Infosec 2020: RiskIQ Looks Ahead to a New Decade of Cybersecurity

External Threat Management

Infosec 2020: RiskIQ Looks Ahead to a New Decade of Cybersecurity

December 16, 2019

By Team RiskIQ

2020 will see organizations continue to shift digital interactions closer to customers and launch innovative methods for marketing, advertising, and selling their products online. While this will continue to bring great rewards for businesses, it will also increase risk over the coming year.

Cybercriminals always move to where the money is, whether it's mass cloud migrations, booming e-commerce, or a hot cryptocurrency market. The cybersecurity industry must respond to this development by working closely with businesses to develop new ways to keep the data of both organizations and consumers secure.

As the cybersecurity industry heads into a new year and a new decade, many of the threats we'll see will be an acceleration of the developments of previous years. Welcome to Infosec 2020, RiskIQ's predictions for the year ahead and beyond.

CISOs who can't attribute threats won't survive.

Security is now a business input, and CEOs want to know how their organization's security posture affects the business as a whole. With breaches and other security incidents causing multi-million dollar losses, the c-suite is asking their security teams for context around incidents. CISOs must invest in the talent and technology to answer questions like, How did we get targeted? Why are we an attractive target, and by whom? What other organizations did these attackers hit, and what about our business made us a target? What can we do to respond?

In 2020, simply saying you're preventing threats won't be enough. Investigations that reveal the cause and nature of attacks—and the actors behind them— will be critical. CISOs who can't provide this key context won't survive.

- Lou Manousos, CEO

Threats will outpace the security of smaller organizations.

Business Email Compromises and ransomware will continue to plague smaller organizations who have transitioned online but have limited resources for security. These organizations often lack visibility into their digital presence and are all too susceptible to these types of potentially ruinous attacks. For big and small organizations alike, keeping track of your attack surface and training employees on best practices for cybersecurity will be critical.

- Brandon Dixon, VP of Strategy

Magecart will be another tool in the belt of seasoned threat actors.

Already, we're seeing skilled and experienced threat actors who have made a living in other areas of the threat landscape, such as phishing, incorporate web-skimming into their attacks. For example, by phishing for the payment credentials in the form of a payment processor phishing page then sending victims back to the real checkout page to continue the e-commerce flow, nothing is interrupted.

It doesn't matter how online transactions are structured nowadays, attackers can and will capture full packages of individuals' identifying and financial information. We've already seen this happen in our 'Fullz House' research, and expect activity like it to continue into 2020.

- Yonathan Klijnsma, Head Threat Researcher

Magecart will evolve unabated.

Magecart has been threatening the ability of consumers worldwide to shop safely online for years by stealthily intercepting their credit card data via their browsers. In 2020, its credit card skimming tactics will continue to evolve and remain a headline issue worldwide.

Unless businesses radically change their management of third-party web services embedded in their web applications, they will continue to be massive targets. Keep an eye out for lateral moves by Magecart actors from card skimming to general form-skimming as this would be a natural step for Magecart threat actors to make. While payment data is currently in focus, because web skimming can skim any information entered into a website, Magecart groups will expand to skimming more than just credit card data to login credentials and other sensitive information.

- Terry Bishop, Technical Director, EMEA

There will be an uptick in cryptojacking.

2019 saw a decline in cryptojacking—secretly using someone's computing power to carry out the cryptomining task. This decline was not surprising because the price of cryptocurrency has also decreased following its zeitgeist moment in 2018. However, recently, cryptocurrency prices have been creeping up. They will likely move past the breakeven point for currency miners, i.e., the point where it is once again profitable to run cryptojacking campaigns.

With successful miners able to go undetected for months, this is an issue that is likely to linger throughout the year, making it essential for organizations to monitor for these threats actively.

- Fabian Libeau, SVP, EMEA

Browser attacks will surge.

Many organizations have almost no visibility into their web-facing assets and the way their users interact with them. Because of this, browser-based threats will become the go-to method for threat actors to target organizations, their employees, and, perhaps most publicly, their customers.

Browser-based attacks such as Web skimming, Cryptocurrency Miners, Fingerprinters, and Waterholing are responsible for some of the most high-profile breaches in recent history, such as the hack of British Airways. Our researchers now encounter these attacks daily, and they'll only be ramping up in intensity into 2020, becoming a leading attack pattern for breaches in the Retail, Professional Services, Finance, and Manufacturing industries. Cybersecurity executives will need to be confident in their defensive postures outside the firewall, especially regarding their companies' own and third-party JavaScript in critical assets.

– Dan Schoenbaum, President, and COO

A new goal will arise for hackers: conquest.

Once upon a time, cybercriminals were predictable. Young and hoodie-clad, they had high hopes of getting famous in the digital underworld. But over the years, cyber attackers' goal of infecting evolved to stealing. Now, as we approach 2020, the objective will change once again. Welcome to the age of conquest and information control.

We already see cybercriminals setting up basecamp in our networks for months before we see them, as well as highly organized and well-funded syndicates seizing control of computer resources the world over. Most cybersecurity folks are aware of the botnet craze and other forms of conquest like ransomware, cryptomining, and integrity change. But 2020 will also give rise to integrity exploits, i.e., fraudulently manipulating information to harm human interpreters by changing the inputs of decision-making. For example, if I change the manifest on your Shanghai-bound barge it's rerouted Anchorage, millions can be lost.

- Josh Mayfield, Head of Global Product Marketing

Adversarial machine learning is coming, but not yet.

Eventually, threat actors will increase their adoption of adversarial machine learning to evade detection by security vendors' machine learning models forcing the good guys' models to evolve quickly to keep up. However, 2020 will not be the year this happens. Less sophisticated, large-scale attacks will still be the tactic of choice for threat actors. These attacks are built to overwhelm security teams and vendors, not necessarily outsmart them.

But that's not to say machine learning and automation will not play a huge role in security in 2020. With the sheer volume of these attacks, defending against them will not be a job for humans. Machine learning and automation will be the only way to scale defenses to meet this challenge.

- Adam Hunt, CTO

Businesses will move fast—a little too fast.

With business happening at warp speed, organizations will rush even more to adopt dev-ops practices. They'll have good intentions but will make mistakes that will, in many cases, cause their efforts to be more harmful than good. These mistakes will result in data leaks or unintended publishing of company data to the public cloud, as well as easily exploitable security flaws from misconfigurations, unknown assets, and vulnerable third-party components.

- Brandon Dixon, VP of Strategy

Safe cloud migration will be the top priority for IT leaders.

Cloud migration is top-of-mind for IT departments, and the movement of organizations transitioning to the cloud will only intensify in 2020. However, as CIOs and their teams move their digital presence outside their organization, they must be able to manage risk and combat threats. It will be vital for businesses to understand their full attack surface—across the internet and the cloud— and measure the risk of threats and exposures as they grow their digital presence beyond their firewall.

- Lou Manousos, CEO

Featured Posts

External Threat Management | Labs

Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

RiskIQ's Team Atlas has uncovered still more infrastructure actively serving WellMess/WellMail. The timing here is notable. Only one month ago, the American and Russian he...

Joining Microsoft is the Next Stage of the RiskIQ Journey

Today Microsoft announced its intent to acquire RiskIQ, representing the next stage of our journey that's been more than a decade in the making. We couldn't be more ...

Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appea...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event