutions