With 2019 coming to a close, it’s time to reflect on the year and also look at what the new year will bring.

This year, we saw attackers set their sights on cities and government entities, impacting more than 100+ cities in the U.S. with ransomware. These attacks weren’t cheap, either — costing millions in recovery costs.

We also saw several very large data breaches across the globe. From social media sites to fitness, gaming and even genealogy firms — 2019 was a treasure trove of compromised data.

Cybercrime gangs like Evil Corp who deploys BitPaymer and Gootkit that dropped MegaCortex made headlines with targeted ransomware attacks. Trickbot took this ‘big game hunting’ to another level when it hit the tech provider of nursing homes in the US and demanded a $14 million ransom.

So what lies ahead in 2020? How will the cybercrime threat landscape change and evolve?

11 Security Predictions for 2020

I’ve pulled together my own predictions as well as insights and predictions from experts in IBM X-Force on what may be in store for us in 2020, including predictions on changing ransomware tactics, emerging nation-state actors, bias in artificial intelligence (AI) and more.

1. Banking Trojan Operators Will Change Focus

Organized cybercrime gangs from the banking Trojan realms got the hang of multi-million dollar fraud. But that’s a lot of ‘marked money’ to move around. Their answer is clear: migrating toward targeted ransomware operations, aiming to demand millions of dollars in ransom — all in bitcoin. Easier to anonymize, easier to launder, and less sharing of illicit profits with street gangs that launder bank fraud proceeds.” — Limor Kessem, IBM Security

2. Ransomware and Extortion Will Become One and the Same

“With more organizations refusing to pay elevated ransom demands, attackers wielding ransomware will resort to other modes of extortion. I anticipate an increase in the exfiltration and leaking of data if payment is not made. Will this sort of pressure make organizations pay up? We will also have to see how regulators address the types of attacks in the way they view reporting timelines.” — Limor Kessem, IBM Security

3. Destructive attacks will spread

Attacks using destructive malware or repurposing crypto-malware for disruption have been notoriously focused in the Middle East, but these attacks will spread into other regions, including North America and Europe calling on organizations to overhaul their incident response plans and drilling.” — Limor Kessem, IBM Security

4. We Will See DDoS Attacks via Privacy Requests

“Taking advantage of new privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), motivated activists and attackers will flood companies with individual rights requests either as punishment for controversial views or as a distraction as a prelude to an attack. These rights, built into the regulations to allow you to request all the information a company has related to you, are a potential unintended attack vector that will be difficult to manage without proper processes in place to handle such requests at scale.” — Cindy Compert, IBM Security

5. Devolving Cyber Power

“Countries like India, Pakistan and Vietnam will emerge among the ‘Big Four’ nation-state actors and use cyberattacks for espionage and intimidation. Their operations will use well-known hacking tools to exploit common unpatched vulnerabilities as well as ransomware to infiltrate regional adversaries and locally operated organizations.” — Wendi Whitmore, IBM X-Force Incident Response and Intelligence Services (IRIS)

6.Cybercrime and Nation State Attacks Converge

“We suspected the connection between hostile nation-state interest and financial motivation in 2017 when WannaCry attacks that spread like wildfire across the globe were attributed to North Korea. This convergence will be proven in 2020 with more nation-state actors launching financially-motivated attacks and even collaborating with known cybercrime groups from other regimes.” — Limor Kessem, IBM Security

7. As Cybersecurity AI Adoption Expands, Concerns Around AI Bias Will Grow

As IBM Security’s Aarti Borkar told Forbes, “As security teams’ use of AI continues to grow, they’ll need to monitor and manage for potential bias in their AI models to avoid security blind spots that result in missed threats or more false positives. One way to help prevent bias within AI is to establish cognitive diversity — diversity in the computer scientists developing the AI model, the data feeding it and the security teams influencing it.”

8. Broadening Hacker Horizons

“Criminals will continue to broaden their horizons from traditional network- and application-level attacks to hardware and embedded devices. IT security teams should look to increase hardware and embedded devices testing.” — Charles Henderson, X-Force Red

9. A Shift to Monetize Non-Currency Assets

“As we continue to move to a subscription economy, we also move to subscription attackers. Targeting of loyalty programs and offerings with a ‘same as cash equivalent’ will continue to increase. These may include gift cards, prepaid phone cards or other easily transferable assets or subscriptions so that criminals can consume the items quickly before being detected.” — Charles Henderson, X-Force Red

10. SMS-Based Authentication Will Lose Viability

“With the growth and ease of high-profile SIM swapping attacks in 2019, organizations will step away from relying on SMS-based authentication for security, moving toward app-based authentication.” — Dustin Heywood, X-Force Red

11. Cybersecurity Will Begin “Opening Up”

“The existing security tools sprawl that has been weighing down the industry for years will give way to a modern ‘school of thought’ in security whereby open standards combined with cloud maturity will enable more open security ecosystems. Companies will demand security solutions that not only connect workloads and data across clouds and on-prem infrastructure in a simple and open manner, but also allow businesses to leave their data wherever they want it to reside. This demand will lead the industry to rally behind open common, open-source tooling.” — Aarti Borkar, IBM Security

Learn more about IBM Security X-Force’s threat intelligence and incident response services.

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-ranking banking trojan Ramnit out to steal payment card data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today