JTNDZGl2JTIwY2xhc3MlM0QlMjJwaGlzaC1jdGElMjIlMjBzdHlsZSUzRCUyMiUwQSUyMCUyMCUyMCUyMGRpc3BsYXklM0ElMjBibG9jayUzQiUwQSUyMiUzRSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUzQ2RpdiUyMGNsYXNzJTNEJTIycGhpc2gtY3RhX190ZXh0LS1jb250YWluZXIlMjIlMjBzdHlsZSUzRCUyMiUwQSUyMCUyMCUyMCUyMGRpc3BsYXklM0ElMjBibG9jayUyMCUyMWltcG9ydGFudCUzQiUwQSUyMCUyMCUyMCUyMHdpZHRoJTNBJTIwMTAwJTI1JTNCJTBBJTIwJTIwJTIwJTIwdGV4dC1hbGlnbiUzQSUyMGNlbnRlciUzQiUwQSUyMCUyMCUyMCUyMHBhZGRpbmclM0ElMjAwcHglMjA2NXB4JTNCJTBBJTIyJTNFJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTNDaDIlM0U1JTIwUGhpc2hpbmclMjBQcmVkaWN0aW9ucyUyQyUyMDElMjBQYW5kZW1pYyUzQSUyMFdoYXQlMjBSZWFsbHklMjBIYXBwZW5lZCUzRiUzQyUyRmgyJTNFJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTNDcCUzRUpvaW4lMjBBYXJvbiUyMEhpZ2JlZSUyMCUyNmFtcCUzQiUyMFRvbmlhJTIwRHVkbGV5JTIwYXMlMjB0aGV5JTIwZXhwbG9yZSUyMGhvdyUyMG91ciUyMDUlMjBwcmVkaWN0aW9ucyUyMGZvciUyMDIwMjAlMjBhY3R1YWxseSUyMG1lYXN1cmVkJTIwdXAlMjBhbmQlMjB3aGF0JTIweW91JTIwbmVlZCUyMHRvJTIwZG8lMjB0byUyMGRlZmVuZCUyMGFnYWluc3QlMjBuZXclMjBhbmQlMjBlbWVyZ2luZyUyMHBoaXNoaW5nJTIwdGhyZWF0cy4lM0MlMkZwJTNFJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTNDJTJGZGl2JTNFJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTNDZGl2JTIwY2xhc3MlM0QlMjJwaGlzaC1jdGFfX2ltYWdlLS1jb250YWluZXIlMjIlM0UlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlM0NhJTIwaHJlZiUzRCUyMmh0dHBzJTNBJTJGJTJGZXZlbnQub24yNC5jb20lMkZ3Y2MlMkZyJTJGMjc3NTQ3MCUyRkYxODg4RjhENkRERTNCQzU5MjcyNTJEREM4OUEzQUVDJTNGUGFydG5lclJlZiUzREJMT0clMjIlMjBzdHlsZSUzRCUyMiUwQSUyMCUyMCUyMCUyMGJhY2tncm91bmQtY29sb3IlM0ElMjB0cmFuc3BhcmVudCUzQiUwQSUyMCUyMCUyMCUyMHBhZGRpbmclM0ElMjAwcHglM0IlMEElMjAlMjAlMjAlMjBtYXgtd2lkdGglM0ElMjA4NTBweCUzQiUwQSUyMiUyMHRhcmdldCUzRCUyMl9ibGFuayUyMiUyMHJlbCUzRCUyMm5vb3BlbmVyJTIyJTNFJTNDaW1nJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZjb2ZlbnNlc3RhZ2luZy53cGVuZ2luZS5jb20lMkZ3cC1jb250ZW50JTJGdXBsb2FkcyUyRjIwMjAlMkYxMiUyRldlYmluYXJfQmFubmVyQi5wbmclMjIlMjBzdHlsZSUzRCUyMiUwQSUyMCUyMCUyMCUyMHdpZHRoJTNBJTIwNTAwcHglM0IlMEElMjAlMjAlMjAlMjAlMjIlM0UlM0MlMkZhJTNFJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTNDJTJGZGl2JTNFJTBBJTIwJTIwJTIwJTIwJTNDJTJGZGl2JTNFBy Aaron Higbee, CTO, Cofense
The threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. Which ones should you watch most closely as 2020 unfolds? Based on insights collected from our Cofense research teams, here are five trends we see dominating next year.
Ransomware will continue becoming more targeted to reap more sizeable payouts.
Many people are under the impression that ransomware is slowing down, but in reality it’s simply being used in a more targeted fashion. So many private and public organizations, as well as government entities, have been infiltrated by ransomware that we’ve become desensitized to its devastating effects.
Ransomware is very much alive, and more sophisticated actors are using it every day as a gateway into an organization’s network, once they identify crown jewels left vulnerable. One of the reasons why we’re not hearing as much about ransomware in the media is that attacks are increasingly difficult to cover. Due to cyber liability insurance policies and law enforcement involvement creating so much red tape, the real information is shrouded in secrecy and not making it into the public domain. Threat actors will continue to refine their targeting in 2020 in order to maximize their profits with organizations that don’t have an advanced security posture but do have a lot to lose.
Healthcare and genetic testing organizations will be a rich target for monetizing data.
Healthcare organizations will always be one of the richest targets for ransomware and consumer fraud, as they provide easy access to valuable information, such as social security numbers, that can be monetized quickly. But as we look to the future, the prospect of malicious actors hacking into a database of a genetic testing company is especially disturbing. Not only would a threat actor have a detailed record of medical history and family heritage, but if the ethics of gene editing evolve further—and it’s not far off—a master log of thousands, if not millions, of peoples’ DNA is potentially available for attackers to exploit.
Cryptocurrency will find itself in the crosshairs.
The cryptocurrency industry is not widely understood, but it is on the receiving end of some of the most advanced attack methods we’ve seen to-date. Whether it’s a high-profile crypto holder or an entire cryptocurrency exchange, we’ve seen first-hand at Cofense how this realm of cyberspace is impacted by elite phishing tactics. Ultimately, the hackers look at their targets from two angles.
The first, if you’re a sole cryptocurrency holder: is your line of defense weak enough for me to hack you, log into your exchange, steal your cryptocurrency, and transfer it out? The second: is one of your employees, and it only takes one, susceptible to clicking on a phishing link so I can hack into your entire network and dig deep enough to access the cold storage vaults and pull off a heist?
The latter is far more likely, as organizations often neglect to train their employees to identify malicious emails. They mistakenly believe that more expensive, “we-promise-to-stop-it-all” technologies will thwart every attack. The reality is that the circle of trust at some organizations is so large that their employees are really the first and last line of defense against an attack.
SIM-jacking will be used to jack cryptocrurrency.
SIM-jacking is a trend that has recently emerged and will pick up speed in 2020, due to its success and the ease of implementation. Instead of wasting time trying to infiltrate the source, SIM hijackers will go to someone who works for a telecom company and pay them off to assign your phone number to another device and then use that phone number to reset your passwords and steal your cryptocurrency. In fact, one major U.S. telecom company is currently in the throes of a lawsuit following a handful of employees who helped hackers rob a customer of $1.8 million worth of cryptocurrency. It is heavily debated who exactly is at fault for SIM-jacking attacks, and while cybercriminals are obviously at fault, there are several layers to the attack that blur the lines.
Information warfare will put human intuition to the test.
In an era of fake news, information warfare is a very real consequence of social media platforms and an influx of news outlets. The public has to rely on, and decipher between, numerous news sources that offer little evidence, and much to the imagination, when it comes to the root cause of most stories.
Evidence is the key to validating any story. At Cofense, we stress the importance of conditioning people to recognize fake from real—phishing emails and other scams that target employees at work and home.
Human intuition is one of the most powerful tools in your arsenal, and it’s vital to hone it as a natural defense mechanism to combat against all types of threats, whether it’s fake news, a conspiracy theory, or a scam designed to bilk your company of its data, funds, or brand reputation.
To stay on top of phishing and malware threats in 2020, be sure to check this blog. We’ll continue to share our teams’ findings, both what we see in the wild and what evades the email gateway.
HOW COFENSE CAN HELP
100% of malware-bearing phishing threats analyzed by the Cofense Phishing Defense Center were reported by end users. 0% were stopped by technology. Condition users to be resilient to evolving phishing attacks with Cofense PhishMe and remove the blind spot with Cofense Reporter.
Quickly turn user reported emails into actionable intelligence with Cofense Triage. Reduce exposure time by rapidly quarantining threats with Cofense Vision.
Easily consume phishing-specific threat intelligence to proactively defend your organization against evolving threats with Cofense Intelligence.
Thanks to our unique perspective, no one knows more about REAL phishing threats than Cofense. To understand them better, read the 2019 Phishing Threat & Malware Review.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.
- Stop Threats
Defend your organization with a complete email security solution designed to identify, protect, detect & respond to threats.
Condition your workforce against today’s latest threats and transform them into your front line of defense.
Protect your organization with our deep analysis into the current threat landscape and emerging trends.
See why the Cofense Intelligent Email Security suite stands out against the competition
Business Email Compromise (BEC)
BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud. Ensure your business is protected.
Phishing is the #1 attack vector for ransomware attacks. Stop phishing attacks in their tracks.
Protect your user’s credentials and avoid a widespread, malicious attack.
- Solutions
Email Security for the Enterprise
Complete threat protection, detection and response tailored for enterprise businesses.
Email Security for the Mid Market
Security awareness training + email security protection purpose-built for your mid-market organizations.
Email Security for Managed Service Providers (MSPs)
Best-in-Class Phishing Protection and Simulations designed for MSPs, from the ground up.
Managed Email Security Solutions
Protect your organization from attacks with managed services from the Cofense Phishing Defense Center™.
Automatically identify and quarantine email threats across your organization in minutes.
Analyze & Remediate Reported Threats
Accelerate threat detection and response, empowering fast resolution.
Actionable Insight into Emerging Threats
Protect your organization with our deep analysis into the current threat landscape and emerging trends.
Condition your workforce against today’s latest threats and transform them into your front line of defense.
Security Awareness Training + Threat Protection
Growing companies can get protection, realistic simulations and security awareness training all in one platform.
Easily Report Suspected Threats
Report suspicious threats with just one click.
Train employees through an with award-winning Learning Management System.
- Clients
Businesses from all industries rely on Cofense to safeguard their teams.
Global organizations trust Cofense to protect their most critical assets.
- Resources
Check out our resource library of solution content, whitepapers, videos and more.
Come see us at a local event or join us at an upcoming webinar.
Stay current on cybersecurity trends, market insights and Cofense news.
See the real threats that are currently evading your Secure Email Gateway (SEG).
- About
Cofense stops email security threats and protects your company through our network of 35+ Million human reporters.
See the latest articles, press releases and more in our news center.
It’s an honor to be recognized in the cybersecurity market. Check out our recent awards.
Grow your business, drive new revenue streams, and improve your competitive posture through our Partner Program.
We’re looking for passionate people to join us in our mission to stop all email security threats for organizations around the globe.
Get to know our management team.