2020 started off ominously with geopolitical tension between the US and Iran. This set in motion, again, the prospect that Iran would respond to this tension with a series of cyber strikes. Iran has developed destructive malware over the years and now has the capacity to destroy the integrity of data and systems.
It also has the technical acumen to conduct attacks against the West across numerous sectors, including energy, financial services, and critical national infrastructure. This is a reality that organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.
Geopolitics and domestic terrorism manifesting in cyberspace
Even before this recent aggression, we foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace. It has ushered in an era of destructive attacks that could, for example, be used to influence the 2020 US elections. In my opinion, geopolitical tensions are going to explode in cyberspace and domestic terrorism will manifest here as well. I think we are going to see a resurgence of organised hacking as well as geopolitical clashes, specifically with Iran, Russia and China, escalating dramatically in cyberspace.
As a result, destructive attacks will increase and we predict a modernisation of wipers and wiper malware that won’t just be specific to Windows. Wiper malware that is specifically for Linux and OS X is being developed and will become more common.
Researching shows that malware continues to be a major threat
Outside of geopolitical conflict and terrorism, our research has found that malware continues to be a major threat. In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019. Our latest UK Threat Report was published in October 2019. One in five businesses (21%) reported seeing custom malware attacks most frequently and 10% cited commodity malware. It means that 31% of businesses reported malware to be the most witnessed attack type.
We conduct this research to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks. Its purpose is to identify trends in hacking and malicious attacks along with the financial and reputational impact any breaches have had on organisations.
In terms of the prime cause of successful breaches, we found that humans are proving to be the weakest link in the cyber defence chain. Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33%) of respondents affected. Ransomware took second place with 20% of businesses citing this as the primary cause.
The rise of cloud-jacking and island hopping
I predict that cloud-jacking and subsequent island hopping will become a more common practice in 2020. Attackers are looking to leverage an organisation’s infrastructure and brand against itself. There will be a lot more cloud-jacking and island hopping via public clouds as well, as new-fangled techniques for hypervisor escapes.
We will also see an increase in mobile root kits. These allow hackers to gain full control over a victim’s device. Rootkits give hackers control over other people’s mobile devices allowing them to manifest in the physical setting i.e. leveraging proximity settings on microphone, camera, location etc once they are in the device. This is going to become much more common as a form of competitive intelligence and industrial and economic espionage in the year ahead.
Access mining as a service will also grow. Cybercriminals are already seeing the benefits of not having to hack the victim but outsourcing that function or purchasing the backdoor into that system that has already been planted.
And, virtual home invasions of well-known public figures (celebrities, CEOs, politicians) will occur. Significant personalities – whether they be film stars, corporate executives, or politicians – will be hacked through the technology they’ve deployed in their homes, specifically through things like nest and others.
Businesses are adapting to sustained cyberattacks
The good news is that businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks. Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber risks.
In our report we found that companies are tightening up on factors that they can control such as process weaknesses. While 84% reported being breached in the past 12 months and 90% saw an increase in attack sophistication, 76% of companies said they are more confident that they can repel cyberattacks today than they were a year ago.
For many this is because threat hunting is reaping the rewards as teams identify threats that would previously have gone undetected. To this point 90% of the companies that we surveyed said threat hunting had strengthened their defences. Likewise, there is a sustained level of investment with 93% planning to increase their spending on cybersecurity. This demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively.
2020 marks the age of cyber warfare
Who knows how the Iran situation will continue to unfold? The 2020 landscape looks eerie. This situation heightens awareness for all businesses who must be extra vigilant against such threats.
Right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems. They should be asking them: “Do we have visibility across all of our devices? Are security controls integrated? Do we have a cyber threat hunting team that is actively conducting hunt exercises in our infrastructure now to root out threats and identify whether malicious actors already have a foothold in our networks?” Because this is not a question of if but when.
The age of cyber warfare is upon us and the threat of cybercrime to businesses continues to multiply by the day, which means the imperative to defend is stronger than ever in 2020.
VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.
More than 6,000 global customers, including approximately one third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.