eqrite, a provider of IT security and data protection solutions to corporates, SMEs, and governments, has announced its threat predictions.
2019 was an inflexion point for cybersecurity in India. Rapid digitisation left the country’s business ecosystem vulnerable to new-age threats and attacks, growing both in complexity and scale. But how will the threat landscape pan out in 2020? Seqrite, a provider of IT security and data protection solutions to corporates, SMEs, and governments, has announced its threat predictions that will shape the future of enterprise security in the coming year.
Ransomware and exploits to target cloud infrastructures and enterprise networks
The biggest security trend predicted by Seqrite for 2020 is the evolution in ransomware attack strategies. Currently, most ransomware authors target individual users and devices. This is expected to change in the future, with a projected increase in the number of complex ransomware attacks directed at cloud infrastructures. A single successful breach could give threat actors the opportunity to compromise large amounts of data. Cybercriminals are also expected to figure out a way of moving beyond DoS attacks to target BlueKeep-like wormable exploits in 2020. This will allow them to exploit these vulnerabilities to their full potential and launch more severe ransomware attacks with significant lateral movement across the network.
Deepfake attacks will be used to conduct large-scale enterprise frauds
Another major security trend will be the growing adoption of deepfake attacks, with a recent enterprise fraud worth around €220,000 only expected to be the beginning. Security researchers at Seqrite predict this trend to gain more momentum in 2020, as cybercriminals conduct large-scale enterprise cyber frauds by creating fake/manipulated video and audio clips through Generative Adversarial Networks (GANs).
APT attacks to target critical infra while 5G connectivity to give rise to new threats
The recent APT attack on Kudankulam nuclear power plant has emphasized on the significance of security of critical infrastructure. We may witness a rise in such attacks on critical public infrastructure like transportation networks, power plants, telecommunication systems, etc. Such attacks can function in hiding for days, even months, stealing very large chunks of data before getting detected.
With 5G-driven seamless interconnectivity becoming a tangible reality in future, Seqrite expects the threat exposure to increase substantially. Cybercriminals will look to capitalise on the new potential entry points that will open up within enterprise networks as everything from internet cars to smart refrigerators connect with them. The increase in threats to confidentiality and privacy will be unprecedented, with organisations and institutions required to monitor a much larger landscape for attacks.
Windows 7 attacks to increase and macro-based attacks become prominent
With Microsoft announcing the end of technical support for Windows 7, the number of attacks deployed against Windows 7 devices is expected to increase in 2020. More cybercriminals are also expected to prefer macro-based attacks over MS Office. Microsoft has taken many steps to block MS Office exploits, making it harder to execute exploit codes on newer Windows variants. This is expected to drive a shift towards macro-based attacks amongst threat actors. Macro-based attacks – unlike exploits, which are specific to application version – can be executed across all versions of MS Office. Cybercriminals also have free access to many open-source obfuscator and macro generation tools that can be used to create attack payloads.
Speaking on these security predictions, Sanjay Katkar, CTO & Joint Managing Director – Quick Heal Technologies, said, “2019, from a cybersecurity standpoint, was another challenging year full of evolving threats, large scale data breaches and major policy changes, affecting businesses of all sizes. The year witnessed an evolving threat landscape, with cybercriminals adopting latest tools and technologies to outsmart the enterprise ecosystem. In 2020, we foresee the threat landscape become more challenging, as a large number of cybercriminals deploy AI to scale up their attacks. State-sponsored threat actors will increase their use and sophistication of AI algorithms, to scrutinize defense mechanisms and customize attacks targeted to vulnerable areas in the enterprise network. We also expect attacks like deep-fakes, APTs, ransomware, web skimming to take centre stage in 2020.”
Amongst other enterprise security trends predicted by Seqrite is an increase in complexity and volume of web skimming attacks. Web skimmers such as Magecart wreaked much havoc in 2019 and compromise thousands of websites to deliver skimming codes. Web skimmers with self-deleting code abilities such as Pipka are expected to gain prominence in 2020; Seqrite threat researchers are already seeing a rapid spike in advanced webskimming attacks.
Armed with deep threat intelligence capabilities, Seqrite had previously predicted many of the enterprise security trends that became prominent in 2019, including an increase in web skimming, IoT-based, cryptomining, and cloud-based attacks. Its prediction about targeted attacks exploiting supply chain vulnerabilities also came true, as did the projected rise in ransomware attacks target utility infrastructure. Its security researchers also correctly called out the rise in the data-centric attacks targeting enterprises with weak data security postures, as well as the growing threat risk in the mobile landscape.