Positive Technologies reflects on the past year and shares what to expect in cybersecurity in 2020
FOR IMMEDIATE RELEASE / PRURGENT
Framingham, MA (January 20, 2020) – In a new report issued today, Positive Technologies experts have identified the following key trends from 2019:
• The public sector is under attack. Around the globe, government institutions have been the targets of APT attacks. Among the APT groups that were studied by specialists from our Positive Technologies Expert Security Center (PT ESC), 68% were targeting government institutions. In 2019, PT ESC experts uncovered the APT group Calypso, which focuses specifically on attacking government institutions. These institutions are an easy target for attackers due to basic security measures, the technological illiteracy of many public servants regarding information security, and public access to information about government security software purchases.
• Large-scale attacks on the financial sector are no longer profitable. The total number of attacks on financial organizations has decreased, in large part due to a shrinking proportion of large-scale attacks in this sector. Most banks, particularly large ones, have equipped themselves to effectively deter large-scale attacks (for instance, distribution of cryptomalware). Consequently, hackers have decided to focus on other, less-defended sectors. Meanwhile, the number of direct, targeted attacks has remained at its former level. Experts have also noted an uptick in the number of attacks involving contactless payment: these generally involve transactions that are below CVM (Cardholder Verification Method) limits, in which case a PIN code does not have to be entered to confirm the transaction.
• Hardware vulnerabilities have forced businesses to change their threat models. Over the past two years, we have only seen the tip of the iceberg regarding hardware vulnerabilities. Searching for hardware vulnerabilities is a new trend among researchers, who are looking for (and finding!) lower and lower-level vulnerabilities, right down to circuit boards and elements of hardware logic. Large companies have acknowledged the scale of this problem and are accounting for these vulnerabilities in their threat models. To counteract the problem, they have largely been investing in defensive equipment development and in employee training.
Additionally, Positive Technologies experts predict the following trends in 2020:
• The black market for cyberservices will grow. For instance, "access as a service" could gain great popularity—attackers break into company infrastructure and sell temporary access to other entities on the black market.
• Industrial cyberespionage will continue. Attacks aiming to conduct espionage in the industrial and energy sectors will continue, building on attacks that have already been successfully committed. However, companies will learn to identify these attacks—a process that will be greatly facilitated if industry leaders acknowledge the necessity for effective information security infrastructure.
• United States elections could be at risk. Research has shown that smart voting machines are extremely insecure and can be easily breached by cybercriminals. As the United States presidential election draws near, we can expect impactful cyberattacks directed at the sites of political parties and presidential candidates. We can also expect attempts to influence public opinion via social networks.
• The implementation of 5G networks promises new risks for service providers. Currently, cyberattackers are able to cause problems with smart-home elements or industrial IoT within any network. As 5G networks proliferate and IoT develops, the scale of these threats will also grow. Network-enabled cars and vital municipal systems could become victims of attacks. So long as 5G networks are built on the foundation of previous-generation networks, the security deficiencies of these systems will be a concern for 5G network subscribers as well.
• Attacks on web-resource users will increase. The rapid growth of the e-commerce market will attract hackers and provoke new, sophisticated attacks on individuals, exploiting web vulnerabilities. Among these vulnerabilities will be those caused by errors in code. In 2019, these types of errors were responsible for 82% of the total vulnerabilities found in web apps.
• We will see more stories about data leaks. Cases in which illegally obtained user data are sold will become more frequent. This will not only involve freshly stolen data, but also data from previous leaks. We predict that stories about database leaks will become an ever-larger part of the news cycle.
• Hackers will focus their attacks on mobile finance apps. Criminals will most likely be interested in vulnerabilities that can be exploited to obtain user information. Consequently, we can expect more stories about leaks involving personal information and bank card data.
Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community.
ptsecurity.com, facebook.com/PositiveTechnologies, facebook.com/PHDays
CONTOS DUNNE COMMUNICATIONS