As we enter the new year, preparation in cybersecurity is critical, according to CrowdStrike vice president of technology strategy, Michael Sentonas. The following trends focus on the issues likely to be seen in 2020, with an emphasis on which attack vectors are most likely to be exploited and more importantly, what businesses can do about it.
Targeted enterprise ransomware escalates
“Although enterprise ransomware is not new, attacks that were once the domain of consumers whilst on decline in number have spawned new monetisation schemes. As such, ransomware will continue to be a huge issue in 2020. Attackers have realised that business and governments have more valuable information to target, more money for ransom payments and poor cyber hygiene, which indicates 2020 will see an escalation in targeted enterprise ransomware.
“Over 2019, multiple US organisations reported ransomware payments ranging in the hundreds of thousands to nearly half of a million dollars for various payments made to cyber criminals. As ransom requests are getting bigger and attackers globally are watching, cyber criminals have moved away from the spray and pray method to become more globally organised from an operations standpoint, securing larger and larger payouts.”
SMB threats to increase
“The old adage in cybersecurity, ‘old vulnerabilities cause big damage’ will ring true in 2020. Attackers will look to increase development of exploits that take advantage of the vulnerability in Microsoft’s Server Message Block (SMB) protocol and they will do it with great success. Ransomware such as Ryuk allows an attack on a single infected device to quickly spread throughout an organisation.”
Iran’s continued development and potential attacks
“Iranian adversaries have carried out some of the most destructive attacks in recent years. As such, intelligence gathered in the last few months of 2019 suggest the groundwork is being laid for more destructive cyberattacks in 2020, rather that cyber espionage and intelligence gathering. Iranian adversaries continue to show advanced skills and techniques, which includes the development of destructive malware that can be used to target other governments around the world, and indicating a bigger threat from Iran in 2020.”
Increased balkanisation of technology domains
“The balkanisation of the Internet in 2020 will continue due to technological, political, economic and nationalistic agendas. Internet balkanisation refers to the segmentation of one global open Internet into multiple smaller Internets, potentially aligned against geopolitical boundaries.
“2020 will see more government efforts to reclaim the Internet with China, Russia and Iran continuing to take technical control over the Internet. Additionally, we will see more balkanisation of technology domains to protect national interest and infrastructure. This is based on historical precedent from the Russian government ban from participation in international athletic competition for four years, including events such as the Tokyo 2020 Olympics and Paralympics. Russian state-nexus adversaries will respond with targeted intrusions and/or information operations targeting these organisations, although no such efforts have been observed as of this writing. With some countries banning technology from certain Chinese and Russian companies (and the increase in risk from nation-state cyberattacks), we expect to see greater balkanization of the Internet and technology domains.”
State-sponsored and eCrime behavior blend
“We have seen the blurring of the lines between nation-state and eCrime actors for multiple years now, and this trend has continued to escalate since 2017. It is not just because eCrime actors are becoming more sophisticated, but it’s also largely because state-sponsored adversaries are leaning more towards using lower-level TTPs in order to thwart attribution efforts and to reserve their custom/advanced capabilities for more extreme needs.”