As the adoption of cloud computing and smartphones continues to grow, an increasing number of ways to invade organisations opens, making adequate cyber security more crucial than ever. The once hardened network perimeter is now blurred and vulnerable to cyber attacks. No organisation is immune, as cyber attacks become more sophisticated, elusive, and targeted than ever before. From targeted ransomware and the evolving mobile threat landscape to IoT devices, the enterprise is more at risk than ever.
Every year, Check Point Research releases the Cyber Security Annual Report. Check Point has reviewed some of the major cyber incidents of 2019, as well as making predictions for 2020 and recommending best cyber security practices. You can download the full report here.
A Timeline of 2019’s Major Cyber Events
2019 Cyber Security Trends
Attacks focusing on mobile and cloud platforms evolved in 2019, with a greater number of vulnerabilities exposed and potential exploits released into the wild. Major data breaches occurred in 2019 due to advanced attacks on public cloud services, whilst 27% of all organisations globally were affected by cyber-attacks that involved mobile devices.
As threat actors seek out different and new potential attack entry points, attack strategies have shifted to locate vulnerable service providers and business partners of their primary targets in order to gain access. Attacks focused on trusted service providers and their system privileges grew in 2019 as threat actors sought to compromise targets through any means possible.
Magecart Became An Epidemic
Cloud Environments Were Targeted
As a notably growing industry, cloud service providers became a major target in 2019. With a current revenue of $227 billion, which is expected to rise to $354 billion by 2022, over 90% of the enterprise use some form of cloud service, making it a natural target. A record number of data breaches took place in 2019, with misconfigured cloud environments the main cause of data theft incidents. Cloud infrastructures are also a popular target for cryptomining campaigns.
The Evolving Mobile Threat Landscape
The mobile threat landscape has matured, with 2019 witnessing everything from nation-state cyber operations, through private espionage and intelligence companies to cybercrime organisations, as cyber-attacks and tools adjust to adapt to evolving mobile device technology. Hackers have become more efficient at targeting mobile devices, an increasing number of malware types have been adjusted to focus on mobile devices, and a growing number of vulnerabilities are being exploited.
Adware remains the most common mobile malware, often found in the Google Play Store and App Store, whilst major spyware incidents were reported in 2019, including those which involved the Egyptian government monitoring the activity of dissidents activity, the Chinese spying on Tibetans and attacks that involved European residents.
In a maturing mobile malware arena, threat actors turned to mobile vulnerabilities for initial infection or secondary stage escalation. Major vulnerabilities in both Android and iPhone ecosystems emerged in 2019, such as the revelation of a two-year campaign that exploited 14 iOS vulnerabilities; including zero-day attacks which were used to hack thousands of iPhones.
Ransomware has shifted from the previous mass distribution method in favour of a more tailored, targeted approach, wherein advanced threat actors have found their way into specific organisations to encrypt crucial infrastructure and demand high ransom payments. Different threat actors opt for varying attack methods, ranging from spear-phishing to hacking unsecured and misconfigured RDP servers. Once inside, these threat actors take time to locate high-value assets and backups within the compromised networks. Victims are faced with the prospect of paying ransomware or suffering high recovery costs/loss of data.
Example – US municipalities played victim to numerous attacks in 2019, including the City of Baltimore. The city’s government computers were infected by the ransomware RobbinHood, which demanded just over $75,000 to unencrypt data. Under advice from the FBI, the city chose not to pay the ransomware, a costly action which saw them shell out $18 million in remediation, new hardware, and lost revenue.
2020 Cyber Security Predictions
Attackers are now spending more time gathering intelligence on victims, meaning they can achieve maximum disruption and scaled-up ransoms. The previous stance of refusing to pay for ransoms has now softened, as businesses accept that not paying the ransom may be more costly to their business, employees and customers. Organisations must adopt a strategy of prevention, rather than merely relying on detection or remediation.
The Tokyo 2020 Olympics
High-profile global exposure events are always within a hacker’s line of sight. The 2016 Rio Games were targeted by 500 million attacks, whilst the 2012 London Games saw 250 million cyber-attacks.
Mobile Malware Attacks
Mobile banking malware attacks increased by 50% in the first half of 2019, compared to 2018, and is a trend that is expected to continue to grow. Mobile banking malware can steal payment data, credentials, and funds from victims’ bank accounts. Like many cyber-attacks, phishing will become more sophisticated and effective, enticing mobile users into clicking on malicious web links. Mobile banking malware requires little technical knowledge to develop and operate, making them extremely popular.
Increasing IoT devices Means Increasing Risks
With the rollout and adoption of 5G networks, the use of connected IoT (Internet of Things) devices will dramatically accelerate. Whilst IoT devices will enable users, their presence will increase network vulnerability to large-scale, multi-vector Gen V cyber-attacks. This is because IoT devices and their connections to networks and clouds are a weak link in security, with more attacks expected to make use of them as a point of entry in 2020. IoT devices are notoriously vulnerable and easy to hack, often coming with out-of-the-box security flaws such as weak or hardcoded (plain-text) passwords, operating system misconfigurations and CVE’s (known vulnerabilities), all of which enlarge the attack surface for bad actors.
A more holistic approach to IoT security is required, with traditional and new controls combined to protect these networks across industry and business sectors. Micro-plugins will be used that can work with any device or operating system in any environment, controlling all data that flows to and from the device; giving always-on security
AI accelerates security responses…but also enables cybercriminals
AI will speed up the identification of new threats and responses to them, helping to block attacks before they can spread widely. However, cybercriminals are also beginning to take advantage of the same techniques to assist them in probing networks, find vulnerabilities, and develop ever more evasive malware
A shift in approach to the cloud
Many businesses rely on public cloud infrastructure for ease, but this reliance increases the risk of enterprises being exposed to cloud outages. Organisations will closely examine their existing data centre and cloud deployments, with many opting for hybrid environments of both private and public clouds.
Prevention over detection
With appropriate technology in place, the majority of basic and advanced attacks can be blocked and prevented before they pose a threat, without disrupting business. In order to prevent zero-day attacks organisations should choose insightful, real-time threat intelligence services which cover all attack services, including cloud, mobile, network, endpoint, and IoT – cyber security which enables the enterprise. A secure business needs comprehensive intelligence that proactively monitors and stops threats, management of security services to monitor corporate networks and incident response to efficiently respond to and resolve attacks.
How can we help?
Mobliciti provides businesses with cutting-edge threat intelligence, protecting precious corporate resources and preventing cyber-attacks. To learn more about how you can protect your organisation for the evolving cyber threat landscape, get in touch.