Cybersecurity Predictions for 2020
The year 2020 marks the transition to a new decade, and recent notable events and trends signify a similar changeover in the threat landscape. Cybersecurity in 2020 and beyond will have to be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to advancing technological developments and global threat intelligence — only so defenders can keep up with and anticipate cybercrime mainstays, game changers, and new players.
The old paradigm, where networks are isolated behind acompany firewall, is behind us. Gone are the days of using alimited stack of enterprise applications. The current paradigm demands a wide variety of apps, services, and platforms that will all require protection. Layered security that is applied to various implementation efforts and keeps up with ecosystem shifts will be crucial in tackling the broad range of threats.
Tried-and-tested methods — extortion, obfuscation, phishing — remain successful in attacks we see today, but new risks will inevitably emerge. The increased migration to the cloud, forinstance, exacerbates human error: Misconfigurations contributeto the possibility of exponential compromise. The sheer number of connected assets and infrastructures further creates a slew of issues that opens doors to threats. Enterprise threats will be no less complex, mixing traditional risks with new technologies, likeartificial intelligence (AI) in business frauds.
Trend Micro’s cybersecurity predictions for 2020 reflect Trend Micro experts’ opinions and insights on current and emerging threats and technologies. The scenarios and developments described are of the possible future, where technological advances and evolved threats will be key drivers for landscape changes. This report intends to empower enterprises in making informed decisions in specific security focus areas that will present challenges and opportunities in 2020 and the coming decades.
Attackers will outpace incomplete and hurried patches
System administrators will need to be vigilant when it comes to not only the timeliness of patch deploymentsbut also the quality of the patches they deploy. Applying a patch of poor quality to critical systems couldbreak important functionalities or lead to failure due to patch defects. Delaying the application of a patch, on the other hand, puts systems at risk of compromise due to an attack on a known vulnerability.
Patch-related issues leave open windows of exposure that attackers will use as points of entry. We anticipatemore cases of patch bypass when the patch released is insufficient. For example, an attacker can trigger an exploit by changing a couple of lines to the fix’s code. Last year, a patch for a then zero-day vulnerability in the Microsoft Jet Database Engine was found to be “incomplete,” that is, the flaw was only limited and not eliminated. (1) This year, hackers exploited vulnerabilities in Cisco routers that were later found to have incomplete fixes. (2)
In cases where the patch does not eliminate the vulnerability or a gap exists in patch implementation, virtual patching can help by providing immediate protection and shielding from known and unknown vulnerabilities.
Critical infrastructures will be plagued by more attacks and production downtimes
Utilities and other critical infrastructures (CIs) will still be viable targets for extortionists in 2020. Extortion through ransomware will still be cybercriminals’ weapon of choice as the risk for companies is high. Prolonged production downtime translates to hefty monetary losses; production lines can be debilitated forweeks, depending on how long system restoration takes. Attackers can also assemble a botnet to mount a distributed denial-of-service (DDoS) attack against operational technology (OT) networks. Manufacturingcompanies that employ cloud service providers will be at risk of supply chain attacks; unsecure providers couldserve as jumping-off points for threat actors to attack and immobilize production. Cyberattacks jeopardizeavailability, which is the top priority in these infrastructures, and the pressure to tighten cybersecurity forcompanies employing the industrial internet of things (IIoT) will only increase. (33)
Over the past years, different threat actors have targeted several energy facilities across the world in reconnaissance campaigns. (34) These activities for targeted ransomware attacks focus on getting accessto credentials for industrial control systems (ICSs) and supervisory control and data acquisition (SCADA)systems and gathering information on how the facilities operate. The impact of these compromises willpropagate not only within the affected CI system but also across its interdependencies, with widespread consequences (e.g., disrupting local power plants and affecting energy supplies (35)).
This is not to say that system failure due to attacks will affect only the utilities industry. Food production, transportation, and manufacturing facilities will also be at risk as they increasingly use IoT applications and human-machine interfaces (HMIs) as their main hub for managing diagnostic and controller modules.
Public CIs and government IT infrastructures will find themselves open to attacks for longer than private industrial environments, as these areas of the public sector tend to be underfunded. Information gatheredin reconnaissance campaigns will give threat actors opportunities for more coordinated attack attempts to disrupt not just infrastructures but also public services and political processes.
Read the full report here.