Attacks on 5G
The move to 5G is predicted to exacerbate threats to the telecom industry as 5G’s architectural features open up opportunities for new types of attacks on carriers’ networks. At the same time, according to Positive Technologies experts, during the transition period, when networks of previous generations will still be used for voice calls and SMS, all the shortcomings of their protection will be relevant for 5G subscribers for a long time.
Deepfake development
With the development of artificial intelligence technologies and neural networks, attackers will be able to create a variety of information fakes – deepfakes, which can be used both to bypass biometric identification and to deceive the public and other purposes.
Supply chain attacks on the rise
The growth of attacks on supply chains was predicted in 2019, and this forecast remains relevant. Typically, attackers inject malware into the legitimate code of software developers, which then spreads to the victims. Trend Micro does not exclude that in 2020 MSSP providers may turn out to be a similar channel of infection for the organizations they serve, being compromised.
The rise of attacks using stolen credentials (Credential stuffing)
According to Chronicle experts, numerous data breaches that took place in 2019 will lead to the active use of this data to carry out attacks. With the increase in the amount of data available, stolen data substitution attacks will become an increasingly viable method of monetizing for attackers.
Attacks on devices and equipment, not windows machines
The focus of cybercriminals is shifting from personal computers to various IoT (Internet of Things) devices, network equipment, cameras, drones, etc. Avast predicts that cybercriminals will add sophisticated protection to malware targeting such devices, making them harder to detect and analyze, similar to how they protect malicious code on Windows. With the growing popularity of smart devices, the surface of IoT attacks will expand.
Growth of attacks on clouds
Active cloud migration creates new security risks. Corporate data stored in cloud services will increasingly become the target of malicious attacks that can be accessed through code injection attacks – deserialization errors, cross-site scripting, and SQL injection, Trend Micro predicts.
Increased complexity of attack methods
Experts unequivocally say that cybercriminals will become smarter and more sophisticated. McAfee is talking about a possible transition of attackers to two-stage campaigns using ransomware. It is also predicted that attackers will output data from infected devices using non-standard methods, for example, via signaling data or via Wi-Fi/4G connections.
RDP attacks
In 2020, a significant increase in all types of attacks against RDP (Remote Desktop Protocol) is expected. Cybercriminals will be able to take advantage of poorly configured servers with RDP or exploit protocol vulnerabilities, depending on what is more profitable for them, according to Avast.
Attacks on critical infrastructure
There will be more attacks on critical infrastructure – experts from Group-IB, Trend Micro and Chronicle agree on this. Industrial espionage, traditional malware or ransomware attacks, supply chain attacks – the options vary. Attacks are expected both on energy enterprises, industrial systems, and life support systems and on government resources.
Development of cyber services for sale
Cyber service schemes for sale will evolve, gain momentum, and take on new forms, say Positive Technologies experts. For example, a scheme may become very popular when some attackers break into the infrastructure of companies and penetrate the internal network, and then sell or lease it to other participants in the shadow market (access as a service model).
Picture Credit: Unsplash