With 2019’s headlines of ransomware, malware, and RDP attacks almost behind us, we shift our focus to the cybercrime threats ahead in 2020. Cybercriminals are increasing the complexity and volume of their attacks and campaigns, always looking for ways to stay one step ahead of cybersecurity practices – and using the world’s evolving technology against us.
By Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research
Continuing advancements in artificial intelligence and machine learning have led to invaluable technological gains, but threat actors are also learning to leverage AI and ML in increasingly sinister ways. AI technology has extended the capabilities of producing convincing deepfake video to a less-skilled class of threat actors attempting to manipulate individual and public opinion. Deepfake content is so realistic that it is difficult for humans to discern real from fake. Deepfakes are used for the spread of misinformation and employ Generative Adversarial Networks (GANs), a recent analytic technology, that can create fake but incredibly realistic images, text, and videos. Enhanced computers can rapidly process the biometrics of a face, and mathematically build or classify human features, among many other applications. While the technical benefits are impressive, the underlying flaws inherent in all types of models represent a rapidly growing threat, which cybercriminals will look to exploit.
Other trends our researchers noted in 2019 include:
- With more enterprises adopting cloud services to accelerate their business and promote collaboration, the need for cloud security is greater than ever. As a result, the number of organizations prioritizing the adoption of container technologies will likely continue to increase in 2020.
- Our researchers also foresee more threat actors targeting corporate networks to exfiltrate corporate information in two-stage ransomware campaigns.
- The increased adoption of automation and the growing importance of securing system accounts used for automation raises security concerns about to Application Programming Interfaces (APIs) and the personal data they can contain.
The threat landscape (threatscape) of 2020 and beyond promises to be interesting for the cybersecurity community. With these trends in mind, here are five predictions that are most likely to shape the threatscape in 2020:
1. Broader Deepfake Capabilities for Less-skilled Threat Actors
Deepfake video or text can be weaponized to enhance information warfare. Freely available videos of public comments can be used to train a machine-learning model that can develop a deepfake video that depicts a person doing or saying something that they never did or said. Attackers can now create automated, targeted content to increase the probability that an individual or a group of people fall for a campaign. In this way, AI and machine learning can be combined to create massive chaos.
In general, adversaries are going to use the best technology to accomplish their goals, so if the goal of nation-state actors is to manipulate an election, using deepfake video to manipulate voters is an excellent strategy. With deepfake technology, a cybercriminal can have a CEO make what appears to be a compelling statement that a company missed its earnings targets, or that there’s a fatal flaw in a product that’s going to require a massive recall. Such a video can be distributed to manipulate a stock price or to enable other financial crimes.
As deepfakes technology improves, the expertise required to use it will continue to fall, leading to an increase in the quantity of misinformation.
2. Adversaries to Generate Deepfakes to Bypass Facial Recognition
As technologies are adopted over the coming years, a very viable threat vector will emerge, and we predict adversaries will begin to generate deepfakes to bypass facial recognition. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and invest in educating themselves of the risks as well as hardening critical systems.
3. Ransomware Attacks to Morph into Two-Stage Extortion Campaigns
Based on what McAfee Advanced Threat Research (ATR) is seeing in the underground, we expect criminals to exploit their extortion victims via targeted ransomware. This means there will be an increased demand for compromised corporate networks that will be met by criminals who specialize in penetrating networks and then selling complete network access.
For 2020, we predict the targeted penetration of corporate networks will continue to grow and ultimately give way to two-stage extortion attacks. In the first stage, cybercriminals will deliver a crippling ransomware attack, extorting victims to get their files back. In the second stage, criminals will target the recovering ransomware victims again with another extortion attack, this time threatening to disclose the sensitive data stolen before the ransomware attack.
4. DevSecOps Will Rise to Prominence as Growth in Containerized Workloads Causes Security Controls to “Shift Left”
Container-based cloud deployments are growing in popularity due to the ease with which DevOps teams can continuously roll out micro-services and interact, reusing components as applications. As a result, the number of organizations prioritizing the adoption of container technologies will continue to increase in 2020.
Threats to containerized applications can be introduced by IaC (Infrastructure as Code) misconfigurations or application vulnerabilities. But they can also be introduced through abused network privileges, which allow lateral movement in an attack.
Organizations are increasingly turning to cloud-native security tools explicitly developed for container environments to address these threats. Cloud Access Security Brokers (CASB) are used to conduct configuration and vulnerability scanning, while Cloud Workload Protection Platforms (CWPP) work as traffic enforcers for network micro-segmentation based on the identity of the application, regardless of its IP. This approach to application identity-based enforcement will push organizations away from the five-tuple approach to network security, which is increasingly irrelevant in the context of ephemeral container deployments.
5. Application Programming Interfaces (API) Will Be Exposed as The Weakest Link Leading to Cloud-Native Threats
Threat actors are will continue to target API-enabled apps because APIs continue to be an easy and vulnerable way to access sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often reside outside of the application security infrastructure and are ignored by security processes and teams. Vulnerabilities will continue to include broken authorization and authentication functions, excessive data exposure, and a failure to focus on rate limiting and resource limiting attacks. Insecure consumption-based APIs without strict rate limits are among the most vulnerable.
Headlines reporting API-based breaches will continue into 2020, affecting high-profile apps in social media, peer-to-peer messaging, financial processes, and others, adding to the hundreds of millions of transactions and user profiles that have been stolen in the past two years. The increasing in API adoption for applications in 2020 will expose API security as the weakest link, putting user privacy and data at risk until security strategies mature.
About the Author
Raj Samani is a computer security expert working as the Chief Scientist, and McAfee Fellow for cybersecurity firm McAfee. Raj has assisted multiple law enforcement agencies in cybercrime cases, and is special advisor to the European Cybercrime Centre (EC3) in The Hague.
He has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, Intel Achievement Award, among others. Raj is also the co-author of the book ‘Applied Cyber Security and the Smart Grid’, CSA Guide to Cloud computing, as well as technical editor for numerous other publications.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.