Cloud-enabled next-generation cybersecurity company Sophos released its 2020 Threat Report providing insights into the rapidly evolving cyberthreat landscape. The report, produced by SophosLabs researchers, explores changes in the threat landscape over the past 12 months, uncovering trends likely to impact cybersecurity in 2020.
Evolution of ransomware
The researchers also analyzed ransomware evolution from 1989 to 2019. The first ransomware-targeted IT service providers In 2019 were GandCab, REvil, while in 2018 large-scale attacks were deployed on providers such as SamSam, Ryuk, Dharma.
7 types of cyber attacks
The SophosLabs 2020 Threat Report focuses on several areas where researchers noted particular developments during this past year.
John Shier, senior security advisor, Sopho said:
The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report we look at how current trends might impact the world over the coming year. We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps and inside networks. The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare.
Ransomware attacks are at the top
Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls, and disable backups in order to cause a maximum impact in the shortest possible time.
Unwanted apps are edging closer to malware
In a year that brought the subscription-abusing Android Fleeceware apps, and ever more stealthy and aggressive adware, the Threat Report highlights how these and other potentially unwanted apps (PUA), like browser plug-ins, are becoming vectors for delivering and executing malware and fileless attacks.
Misconfiguration leaves the door open
The greatest vulnerability of cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready-made target for cyberattackers.
Machine learning is under attack
2019 was the year when the potential of attacks against machine learning security systems were highlighted. Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering. At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future.
RDP vulnerabilities are still favorite
The danger of failing to spot cybercriminal reconnaissance hidden in the wider noise of internet scanning, the continuing attack surface of the Remote Desktop Protocol (RDP), and the further advancement of automated active attacks (AAA) are also covered in the 2020 Threat Report.
Mobile adware are stealing personal data
Although mobile advertising is a common income channel for developers and companies, the researchers discovered a number of Android applications contain malicious code. That way the application can begin stealing the personal data of the user. After that, the data can be sold in the black market. Some developers enforce the users to click advertising content in order to convince advertisers that the app users are interested in the advertisement itself.
Cloud can be a security problem
Cloud computing is very flexible. For that reason, with very little effort, it is possible to increase or decrease the resources as needed. This is very useful for businesses to scale up computing demand. But cloud computing can be a very big security problem if the required countermeasures are not taken. Misconfiguration may lead to vulnerabilities that may result in an entire customer database disclosure.
For further information, you can read and download the Sophos 2020 Thread Report