This Year and Beyond You Need 20/20 Vision

Cofense has a unique view of the cyber-threat landscape. Between our research teams and the Cofense Phishing Defense Center, we analyze millions of emails and malware samples every day—both in the wild and within our customers’ environments. Our insights into phishing threats shape the security solutions that keep our customers safe.

Most of the trending threats we predict for 2020 are delivered by phishing emails that bypass secure email gateways (SEGs). Your teams need perfect vision to identify them and respond. Here are the trends to watch, plus how Cofense protects your organization.

Five Security Trends to Watch

#1. Surgical Ransomware Attacks

Attackers will continue to choose their targets carefully to reap big payouts.
Is ransomware slowing down? In reality, threat actors are simply using it more surgically, targeting the most vulnerable prey—organizations that will pay because the stakes are high. With so many organizations, in particular state and local governments, paralyzed by ransomware we’ve become numb to its impact. What’s more, ransomware attacks are shrouded in secrecy, thanks to cyber-liability policies and law enforcement involvement.

Ransomware is very much alive. Sophisticated actors are using it to shut down networks that power everyday life: hospitals, schools, and governments that provide essential services. In 2019, ransomware payouts swelled. Riviera City, Florida, shelled out a breathtaking $600,000. With profits like this, attackers have no reason to stop what’s working. Expect more surgical attacks in 2020. Organizations with lots to lose but porous cyber-defenses will find themselves on the business end of carefully planned strikes.

Solution: Cofense PhishMe

Educate users to recognize phishing threats, including emails with ransomware. Simulate the attacks your organization actually sees and transform users into human sensors. Learn More.

#2. Healthcare and Genetic Testing Companies Will Be Rich Targets for Monetizing Data

Genetic testing companies will be the healthcare industry’s bullseye.
Rich in data that’s easy to monetize (think Social Security numbers), healthcare will always be a fat target for ransomware and consumer fraud. Looking ahead, it’s not difficult to envision malicious actors using phishing to hack into  genetic testing databases. The prospect is disturbing. The actor would have not only a detailed record of medical history and family heritage, but as the ethics of gene editing evolve—and it’s not far off—a master log of thousands, if not millions, of DNA profiles might be available to exploit.

Solution: Cofense Reporter

Our EZ button for reporting phish. One click on their email toolbar lets users report a potential threat to the SOC for swift analysis. Whether your organization is in healthcare or another sector, empower users to become active network defenders. Learn More.

#3. Elite Attacks on Cryptocurrency

Protecting cryptocurrency will require humans + technology.
The cryptocurrency industry is not widely understood. But knowledgeable attackers are barraging it with some of the most advanced methods we have seen.

Hackers look at their cryptocurrency targets from two angles. The first: if you’re a sole cryptocurrency holder, is your line of defense weak enough for me to hack you, log into your exchange, steal your cryptocurrency, and transfer it out? The second: if you’re defending an entire cryptocurrency exchange, are your employees (and it only takes one) susceptible to clicking on a phishing link? Would it be that simple to hack into your network, dig into cold storage vaults, and pull off a heist?

The latter is far more likely. Too many organizations neglect to train their employees to identify phishing emails. They mistakenly believe that silver bullet technologies will thwart every attack. Reality check: the circle of trust is often so large that their employees are both the first and last line of phishing defense.

Solution: Cofense Triage and Cofense Vision

When users report suspicious emails, Cofense Triage uses automation to filter genuine threats from spam and prioritize investigations. Cofense Vision lets you remove and quarantine all phish from inboxes, with a single click. It’s a smart way to protect valuable assets.

#4. Info-Warfare That Tests Human Intuition

Whether fraud-for-profit or fake news, expect info to be more weaponized than ever.
Information warfare stems from exploding social media platforms and “news” outlets, many of the latter spewing fake stories and conspiracy theories. The public now has to decipher numerous information sources, many offering scant evidence and, ahem, alternative facts.

Evidence is the key to validating any story. At Cofense, we stress the importance of conditioning people to recognize fake from real—phishing emails and other scams that target employees at work and home. Human intuition is one of the most powerful tools in your arsenal. Through practice and muscle memory, it can be honed as a defense against all types of threats, whether a half-baked news item, a conspiracy theory, or a scam designed to bilk your company of its data, funds, or brand reputation.

Solution: Cofense Labs and Cofense Intelligence

When a customer uses a phishing simulation based on a real attack, chances are that scenario was shaped by the work of our research teams. Cofense Labs is our R&D arm, delivering innovation and expertise to address real-world security challenges. Cofense Intelligence keeps customers apprised of current malware and phishing threats. Besides driving incident response, our insights help to sharpen user intuition via security  awareness programs.

#5. SIM-Jacking Aimed at Cryptocurrency and More

These inside jobs are another way to jack consumers, including you.
SIM-jacking is a recent trend that will pick up speed in 2020. It’s easy and highly profitable. It works like this. Instead of wasting time trying to infiltrate the source, SIM hijackers pay someone who works for a telecom company to assign your phone number to another device, then use that number to reset your passwords and steal your cryptocurrency. Or, for that matter, your personal data and your money.

One major U.S. telecom company is now in the throes of a lawsuit, thanks to a handful of employees who helped hackers rob a customer of $1.8 million worth of cryptocurrency. Besides the criminals, who bears the fault? That’s heavily debated, since there are several layers to the attack blurring the lines.