Technology trends 2020

Cyber ​​espionage has become the favorite technique of governments to obtain secrets from their adversaries. The US National Counterintelligence Office (NCIX) believes that China and Russia are currently the most…

Cyber Security Threats 2020

Cyber Security Threats

Although making predictions about the state of cyber security is fun, it may not be much fun for security experts to decide which threats to prepare for most. So much so that an engineer from the Akamai Security Intelligence Response Team said this; he explains that a really good prediction cannot be made about what the future will be because what comes out of the places you do not guess can become a problem.

So if the biggest Cyber Security Threats are something new and unpredictable, how should the security experts best focus on their next year’s efforts? Looking at how to change the biggest threats of 2019 in terms of scale and tactics in 2020 to make the right planning will be an appropriate start for the first step.

In this context, we reviewed the pioneering research on the most common and important threats of 2019 and compiled the researchers’ recommendations on where these threats will be addressed in 2020 and how organizations will defend themselves against them.

Malware infection on devices

Protection of endpoints remains a battleground for organizations. Kaspersky’s IT Security Economy report in 2019 reported that in 2019, devices in about half of organizations were infected with malware.

According to the Kaspersky report, malware infection was the most costly incident for companies, with an average cost of $ 2.73 million per event. This figure was slightly less than $ 117 thousand in SMEs.

Expected in 2020:

A security researcher from Kaspersky highlights the risk from employees’ devices for 2020. The researcher introduces solutions such as enabling remote work and allowing employees to use their own devices to reduce employee costs and increase employee satisfaction. So much so that users tend to protect their personal devices less than corporate devices, because average users rarely take additional measures to protect their phones and computers from potential threats. As long as this trend continues, malware will continue to appear on devices owned by the company and its employees. Even if the attacker no longer needs to target company accounts (for example, with phishing emails sent to company mail), this attack vector continues to be attractive.

The best recommendations combat Cyber Security Threats 2020

Companies should review their policies on personal devices and update their devices. A number of recommendations for 2020 also include strict corporate policies on security, proper rights management and providing users with security solutions, ownership to protect the company and its data. In addition to managing technical problems, safety awareness training is also very important because only in this way can cyber hygiene standards be developed among employees.

Phishing

According to the Verizon 2019 Data Breach Investigation report, about a third of last year’s cyber attacks included phishing. This number was 78 percent for cyber espionage attacks. The worst phishing attacks in 2019; it was due to the fact that the perpetrators were in a much stronger position thanks to well-produced ready-made tools and templates.

Akamai’s SOTI report, Baiting the Hook, revealed the size of the service offered by a fishing tackle developer. In this service, the developer has a store and the developer advertises on social media. Ads starting at $ 99 increase depending on the postal services selected. The report’s authors say that the low prices and high-level brand targets about the related attacks have created a line for entry into the phishing market, which is very attractive for criminals who want to set up stores. Top-level brands targeted in this type of attack include globally active brands such as Target, Google, Microsoft, Apple, Lyft and Walmart.

Expected in 2020:

Fishing line attackers will offer more sensitive products in 2020 and will make less effort to launch a fishing line campaign. According to the IDG Security Priorities Survey, 44 percent of companies say increasing security awareness and staff training is the top priority for 2020. Attackers will respond to these measures by improving the quality of their attacks by minimizing or hiding the common signs of phishing. It is a good option for companies to expect business email security (BEC) to be used if attackers attempt legitimate phishing attacks through fraudulent or compromised internal or third-party accounts.

The best recommendations for 2020:

It is necessary to keep up-to-date and continue training on protection from phishing attack. Having policies that require any employee to receive a request for money or payment orders via phone calls is also among the factors that increase protection.

Ransomware attacks

Ransomware attacks are not the most common cyber security incident, but are among the most costly attacks. According to Kaspersky’s IT Security Economy report in 2019, about 40 percent of SMEs and businesses experienced a ransomware incident in 2019. At the enterprise level, the average cost per event was $ 1.46 million.

According to the Sophos Labs 2020 Threat report, endpoint protection tools are getting better at detecting ransomware, but ransomware developers use techniques that are better than those tools. According to the researchers, it’s easy to change the look, purpose, or behavior of a malware. That’s why modern ransomware relies on uncertainty to succeed. Researchers underline that in 2020, by changing the features of ransomware or adding new ones to its features, it will be more risky.

Sophos reports give a few examples of how ransomware can come from a reliable source:

Prepare a script listing the targeted machines, add them together with Microsoft Sysinternals, a privileged domain account and the PsExec utility from ransomware.
Using the login / logout script through the Windows Group Policy Object
Abuse Windows Management Interface for mass deployment within the network

Expected in 2020:

According to research, ransomware attackers continue to change their methods to gain advantage. Among the most striking developments is ransomware attackers performing automated, active attacks that blend human creativity with automation tools to create maximum impact. In addition, attackers continue to escape the defense by encrypting only a relatively small portion of each file, or by installing the operating system in a diagnostic mode, where ransomware protection is often unavailable.

A security researcher from Kaspersky stresses that there is no reason for ransomware attacks to decrease next year, that ransomware is increasingly targeting infrastructure, organizations, and even smart cities. According to the researcher, ransomware developers will make their code more prominent. Thus, they can form a basis in the system, encrypt more data without being noticed, and scale transactions with other networks. The security researcher adds that internally this year, even in Network Attached Storage (NAS), which is considered to be largely secure against such threats, they have observed that attacks have occurred.

The best recommendations for 2020:

As always, the best defense against ransomware is to have updated, tested backups of all critical data. It is necessary to keep these backups from the network so that they are not encrypted by ransomware. At this point, employee training is also very important.

Kaspersky security researcher advises companies for 2020; shares that companies should implement strict security policies to protect themselves from ransomware and provide employees with cyber security training. He also states that additional protective measures may be required, such as securing access to data, ensuring safe backups, and applying application whitelisting techniques to servers.

It is also vital for companies to have strong security controls, monitoring and responses covering all endpoints, networks and systems, and to install software updates as they are released.

Third party supplier risk

According to Kaspersky’s IT Security Economy report in 2019, both businesses and SMEs applied to third-party suppliers (both in terms of services and products) at a rate of 43 percent and 38 percent, respectively. According to a survey by One Identity, most organizations (94 percent) allow third parties to access their networks, while 72 percent allow privileged access. While 22 percent of organizations are sure that third parties do not have access to unauthorized information, 18 percent report a violation from third parties’ access.

Kaspersky study shows that both SMEs (75 percent) and businesses (79 percent) force third-party suppliers to sign security policy agreements. This makes a huge difference in getting compensation for violations from third parties. While 71 percent of businesses with policies in this direction state that they receive compensation from third party suppliers in cases of violation, only 22 percent of companies that do not have this policy state that they receive compensation.

Expected in 2020:

Businesses will become more digitally connected with their suppliers and partners. This will increase both the risk and awareness of this risk. But the attackers are becoming increasingly sophisticated.

Researchers have recently observed that some new groups such as BARIUM or APT41 have carried out advanced supply chain attacks against software and hardware manufacturers to penetrate secure infrastructures around the world. These include two complex supply chain attacks uncovered in 2017 and 2019: CCleaner attack, ShadowPad and other attacks on game companies. Making concessions from one of these threat actors brings about a complicated process, because attackers often come from the back rooms, which later cause them to return and cause more damage.

The best recommendations for 2020:

To avoid third-party supplier risk, you should learn who can access your networks and make sure they only have the privileges they need. Having policies to communicate and enforce third-party access rules is one of the other factors that increase protection. Organizations should establish a security policy that explains responsibilities, security expectations and what happens when an event occurs for all third party suppliers.

Researchers’ recommendations for next year; it qualifies as the best organization companies can do to protect themselves from such attacks, ensuring that not only them but also their partners adhere to high cyber security standards. If third-party suppliers get any access to internal infrastructure or data, cyber security policies should be established before the integration process.

DDoS attacks

Kaspersky’s IT Security Economy report in 2019 reports that 42 percent of businesses and 38 percent of SMEs experienced a denied denial of service (DDoS) attack in 2019. This is at the same level as the ransomware events that have received much more attention in the media. Financially, DDoS attacks cost SMEs an average of 138,000 dollars.

Attackers continue to innovate to increase the effectiveness of DDoS attacks. For example, in September, Akamai reported a new DDoS vector, “Web Services Dynamic Discovery (WSD), a multicast discovery protocol to find services on a local network.” Attackers can scale and endanger misconfigured, internet-connected devices to extend the scope of DDoS attacks using WSD.

Expected in 2020:

Researchers underline that DDoS attacks were “quite prominent” in 2020 due to the increasing number of 5G and IoT devices. According to researchers, the traditional boundaries of critical infrastructures such as water supply, power grid, military facilities, and financial institutions will expand much further to unprecedented areas in a 5G-connected world. All this will require new security standards and increased connection speed will create new challenges to stop DDoS attacks from happening.

The best recommendations for 2020:

The move to be applied in the first stage; checking the internet connected devices for incorrect configurations and mismatched vulnerabilities. For example, not knowing the security status of webcams used for security will cause bigger problems at these points. An engineer from Akamai states in his predictions for 2020 that checking internet-connected devices for improper configurations and mismatched vulnerabilities is the primary security measure.

Attack vulnerabilities of applications

Veracode’s Software Security Vol. In 10 reports, at least one security error was seen in 83 percent of the 85,000 applications tested. The research found a total of approximately 10 million security errors, and 20 percent of all applications included at least one high-density security error. This situation gives attackers a lot of opportunities.

Report authors have an optimistic attitude in some data. Researchers note that they have seen improvements in rates of particularly high-density defects. The overall correction rate has increased from 52 percent to 56 percent in 2018, and the highest severe defects are at 75.7 percent. However, the biggest positive aspect in the report predicts that the DevSecOps approach, with frequent scanning and testing of software, will reduce time to correct flaws. As a matter of fact, for applications scanned 12 times or less per year, the average repair time is 68 days; this rate fell to 19 days.

Expected in 2020:

Despite the efforts of security and development teams, vulnerabilities will continue to exist in software. Veracode CTO states that most software is very insecure today. According to CTO, this will continue in 2020, especially in 90 percent of applications that use code from open source libraries. Stating that they saw some positive AppSec marks in 2019, Veracode CTO adds that organizations are increasingly focusing on fixing them and prioritizing the flaws that put them at the most risk.

The best recommendations for 2020:

As the Veracode research shows, it is an effective defense method to scan and test applications more frequently against vulnerabilities in taking precautions against the most serious vulnerabilities. Veracode researchers also urge companies to pay attention to the “security debt”. One of the increasing threats in application security is whether the applications accumulate defects over time or the ‘security debt’ concept regarding the elimination situation. An increasing security debt paves the way for organizations to be exposed to attacks.

Cloud services / infrastructure events

According to Kaspersky’s IT Security Economy report in 2019, 43 percent of corporate businesses had security incidents affecting third-party cloud services in 2019. While cloud-related events aren’t the most common in SMEs, they often draw a rather costly picture for small companies that are more dependent on services. Infrastructure incidents cost SMEs 162 thousand dollars.

Another area that saw an increase in activity in 2019 was online payment fraud. Especially the Magecart attack group showed an active profile last year. The group uses code that makes use of the wrong configurations in the cloud to replace the shopping cart code. Businesses using online e-commerce services are not aware of this change until customers complain about fraudulent fees.

Organizations need to be concerned about misconfigurations that their cloud services will leave their data open on the Internet. Attackers regularly browse the internet to obtain this data from companies. Cloud platform vendors like Amazon and Google introduced new tools and services in 2019 to help organizations properly configure their cloud systems and find bugs that leave data unprotected.

Expected in 2020:

The power of malicious code and financial reward (Magecart’s traction was millions of dollars only) means that online payment fraud will increase in 2020. Magecart’s success inspires imitators. Organizations can counteract this and other cloud threats by spending more on cloud security. According to the IDG Security Priorities Survey, only 27 percent of organizations have cloud data protection technology in production, and 49 percent are researching or trying it.

The best recommendations for 2020:

It is beneficial to conduct e-commerce files’ source code reviews and to implement sub-resource integrity in order to prevent the changed scripts from loading without your permission. Researchers recommend making sure that your cloud providers are evaluating their own code to prevent fraud and regular scans of configuration errors on the internet that expose your data.

IoT vulnerabilities

According to the Security Industry Association (SIA) 2019 Security Megatrends report, the Internet of Things (IoT) and the data it produced became the second most influential trend on security practitioners in 2019. While the growth of IoT is not difficult to predict, research company Statista predicts that by 2020 there will be between 6.6 billion and 30 billion internet-connected devices.

The threat posed by IoT was for most organizations in 2019. Marsh Microsoft 2019 Global Risk Perception Survey, 66 percent of respondents viewed IoT as a cyber risk, while 23 percent rated it as “extremely high.” According to the CyberX cyber security chief, IoT devices are soft targets for competitors because they are often bulk and misconfigured. They are also ‘not managed’ because they do not support endpoint security agents. As a result, competitors can easily compromise computing resources for gaining a place in corporate networks, performing devastating ransomware attacks, stealing sensitive intellectual property, DDoS campaigns and crypto money packaging.

CyberX’s 2020 Global IoT / ICS Risk Report revealed the most common vulnerabilities that have made IoT devices vulnerable in the past 12 months. Devices that can be accessed remotely fell 30 percent in the vulnerability in 54 percent of surveyed sites. Direct internet connections have fallen from 40 percent to 27 percent.

The previous year’s rate of 53 percent of sites with disadvantaged operating systems rose to 71 percent this year, and 66 percent of their sites were unable to perform automatic antivirus updates compared to the previous year (43 percent).

Expected in 2020:

Researchers predict that the number of connected devices will increase the risk of IoT devices in 2020 as the motivation of nation-state opponents and cybercriminals increases. Industrial environments such as energy services, production, chemicals, pharmaceuticals, oil and gas will be particularly at risk. Risks, according to researchers; costly plant outages can lead to more serious consequences such as threats to human security and environmental incidents.

CyberX cyber security chief defines building management systems (BMS) as the primary target for attackers. According to the security chief, viruses are often placed by facility management teams with minimal expertise in security, not monitored by corporate security operations centers (SOC).

The best goals for 2020 are:

Security experts recommend companies to implement a multi-layered and comprehensive defense strategy.

Stronger network segmentation

Restricted remote access to industrial control networks by third-party contractors with strong access controls such as 2FA and password vault.

Agentless network security monitoring to quickly detect and mitigate IoT attacks before attackers.
As a result, the best defense is through more focus on organizational focus rather than technical approaches. For example, one of the major shortcomings in the TRITON attack on the security systems of a petrochemical plant in Saudi Arabia was that no one ultimately saw themselves responsible for the security of the industrial control network. There have been serious declines in security monitoring and no one has checked that the firewalls at DMZ are properly configured by outsourcing companies that install them. The recommendations for CISOs are that IT security integrated into the SOC workflows and security stack, as well as stepping into the plate and taking ownership of IoT, OT security, should not be forgotten as a holistic approach to IoT and OT security.

Cryptojacking

To end the list with positive news, encryption attacks are expected to decrease in 2020. Although encryption attacks are not one of the most common threats for companies or SMEs in Kaspersky’s IT Security Economy report in 2019, these attacks were very costly for businesses in 2019. The average financial impact of the attacks on companies was $ 1.62 million.

Expected in 2020:

Encryption attacks are rising or falling in parallel with cryptocurrency values. However, the ease of attackers to execute a cryptocurrency scheme means that this threat will continue in 2020. Researchers note that mining has been steadily declining throughout 2019, and they have not seen any reason for this trend to change.

The best recommendations for 2020:

Using a security solution that detects encryption threats and paying attention to spikes in cryptocurrency values ​​that will encourage further encryption attacks are among the recommendations suggested by researchers. (more…)