Kaspersky researchers have shared their predictions on Advanced Persistent Threats (APTs) in 2020, pointing out some of the ways the landscape of targeted attacks could change in the coming months.
The overall trend shows that threats will grow in sophistication and become more targeted, diversifying under the influence of external factors, such as the development and propagation of machine learning, technologies for deepfake development, and tensions around trade routes between Asia and Europe.
The predictions were developed based on changes that the Global Research and Analysis Team witnessed over 2019, and are an effort to help the cybersecurity community prepare for the challenges that lie ahead in the coming year.
Other targeted threat predictions for 2020 include false flag attacks reach a whole new level. These attacks will develop further, with threat actors seeking not only to avoid attribution but also to actively lay the blame on someone else. Commodity malware, scripts, publicly available security tools and administrator software, mixed with a couple of false flags, where security researchers are hungry for any small clue, might be enough to divert suspected authorship to someone else.
Attackers will focus more on organizations that are likely to make substantial payments in order to recover their data. A potential twist might be that, instead of making files unrecoverable, threat actors will threaten to publish data that they have stolen from the victim company. As banks will be required to open their infrastructure and data to third parties who wish to provide services to bank customers, it is likely that attackers will seek to abuse these new mechanisms with new fraudulent schemes.
Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. VPNFilter and Slingshot, for example, targeted networking hardware. New attacks could hit regions including Turkey, East and South Europe and East Africa. Possible scenarios include a growth in political espionage as governments seek to secure their interests at home and abroad. They could extend also to technological espionage in situations of economic crisis and instability.
With new interception capabilities and data exfiltration methods, use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries.
There are no good reasons to think this will stop any time soon. However, due to the increased attention given to this subject by the security community, the number of attacks being identified and analyzed in detail will also increase.
Personal information abuse grows, armed with AI. It is very similar to some of the techniques used for driving election advertisements through social media. This technology is already in use and it is just a matter of time before some attackers take advantage of it.
“The future holds so many possibilities that there are likely to be things that are not included in our predictions. The extent and complexity of the environments in which attacks play out offer so many possibilities,” said said Vicente Diaz, security researcher at Kaspersky. “In addition, no single threat research team has complete visibility of the operations of APT threat actors. We will continue to try and anticipate the activities of APT groups and understand the methods they employ, while providing insights into their campaigns and the impact they have.”
No comments:
Post a Comment