Cyber Crimes in 2020: What to Expect?
Image from Shutterstock
In the context of cybersecurity, 2019 was marked by APT attacks, the search for hardware vulnerabilities, and high-profile leaks. While company leaders realized the need to build an effective information security system, criminals settled firmly in cyberspace. Here you need to stop and pick up a good antivirus solution to be on the safe side, to read Webroot review, or to find some efficient free antivirus for your device.
The ratio of the forces of cybercriminals and defenders is not in favor of the latter: APT groups actively use the latest vulnerabilities, act very quickly, and, most importantly, often change tools and tactics. The immediate threat of complex targeted attacks encourages companies to take a fresh look at the effectiveness of security systems. It is time to review old approaches and talk about a new type of information security.
Positive Technologies experts have summed up the cyber totals of the past 12 months and told what to expect in 2020.
Cyber Threats Forecasts
Large companies will continue to pay attention not only to regulators’ requirements but also to the need to build practical security aimed at minimizing business risks. Small and medium-sized businesses, not always ready to invest enough in cybersecurity, will remain under the spotlight of both mass cyber campaigns and targeted attacks by hacker groups. Due to the increased security of large players, hackers will have to resort not only to sophisticated phishing and the creation of increasingly advanced samples of VPO but also to hacking less secure companies to conduct attacks through them on target organizations, including through trusted channels tuned between them.
Cyber service schemes for sale will develop, gain momentum, and take new forms. In particular, a scheme can gain great popularity when some attackers hack into the infrastructure of companies and penetrate the internal network, but do not use such access for their own purposes, but sell or lease it to other participants in the shadow market (access as a service model). Malware operators (for example, cryptographers) will not need to think about how to infect the company’s systems; they will simply pay some rent for access to already hacked networks. For example, REvil grouping (also known as Sodinokibi) already uses such a scheme to propagate ERP. Prices for such access may vary depending on their level. For example, if you have access to hundreds of nodes in the network, it can cost $3000. The US and full control over corporate networks can be sold for $20,000.
It is possible to predict an increase in the number of incidents in the SMB sector, related to TECH-fraud (business email compromise) — social engineering using real accounts of employees of companies, including management. The threat is especially relevant for companies that regularly make large remittances to counterparties, partners since attackers can — allegedly on behalf of a proxy — ask authorized employees of the victim company to pay the bill using false details. Examples of such attacks are already known, and, according to the FBI, over the past three years, they have already caused damage of $26 billion.
Attacks on Users
The number of attacks on individuals continues to grow. For the three quarters of 2019, Positive counted 231 hacker campaigns aimed at ordinary users (for the same period of 2018–217 campaigns). As a rule, these are mass attacks that affect many victims simultaneously, and it is impossible to calculate the exact number or scale of damage.
As before, the main ways to get to these users are social engineering and malware infection of devices. Criminals continue to exploit illiteracy in their own information security. A year earlier, the selection of passwords for accounts on sites and social networks amounted to a significant share of attack methods (12% for the three quarters of 2018). Still, in 2019 the experts notice that this trend is reversing: only 6% of attacks used this method. It is probably because the vast majority of Internet services today allow you to use two-factor authentication, which complicates the attack.
Attackers actively use website vulnerabilities to attack ordinary citizens. It is important to note the increasing cases of publishing databases with user data in the dark web, which were stolen from various organizations due to attacks or simply were not password protected and kept in the public domain due to negligence of IT administrators. It is difficult to say how much this trend
relates to 2019, the data were likely disclosed earlier, but this was not publicized. Today, for criminals, selling data in large volumes or piece by piece has become a real profitable business.
Attackers can combine data from leaks that have occurred over the past few years into one database and sell them in bulk. Moreover, criminals distributing such complete digital files for money do not need to be hackers at all; it is enough simply to correctly rework information about leaks in the history of a company. Such incidents primarily affect the reputation of the company. Only a comprehensive, mature approach to security will help minimize risks — from improving employee literacy in the information security issues to a strict delineation of access rights and the use of the most advanced practice-oriented cybersecurity tools.
