Increase in complexity and sophistication as well as more targeted attacks are expected in the upcoming 12 months based on cyber crime activity of the past year, according to various resources that have conducted research over the subject.

Advancements in artificial intelligence and machine learning have resulted in significant technological gains, but threat actors are adapting and develop in increasingly malicious ways as well. Capabilities of deepfake videos produced by threat actors have been extended due to improved AI technology and AI-driven facial recognition is being used in production of deepfake videos capable of fooling humans and machines as well. Considering the number of personal details available, which increased because of personal data leaks that happened in the past years, and the technologies above, researchers believe that the number of creation of scams and social engineering schemes is going to increase in a high scale in 2020.

Researchers also expect attacks against corporate networks to steal information in two-stage ransomware campaigns. Furthermore, as cloud services usage increases, the need for cloud security is greater than ever. The increased adoption of robotic process automation and the growing importance to secure system accounts used for automation raises security concerns tied to Application Programming Interface (API) and their wealth of personal data.

More Specifically:

  • Broader deepfakes capabilities for less-skilled threat actors: Freely available video of public comments can be used to train a machine-learning model that can develop of deepfake video depicting one person’s words coming out of another’s mouth. Attackers can now create automated, targeted content to increase the probability that an individual or groups fall for a campaign. In this way, AI and machine learning can be combined to create massive chaos.
  • Adversaries to generate deepfakes to bypass facial recognition: As technologies are adopted over the coming years, a very viable threat vector will emerge, and adversaries will begin to generate deepfakes to bypass facial recognition. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and invest in educating themselves of the risks as well as hardening critical systems.
  • Ransomware attacks to morph into two-stage extortion campaigns: For 2020, the targeted penetration of corporate networks will continue to grow and ultimately give way to two-stage extortion attacks. In the first stage cybercriminals will deliver a crippling ransomware attack, extorting victims to get their files back. In the second stage criminals will target the recovering ransomware victims again with an extortion attack, but this time they will threaten to disclose the sensitive data stolen before the ransomware attack.
  • Application Programming Interfaces (API) will be exposed as the weakest link leading to cloud-native threats: Vulnerabilities will continue to include broken authorization and authentication functions, excessive data exposure, and a failure to focus on rate limiting and resource limiting attacks. Insecure consumption-based APIs without strict rate limits are among the most vulnerable.

Other targeted threat predictions for 2020 include:

  • False flag attacks reach a whole new level. This will develop further, with threat actors seeking not only to avoid attribution but also to actively lay the blame on someone else. Commodity malware, scripts, publicly available security tools or administrator software, mixed with a couple of false flags, where security researchers are hungry for any small clue, might be enough to divert authorship to someone else.
  • New banking regulations in EU open new attack vectors. As banks will be required to open their infrastructure and data to third parties who wish to provide services to bank customers, it is likely that attackers will seek to abuse new mechanisms with new fraudulent schemes.
  • More infrastructure attacks and attacks against non-PC targets. Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems, VPNFilter and Slingshot, for example, targeted networking hardware.
  • Cyber attacks focused on trade routes between Asia and Europe. There are several ways this could play out. A Growth in political espionage as governments seek to secure their interests at home and abroad is included. It is likely to extend also to technological espionage in situations of potential or real economic crisis resulting instability.
  • New Interception capabilities and data exfiltration methods. There Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries.
  • Mobile APTs develop faster. There are no good reasons to think this will stop any time soon. However, due to the increased attention given to this subject by the security community, we believe the number of attacks being identified and analyzed in detail will also increase.

The future holds so many possibilities that there are likely to be things not included in the researchers’ predictions. The extent and complexity of the environments in which attacks take play out offer so many possibilities. In addition, no single threat research team has complete visibility of the operations of APT threat actors.

Chris Poultsidis
Larissa Team