What will 2020’s cyber trends be?

What will 2020's cybersecurity trends be? | Stormshield

Every year, Stormshield experts put together an analysis of structural trends for the coming year. What major issues will the world of cybersecurity be facing in 2020? As with last year, we've been looking closely at a number of weak signals, the latest industry analyses, and the opinions of our experts. We project these into 2020, examining four assumptions (and four scenarios) which may shape cybersecurity in this new year. And not a crystal ball in sight...

 

Trend 1: the rise of multi-level phishing?

Weak signals from 2019:

In 2019, the share of main attack vectors composed of phishing attempts increased (according to a Microsoft report, published at the end of the year). And "the level of sophistication seen in the phishing methods used presents a challenge", with fake 404 pages and even fake pages indexed with Google. In October, an article published on Kaspersky's blog even reported phishing campaigns disguised as assessment interviews!

Between 2017 and 2018, Google search engine searches linked to the word "deepfake" increased a thousandfold. And the promised threat became tangible in 2019. In September, a British company fell victim to a CEO scam after an employee made a payment of £200,000 to a Hungarian provider. The employee had thought they had received a telephoned instruction from the CEO, but it was in fact a deepfake produced from a voice recording. Another example (this time involving images) was a video released in November, showing footage of Donald Trump announcing the worldwide end of the AIDS epidemic. But it was a false alarm: in fact, it was a campaign from a French association, based again on a deepfake. In addition to these two news items, Google announced that the rollout of Duplex, an automated phone calling system using artificial intelligence, was to be brought forward. So will 2020 be the year of deepfake-driven social engineering?

Possible scenarios for 2020:

The addition of deepfakes to the cybercriminal's arsenal poses a genuine technical challenge in terms of prevention and security. And most experts are fretting as they ponder the complexity of this threat. With deepfake production tools now starting to become universally available, it is highly likely that 2020 will see an increase in deepfake-driven phishing campaigns. And this technique will be one of the most closely watched in 2020, particularly with the approach of the US presidential election in November. So how does it work? Practically speaking, a deepfake could be used as part of a phishing or spear-phishing campaign. For example, imagine an audio deepfake presented as a call from an executive committee member, informing you that she's about to send over a PDF requiring urgent attention. And no sooner have you clicked on it than the ransomware is installed...

The threat of a "deepfake-as-a-service", serving to increase the effectiveness of cyberattack campaigns, is therefore a serious one. So much so, that a report from the Forrester consultancy firm estimates the costs of deepfake attacks could be as high as 250 million dollars in 2020. However, creating a credible deepfake would appear to be an extremely complex, expensive business. And it is precisely this cost factor (compared to the cost of creating basic ransomware) which adds a caveat to the anticipated explosion in deepfakes-as-a-service. A team from the Le Monde, a French newspaper tried, and gave up: too complex and expensive for mere mortals. But will the same be true of cybercriminals with more substantial resources; for example, of the State-sponsored variety? Or small-scale independent experts? All this leads to the conclusion that 2020 could be the year of multi-layered phishing attacks, with simple campaigns – playing on the credulity of their targets using tried and tested techniques – and more complex campaigns, making use of the latest technologies to fool more seasoned warriors.

 

Trend 2: will cyberattacks against food companies become commonplace?

Weak signals from 2019:

In April 2019, French giant Fleury Michon paid the price of a successful cyberattack which forced it to freeze its operations for five days. In December 2019, the Italian catering brand Fratelli Beretta was hit by the Maze ransomware, as was the Belgian beer company Busch afterwards. More than ever, the food industry seems to be in the eye of the cyclone, attracting the enthusiastic attention of cyberattackers of all flavours.

At the same time, public awareness of the issues involved in food production is increasing, and consumers are becoming more demanding. A telling statistic: 92% of Yuka users put products back on the shelf if they are badly rated by the app (according to co-founder Julie Chapon, citing an impact study in a September 2019 article on Forbes).

Possible scenarios for 2020:

A hypersensitive industry, a largely automated production chain and a quality assurance system which is a vital cornerstone of the industry: all these aspects combine to ensure that the food industry will remain a high-risk area in years to come.

Whether from a state-sponsored actor (in response to an open conflict) or a cyber-terrorist (seeking to attack population groups by making food products harmful to health), it is highly likely that 2020 will see increasingly frequent cyberattacks against key players in the food industry. And some fairly grim scenarios can be imagined. For example, one in which a highly targeted attack could affect the programming of machinery, or force some industrial components to operate while empty, causing premature wear. Why? To sabotage the industrial installations in question. How? With a good old-fashioned USB key or a phishing campaign, designed to infect a workstation before spreading through the network. Some industry giants have foreseen this scenario and have implemented effective protection (via network segmentation, for example), and have as a result secured their assets. However, small- to medium-sized actors in this industry seem more vulnerable to this kind of cyberattack – which could lead to serious financial losses and a PR disaster in terms of brand image.

 

Trend 3: is tomorrow's malware already in place?

Weak signals from 2019:

"Mass cybercrime is on the increase," emphasised Guillaume Poupard, Managing Director of the ANSSI data protection agency, in an interview with Libération, another French newspaper, reflecting on developments in 2019. And indeed, 2019 did see the propagation of complex, large-scale cyberattacks. Consider, for example, the ransomware that hit the M6 TV station and Rouen's University Hospital in France, or the attacks linked to LockerGoga and Ruyk.

In March 2019, the US attack on a power station in Venezuela provided an illustration of such large-scale cybercriminality, often conducted at State level.

In November 2019, a study revealed that some flaws and vulnerabilities have been in use for more than ten years by cyberattackers, and are still being exploited today. In some cases, the companies in question know where the vulnerabilities in their systems lie, but lack the resources needed to replace the affected applications. This scenario is a common one in the medical sector, which uses applications that are only capable of running on old operating systems. In the industrial sector, some IT components are retained even when obsolete, accentuating the risk of being targeted by an attack "planted" several years ago. Which prompts the question: does a vulnerability's disruptive potential increase with its age? We may learn the answer to this in 2020...

Some possible scenarios for 2020:

In that same way that certain viruses can lie dormant in the human body for many years, some attacks have been "sleeping" for long periods of time following their installation on sensitive information systems. This makes it easy to conceive of a scenario in which key sectors (health, food&beverage, energy industries) could be infected by malware that has lain dormant for years.

And it is relatively easy to imagine a catastrophe scenario here. How would a major international firm cope if, in the middle of the night, all of its production plants around the world were to stop working simultaneously? Machines stop running for weeks on end, production stalls completely and all perishable goods end up being thrown away. The result: a disastrous image on the TV news, and guaranteed financial losses. The cause? A discreet, successful phishing campaign several years ago, leading to the infection of various company networks with dormant malware. The malware then spreads locally to workstations which are still running an old version of Windows, and is activated remotely. Since it has already propagated to all workstations, even the emergency measure of unplugging the cables is useless. Cue black screens everywhere.

 

Trend 4: are hacktivists about to make a big comeback?

Weak signals from 2019:

Although attacks by hacktivists are said to have fallen by 95% since 2015, recent world news reveals a rise in emotive causes to be fought: criticism of the Australian Prime Minister's response to the country's bushfires, revolts in Hong Kong against the Chinese government, French protests against plans by public bodies to use facial recognition systems, etc.

In December 2019, during demonstrations against pension reforms in France, the MEDEF employer federation's website suffered a DDoS attack which took it offline for a couple of hours.

Shortly before that, in November 2019, the hacker Phineas Fisher launched his personal "bug bounty" against oil companies and capitalist institutions.

Possible scenarios for 2020:

Could 2020 mark the return of large-scale hacktivist attacks, matching the growth in social movements? It is probable that militants from a new genre (striker-hacktivists – "Strhactivists?") could use their talents as a vehicle for a political message. If there is a trade union dispute, why bother getting involved face to face when you can strike the IT system instead? Rather than physically blocking entrances to bus depots, why not lock the gates remotely? And any automated metro lines still in operation can be brought down with a quick visit to the IT network. By applying the same mechanism to certain media publications or places symbolising power, it would also be possible to amplify protestors' voices, and the media impact of their actions.

On another level, other brand-new scenarios could emerge – for example, one linked to the vegan cause, in which a hacktivist succeeds in removing all meat from some ready-made meals. Alternatively, a group of hackers could take control of a major distribution platform to ship consumer goods to those in need, in a "Robin Hood 2.0" spirit.

Just a few potential scenarios and possible futures for the coming year: watch very carefully.

Share on

About the author

mm
Victor Poitevin
Digital Manager, Stormshield

Victor is Stormshield’s Digital Manager. Attached to the Marketing Department, his role is to improve the Group’s online visibility. This involves Stormshield’s entire ecosystem, including websites, social networks and blogs. He will make use of his diverse experience, gained in several major French and international groups and communications agencies, to fulfill the Group’s high digital aspirations.