The report of Trend Micro describes how the threat landscape will expand in the new decade and what steps companies can derive from it. The report supports companies in making informed security decisions for specific areas of focus that will pose challenges in 2020 and in the years ahead.
It is no longer a current trend for companies to operate networks behind a corporate firewall. There are now a wide variety of applications, services and platforms that should have multi-layered security systems. Blackmail, concealment and phishing are still part of daily business, but cyber criminals are also developing new methods to damage companies. The developments around artificial intelligence (AI) and Internet of Things (IoT) applications in particular open the door to hackers.
New attack vectors and tactics
Cyber criminals are still not afraid to damage systems for their own benefit. But they are changing their attack vectors and tactics – which means users and businesses, should always be ahead of them.
- Attackers punish incomplete, hastily developed patches
Attackers punish so-called »patch gaps«. These are security gaps between a bug in an open source component that is being fixed and its patch.
- Banking systems are in the crosshairs due to open banking and ATM malware.
Attacks with mobile malware on online banking and payment systems are expected to be very popular in 2020, as online payments will become more important in the wake of the revised EU Payment Services Directive. Furthermore, according to Trend Micro, the sale of ATM malware will increase.
- »Deepfakes« are the next wave in corporate fraud.
Deepfakes are AI-based forgeries of images, video and audio material. Their use will change from fake pornographic videos of celebrities to the manipulation of companies and their operations. Especially the members of the management are in the focus of the criminals, as they often participate in telephone conferences or appear in videos.
- The attackers exploit vulnerabilities and deserialisation bugs that are susceptible to worms.
There will be further attempts to exploit critical and serious vulnerabilities, such as BlueKeep, which is worm-susceptible. Common protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) will be exploited to compromise vulnerable systems. The latter are already a common entry vector for ransomware.
IT and OT becomes vulnerable to risks
The converging future will lead to old and new forms and techniques of attack, making information and operational technology (IT and OT) resources vulnerable to risk.
- Cyber criminals nest on IoT devices for the purpose of espionage and blackmail.
Increasingly, cyber criminals use machine learning (ML) and AI to tap into networked devices such as smart TVs and speakers to eavesdrop on personal and business conversations. The acquired material can be used for extortion and corporate espionage.
- 5G users will have to deal with the security implications of moving to software-defined networks.
Upgrades in connection with 5G are similar to updates for smartphones and therefore contain vulnerabilities. Exploiting 5G vulnerabilities via low-cost hardware and software platforms has already proven to be feasible.
- Critical infrastructures are even more affected by attacks and production downtime.
Trend Micro is currently expecting attacks on the utilities sector, but food production, transportation, and manufacturing are also expected to be targets of hacker attacks.
Cloud and DevOps migrations present opportunities and risks
Cloud and DevOps migrations present both risks and opportunities for users. They highlight the importance of security across the entire deployment line.
- Vulnerabilities in container components are becoming a top security concern for DevOps teams.
Companies must keep an eye on their security in relation to different components of the container architecture – from container runtimes to orchestrators to development environments.
- Serverless platforms are a target for attack due to misconfiguration and security vulnerable code.
Outdated libraries, misconfigurations and known and unknown vulnerabilities can be the entry points of attackers on serverless applications.
- Cloud platforms fall victim to code injection attacks via third party libraries.
As cloud computing models for software, infrastructure and Platform-as-a-Service become more widespread, there will be an increase in data breaches in the cloud.
Security skills shortage
The shortage of safety experts and a lack of safety hygiene are fuelling a failure in protective applications. Risk management and comprehensive threat information are essential to creating a secure environment.
The following aspects help companies defend against hacker attacks:
- Total transparency
- Threat protection with efficient containment
- managed detection and response
- Behaviour Monitoring
- Endpoint Security
- intrusion detection and prevention
If you would like more detailed information about the threats and possible countermeasures, you can find the complete report on the Trend Micro homepage.