By Aaron Higbee, CTO, Cofense
The threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. Which ones should you watch most closely as 2020 unfolds? Based on insights collected from our Cofense research teams, here are five trends we see dominating next year.
Ransomware will continue becoming more targeted to reap more sizeable payouts.
Many people are under the impression that ransomware is slowing down, but in reality it’s simply being used in a more targeted fashion. So many private and public organizations, as well as government entities, have been infiltrated by ransomware that we’ve become desensitized to its devastating effects.
Ransomware is very much alive, and more sophisticated actors are using it every day as a gateway into an organization’s network, once they identify crown jewels left vulnerable. One of the reasons why we’re not hearing as much about ransomware in the media is that attacks are increasingly difficult to cover. Due to cyber liability insurance policies and law enforcement involvement creating so much red tape, the real information is shrouded in secrecy and not making it into the public domain. Threat actors will continue to refine their targeting in 2020 in order to maximize their profits with organizations that don’t have an advanced security posture but do have a lot to lose.
Healthcare and genetic testing organizations will be a rich target for monetizing data.
Healthcare organizations will always be one of the richest targets for ransomware and consumer fraud, as they provide easy access to valuable information, such as social security numbers, that can be monetized quickly. But as we look to the future, the prospect of malicious actors hacking into a database of a genetic testing company is especially disturbing. Not only would a threat actor have a detailed record of medical history and family heritage, but if the ethics of gene editing evolve further—and it’s not far off—a master log of thousands, if not millions, of peoples’ DNA is potentially available for attackers to exploit.
Cryptocurrency will find itself in the crosshairs.
The cryptocurrency industry is not widely understood, but it is on the receiving end of some of the most advanced attack methods we’ve seen to-date. Whether it’s a high-profile crypto holder or an entire cryptocurrency exchange, we’ve seen first-hand at Cofense how this realm of cyberspace is impacted by elite phishing tactics. Ultimately, the hackers look at their targets from two angles.
The first, if you’re a sole cryptocurrency holder: is your line of defense weak enough for me to hack you, log into your exchange, steal your cryptocurrency, and transfer it out? The second: is one of your employees, and it only takes one, susceptible to clicking on a phishing link so I can hack into your entire network and dig deep enough to access the cold storage vaults and pull off a heist?
The latter is far more likely, as organizations often neglect to train their employees to identify malicious emails. They mistakenly believe that more expensive, “we-promise-to-stop-it-all” technologies will thwart every attack. The reality is that the circle of trust at some organizations is so large that their employees are really the first and last line of defense against an attack.
SIM-jacking will be used to jack cryptocrurrency.
SIM-jacking is a trend that has recently emerged and will pick up speed in 2020, due to its success and the ease of implementation. Instead of wasting time trying to infiltrate the source, SIM hijackers will go to someone who works for a telecom company and pay them off to assign your phone number to another device and then use that phone number to reset your passwords and steal your cryptocurrency. In fact, one major U.S. telecom company is currently in the throes of a lawsuit following a handful of employees who helped hackers rob a customer of $1.8 million worth of cryptocurrency. It is heavily debated who exactly is at fault for SIM-jacking attacks, and while cybercriminals are obviously at fault, there are several layers to the attack that blur the lines.
Information warfare will put human intuition to the test.
In an era of fake news, information warfare is a very real consequence of social media platforms and an influx of news outlets. The public has to rely on, and decipher between, numerous news sources that offer little evidence, and much to the imagination, when it comes to the root cause of most stories.
Evidence is the key to validating any story. At Cofense, we stress the importance of conditioning people to recognize fake from real—phishing emails and other scams that target employees at work and home.
Human intuition is one of the most powerful tools in your arsenal, and it’s vital to hone it as a natural defense mechanism to combat against all types of threats, whether it’s fake news, a conspiracy theory, or a scam designed to bilk your company of its data, funds, or brand reputation.
To stay on top of phishing and malware threats in 2020, be sure to check this blog. We’ll continue to share our teams’ findings, both what we see in the wild and what evades the email gateway.
HOW COFENSE CAN HELP
100% of malware-bearing phishing threats analyzed by the Cofense Phishing Defense Center were reported by end users. 0% were stopped by technology. Condition users to be resilient to evolving phishing attacks with Cofense PhishMe and remove the blind spot with Cofense Reporter.
Easily consume phishing-specific threat intelligence to proactively defend your organization against evolving threats with Cofense Intelligence.
Thanks to our unique perspective, no one knows more about REAL phishing threats than Cofense. To understand them better, read the 2019 Phishing Threat & Malware Review.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.