Threat actors are shifting and adapting in their choice of attack vectors and tactics — prompting the need for businesses and users to stay ahead of the curve. In response to the renewed threats likely to emerge in 2020, Trend Micro has identified four key themes that will define 2020: a future that is set to be Complex, Exposed, Misconfigured and Defensible.
To look at these themes further, Digital Journal spoke with Greg Young, VP Cybersecurity at Trend Micro.
Digital Journal: What have been the main technological developments of 2019?
Greg Young: Increased Edge Computing, as driven by IoT, 5G, and cloud is foremost. AI getting into a state for more common use, and misuse is next.
DJ: Which have been the most difficult areas for businesses?
Young: The cyber threat is relentless all the while more information and services go on-line. The requirement to stay ahead of the curve gets sidetracked with events like ransomware and phishing dominating the threat landscape. More cloud means more opportunity for configuration errors that can have high impact: cloud misconfigurations mean an exponential degree of compromise. With greater interconnection between a mix of technologies and platforms comes more links in the chain, and it gets easier for attackers to find a weak link. And finally, with more tech spend happening outside the IT organization enterprises are getting weaker form the inside out.
DJ: Looking to 2020, how did you compile your report?
Young: Trend Micro’s 2020 predictions report leans on four key themes that will define 2020: The Future is Complex, Exposed, Misconfigured and Defensible. These four themes summarize the related predictions driven by both technological advances and evolved threats. We intentionally took this business view, rather than just looking for attention-grabbing but unlikely threat scenarios.
DJ: From your report, what can we expect with banking next year?
Young: Open Banking and ATM malware are the two big ones. Mobile malware targeting online banking and payment systems will become more active. The implementation of the Revised Payment Service Directive (PSD2) – also known as Open Banking – will have cybersecurity implications across the globe from flaws in application programming interfaces (APIs) to new phishing schemes. Frankly just having more parties involved through FINTECH always makes security weaker. In the underground scene, the sale of ATM malware will further gain ground, with ATM malware families competing for dominance, where they will try to outdo each other in terms of malware features and price. Cutlet Maker, Hello World, and WinPot variants, for example, are already being sold in the underground.
DJ: How will cybercriminals make use of blockchain?
Young: Blockchain is too often a super strong lock on a cardboard door, by a shady locksmith. So for victims where blockchain is involved it almost always means it is the app that is compromised, not the blockchain itself. In 2020, we anticipate cybercriminals will turn to blockchain platforms for better hiding their own transactions in the underground. Blockchain will be seen as a new means to establish a distributed trust system among buyers and sellers; smart contracts will enable cybercriminals to automate cryptocurrency payments and record them on the blockchain – when the seller and the buyer of an illicit thing aren’t ever in direct contact and the trail is one-way encrypted it is a much harder follow them. Commodity malware like ransomware and the crime-as-a-service business model will still be easy money for cybercriminals looking to easily profit from attacks.
DJ: For what criminal purposes will ‘deepfakes’ be used?
Young: AI technology will be used to create highly believable counterfeits (in image, video, or audio format) that depict individuals saying or doing things that did not occur — commonly referred to as “deepfakes.” Deepfakes will be used in phishing or stock manipulation. C-level executives will be prime targets for this kind of fraud since they are often in calls, conferences, media appearances, and online videos: there are a lot of samples to draw from. While “deepfake scams” may be in their nascent stages, employees will have to learn to identify telltale signs of deepfakes, such as a different intonation, slow speech, and artificial-looking skin in videos. Additional verification steps in finance-related processes will also be crucial, or better yet using Good AI to spot the Evil AI.
DJ: How will IoT devices be used for espionage and extortion?
Young: While cybercriminals and threat actors are yet to find a scalable business model for IoT attacks, they will use machine learning and AI to tap into connected devices in enterprise settings, such as smart TVs and speakers. IoT attack monetization, while still in its infancy, will be tested in different ways by cybercriminals with digital extortion being the likeliest of these methods.
In the underground ecosystem, these schemes will be tried on consumer devices at first, with connected industrial machinery as the next target.
IoT devices like routers will be monetized through botnets, which can be used subsequently as a distributed network for services offered to cybercriminals. Other offerings in the underground include access to webcam video streams and smart meters with modified firmware. Such exposed devices will put further conversations on IoT security front and center — particularly how not all IoT devices have built-in security and are equipped to be properly protected against various attacks.
The best use of IoT for evil though is as a lateral way into the enterprise, or as part of a DDoS attack.
DJ: Is the drive towards remote working and the idea of the home offices opening up more people to cyber-attacks?
Young: Remote devices can be infected with malware that can get into the corporate network and leak valuable information. Unlike in a bring your-own-device (BYOD) setup, employees working from home can move between multiple connected devices to access cloud-based apps and communication software. Connected home devices serving as a gateway for enterprise attacks is an unavoidable development considering how employees may find these devices (e.g., smart TVs, speakers, and assistants) convenient for work use as well.
Enterprises will have to decide on what information security policies to implement to deal with such scenarios. Using the troves of personal information, they have already amassed, cybercriminals will design enterprise attacks using home and public networks by impersonating employees. These increasingly sophisticated attacks will extend business email and process compromise well past simple redirection of funds or malware infection and become a launch point for supply chain attacks.
