On-Going Trade Wars Will See State-Sponsored Cyber-Attacks Gaining Momentum While New and Emerging Technology Across 5G, IoT, Drones and Autonomous Systems Will Expose Government and Businesses to New Threats and Risks
CYFIRMA, a predictive cyber-threat visibility and intelligence analytics platform company backed by Goldman Sachs and Zodius Capital, announced its Cyber-threat Predictions for 2020.
The company’s proprietary Artificial Intelligence (AI) and Machine Learning (ML) technology analyzed global threat indicators and revealed the trade wars will fuel cyber-attacks on rivals, with more nations adopting cyber-warfare capabilities and starved nations continuing to use cyber-attacks as the new engine to grow their economy. The company also predict new technologies such as 5G, Internet of Things (IoT), Autonomous Critical Infrastructure, Artificial Intelligence (AI), Industry 4.0, Cryptocurrency, Cloud, Virtual Reality, Augmented Reality and Drones will subject government and businesses to further cyber risks. CYFIRMA’s research indicates hackers’ interests are growing towards traditional and non-traditional industries such as research institutions, chemical, shipping, logistics, product and technology companies.
“2019 was a watershed year for cyber-security. CYFIRMA’s Threat Intelligence saw an unprecedented onslaught of cyber-attacks led by state-sponsored hackers performing corporate espionage in support of their government’s agenda to gain geopolitical supremacy and support local companies in competing with rivals from other nations. Hackers have gained momentum in finding new avenues to attack industries and nations as IT systems remained vulnerable with software programs and applications that are outdated, poorly configured and laden with weaknesses. Government and businesses must adopt a much more proactive approach in preventing reputational damage, ensuring business continuity and protecting national interests, and this can only be accomplished when real-time insights and actionable intelligence work hand in hand with other cyber-security measures,” said Kumar Ritesh, CYFIRMA’S Chairman and CEO.
Based on CYFIRMA’s research and data analyzed from multitude of sources worldwide, the following are the threat and risk predictions for 2020:
1. Trade wars will bring new impetus to cybercrime: Recent confrontations between US-China and Japan-South Korea will create a geopolitical supremacy race and fuel cyber-warfare. Strategies such as new tax regime and injunctions prohibiting companies from competing nations will only increase involvement of state-sponsored cybercriminals to further their own industries and political agendas. During the Huawei and US government conflict, Huawei blamed the US government for launching systematic attacks to infiltrate its networks and possibly harass its employees. A precursor to this was the US government’s banning of Huawei’s products due to security related issues.
Recently in November 2019, to gain an unfair edge in the ongoing trade war, suspected Chinese hackers breached into the National Association of Manufacturers (NAM) IT systems, a US manufacturing group with deep ties with the US government.
2. Conflicts amongst nations will fuel cybercrime: Geopolitical supremacy, war hysteria and historical differences will spur state-sponsored hackers to accelerate their cyber-attack campaigns. Social hacktivists, political parties and large corporations will be drawn to cybercrime as a mean to achieving business and political objectives, thus fueling the expansion of paid hackers’ economy.
Japan and South Korea’s relationship deteriorated rapidly early this year over wartime issues and bilateral trade differences. The acrimony has spilled into cyber and defense arenas with South Korea terminating its bilateral military intelligence pact with Japan in August, and Japan retaliated by relegating South Korea to a diminished position.
3. Hackers will recycle and reuse existing attack vectors for new cyber-attacks: Entry of new nations such as Vietnam, Iran, Brazil and Spain to cyberwarfare will create new complexities for cyber defenders. Based on CYFIRMA’s research, hacking groups from these nations are employing low-cost modus operandi by reusing old vulnerabilities and existing malwares to make quick gains in furthering their state-sponsored agenda.
CYFIRMA’s intelligence observed a suspected Vietnamese state-sponsored group, OceanLotus, exploiting old vulnerabilities and using existing malwares to attack opinion leaders, influencers, banks, media houses, real estate agencies and foreign enterprises across several countries including China, Laos, Thailand and Cambodia.
4. Hacking as a business: Nations starved of financial resources will continue to weaponize cyberattacks as their new business model to propel their economy. In addition to direct financial gains, the focus will also extend to providing hacking-as-a-service to other nations and corporates. Lazarus Group, suspected to be affiliated with the North Korean government, attacks for financial and political gains. Such hacking groups can be hired by other nations and organizations to launch large scale cyber-attacks.
In the ongoing Japan-South Korea spat, CYFIRMA observed ‘hacker-for-rent’ profiles from North Korea and Russia being employed to launch cyber-attacks against Japanese companies, especially those in the semiconductor, education, press & media, technology, tourism, cosmetic, and food & beverages industries.
5. Expansion of cyber sleeper cells: There is a race amongst state-sponsored hackers to create a bigger footprint of implants by hacking into other nation’s systems, intended at creating launching pads for future cyber-attacks. Developed and developing nations are continuously hunting and expanding their cyber assets to be used as ammunition for next generation all-out cyberwarfare and global conflicts.
6. Cyber-criminals engineering public opinion: Cyber-criminals are actively involved in changing the social and economic configuration of society by influencing public opinion, including tampering with state elections. CYFIRMA threat intelligence revealed escalating interests of hackers towards other national apparatus such as social stratification, government policies, rating-ranking agencies and other decision-making bodies.
7. Global sporting events attract hacker’s interests: International sporting events such as Tokyo 2020 Olympic games will notice a change in attack vectors with hackers increased interest in sporting companies, games sponsors, organizing committee and critical infrastructure agencies from the host nation.
8. Malware attacks will be increasingly complex: Launching malware attacks for sensitive data exfiltration will continue to be an area of focus for hackers. Multi-homed malware attacks with ability to change its behavior based on environment, systems, applications and instructions will challenge organizations. New variant of ransomware will not only encrypt and demand for ransom but could also reincarnate itself as data exfiltration malware. Self-generating and self-destroying worms will be heavily deployed by cyber criminals. These are some of the key challenges that will keep cyber-defenders on their toes.
9. Cyber-criminals are about to have a quantum leap: Quantum computing is receiving increased interest in the hacking community. The technology will accelerate the compromise of cybersecurity schema such as public key infrastructure, complex cryptography, encryption and integrity algorithms in a matter of seconds. The rise of state-sponsored actors could mean malevolent nations facilitating easy access to quantum computing resources to arm cyber-criminals.
10. Emerging and Elastic Attack Surface: Hackers will continue to advance their attack vectors using emerging technologies such as 5G, Internet of Things (IoT), Autonomous Critical Infrastructure, Artificial Intelligence, Industry 4.0, Cryptocurrency, Cloud, Virtual Reality (VR), Augmented Reality (AR) and Drones.
The following illustrates the increased vulnerabilities brought upon by the emerging technologies:
– Adoption of 5G will not only increase the speed of connectivity and value-added services for consumers, but will also exponentially increase the speed, impact and exposure of cyber-attacks;
– Taking the trend forward from 2019, hackers will start to target IoT Command Centers and protocols in addition to IoT devices and sensors;
– CYFIRMA’s intelligence research indicated a technological supremacy tussle among hacking groups. Use of automated systems especially during reconnaissance phase of cyberattack to collect vulnerable targets is the new trend;
– Increased usage of machine learning and AI technologies by hackers has resulted in attempts at creating self-generating malware and exploits;
– Autonomous critical infrastructure, digitalization of ecosystems and NextGen industrial controls will constitute a growing attack surface that cyber attackers could leverage to inflict significant damage;
– Industry 4.0 coupled with predictive supply chain, digitization and interconnected entities will provide radical new opportunities for cybercriminals as risks posed by cyber-threats will become extensive and expensive to manage;
– New attack vectors like identity theft, fraudulent transactions, asset theft, impersonation, injection of malicious code, bypassing the onboarding and off-boarding of accounts and fictitious applications will be used by cyber-criminals to attack financial institutions, cryptocurrency exchanges, trading platforms and retail organizations;
– Cloud containers will be targeted by hackers to potentially access client’s data and IT assets. Cloud computing has created many blind spots for companies and continues to pave the way to multiple intentional and unintentional data leaks;
– Cyber-criminals could attempt to exploit potential vulnerabilities in the VR/AR systems resulting in Illegal recording, theft of user data, interjection of information, hijacking and taking control remotely, sabotaging and using fake VR applications to exfiltrate identity and behavioral data; and
– Proliferation of drones in personal lives, business spectrum and defense establishments has created a new attack vector which cyber criminals can exploit to obtain private data and much more.
Cybersecurity hygiene is everybody’s responsibility including individuals, companies, institutions and governments. With the changing threat landscape and hackers finding new ways to target, organizations need to adopt a new and proactive approach to cybersecurity. CYFIRMA recommends the following:
- Cyber threat intelligence should become the center of cyber posture management and risk management;
- Multi-layered intelligence-based approach covering Strategic (WHO and WHY), Management (WHAT and WHEN) and Operational (HOW) intelligence should be incorporated;
- Holistic consumption and integration of cyber threat intelligence into other verticals of cyber posture management is essential; and
- Deeper insights into global and local cyber events should drive real-time situation awareness.