Light Dark
December 17, 2019 By Limor Kessem 4 min read
Advanced Threats
Artificial Intelligence
CISO
Cloud Security

With 2019 coming to a close, it’s time to reflect on the year and also look at what the new year will bring.

This year, we saw attackers set their sights on cities and government entities, impacting more than 100+ cities in the U.S. with ransomware. These attacks weren’t cheap, either — costing millions in recovery costs.

We also saw several very large data breaches across the globe. From social media sites to fitness, gaming and even genealogy firms — 2019 was a treasure trove of compromised data.

Cybercrime gangs like Evil Corp who deploys BitPaymer and Gootkit that dropped MegaCortex made headlines with targeted ransomware attacks. Trickbot took this ‘big game hunting’ to another level when it hit the tech provider of nursing homes in the US and demanded a $14 million ransom.

So what lies ahead in 2020? How will the cybercrime threat landscape change and evolve?

11 Security Predictions for 2020

I’ve pulled together my own predictions as well as insights and predictions from experts in IBM X-Force on what may be in store for us in 2020, including predictions on changing ransomware tactics, emerging nation-state actors, bias in artificial intelligence (AI) and more.

1. Banking Trojan Operators Will Change Focus

Organized cybercrime gangs from the banking Trojan realms got the hang of multi-million dollar fraud. But that’s a lot of ‘marked money’ to move around. Their answer is clear: migrating toward targeted ransomware operations, aiming to demand millions of dollars in ransom — all in bitcoin. Easier to anonymize, easier to launder, and less sharing of illicit profits with street gangs that launder bank fraud proceeds.” — Limor Kessem, IBM Security

2. Ransomware and Extortion Will Become One and the Same

“With more organizations refusing to pay elevated ransom demands, attackers wielding ransomware will resort to other modes of extortion. I anticipate an increase in the exfiltration and leaking of data if payment is not made. Will this sort of pressure make organizations pay up? We will also have to see how regulators address the types of attacks in the way they view reporting timelines.” — Limor Kessem, IBM Security

3. Destructive attacks will spread

Attacks using destructive malware or repurposing crypto-malware for disruption have been notoriously focused in the Middle East, but these attacks will spread into other regions, including North America and Europe calling on organizations to overhaul their incident response plans and drilling.” — Limor Kessem, IBM Security

4. We Will See DDoS Attacks via Privacy Requests

“Taking advantage of new privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), motivated activists and attackers will flood companies with individual rights requests either as punishment for controversial views or as a distraction as a prelude to an attack. These rights, built into the regulations to allow you to request all the information a company has related to you, are a potential unintended attack vector that will be difficult to manage without proper processes in place to handle such requests at scale.” — Cindy Compert, IBM Security

5. Devolving Cyber Power

“Countries like India, Pakistan and Vietnam will emerge among the ‘Big Four’ nation-state actors and use cyberattacks for espionage and intimidation. Their operations will use well-known hacking tools to exploit common unpatched vulnerabilities as well as ransomware to infiltrate regional adversaries and locally operated organizations.” — Wendi Whitmore, IBM X-Force Incident Response and Intelligence Services (IRIS)

6.Cybercrime and Nation State Attacks Converge

“We suspected the connection between hostile nation-state interest and financial motivation in 2017 when WannaCry attacks that spread like wildfire across the globe were attributed to North Korea. This convergence will be proven in 2020 with more nation-state actors launching financially-motivated attacks and even collaborating with known cybercrime groups from other regimes.” — Limor Kessem, IBM Security

7. As Cybersecurity AI Adoption Expands, Concerns Around AI Bias Will Grow

As IBM Security’s Aarti Borkar told Forbes, “As security teams’ use of AI continues to grow, they’ll need to monitor and manage for potential bias in their AI models to avoid security blind spots that result in missed threats or more false positives. One way to help prevent bias within AI is to establish cognitive diversity — diversity in the computer scientists developing the AI model, the data feeding it and the security teams influencing it.”

8. Broadening Hacker Horizons

“Criminals will continue to broaden their horizons from traditional network- and application-level attacks to hardware and embedded devices. IT security teams should look to increase hardware and embedded devices testing.” — Charles Henderson, X-Force Red

9. A Shift to Monetize Non-Currency Assets

“As we continue to move to a subscription economy, we also move to subscription attackers. Targeting of loyalty programs and offerings with a ‘same as cash equivalent’ will continue to increase. These may include gift cards, prepaid phone cards or other easily transferable assets or subscriptions so that criminals can consume the items quickly before being detected.” — Charles Henderson, X-Force Red

10. SMS-Based Authentication Will Lose Viability

“With the growth and ease of high-profile SIM swapping attacks in 2019, organizations will step away from relying on SMS-based authentication for security, moving toward app-based authentication.” — Dustin Heywood, X-Force Red

11. Cybersecurity Will Begin “Opening Up”

“The existing security tools sprawl that has been weighing down the industry for years will give way to a modern ‘school of thought’ in security whereby open standards combined with cloud maturity will enable more open security ecosystems. Companies will demand security solutions that not only connect workloads and data across clouds and on-prem infrastructure in a simple and open manner, but also allow businesses to leave their data wherever they want it to reside. This demand will lead the industry to rally behind open common, open-source tooling.” — Aarti Borkar, IBM Security

Learn more about IBM Security X-Force’s threat intelligence and incident response services.

 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | 
Limor Kessem
Principal Consultant, X-Force Cyber Crisis Management, IBM

More from Advanced Threats
May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

April 9, 2024

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature