Threat landscape grew in complexity in 2019, no respite in sight
Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020
The cyber security threat landscape grew in complexity throughout 2019, with a potent mix of nation state threat actors, cyber crime organisations and private sector security providers accelerating the cyber arms race and elevating each other’s capabilities – and there will be no let-up this year, according to Check Point’s 2020 Cyber security report.
Check Point’s latest guided ramble through through the world of cyber security highlights some of the main tactics threat groups are using to attack organisations across the globe, and aims to give CISOs and other security professionals a grounding in what they need to know to protect themselves from a new generation of attacks. The report is based on data drawn from its ThreatCloud intelligence service.
“Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated,” said Lotem Finkelstein, major intelligence officer at Check Point Software Technologies. “Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cyber criminals and prevent attacks.
“Detecting and automatically blocking the attack at an early stage can prevent damage. Check Point’s 2020 Cyber security report shares what organisations need to look out for, and how they can win the war against cyber attacks through key best practices.”
Check Point said it had observed a number of overarching trends during 2019. Firstly, it found, even though cryptomining declined during the year – linked both to a fall in value of major cryptocurrencies and the closure of the Coinhive operation – 38% of organisations were impacted by illicit cryptomining activity, up one percentage point from 2018. It observed that the use of cryptominers remained a low-risk and high-reward activity for some groups.
Secondly, it registered a surge in botnet attacks, with 28% of organisations targeted, a 50% rise on 2018. Emotet, which saw a resurgence in activity towards the end of the year after its controllers apparently took a summer holiday, was the most common bot malware observed in the wild, thanks to its versatility in enabling both malware and spam campaigns. Other common botnet actions, including sextortion email campaigns and DDoS (distributed denial of service) activities, saw a notable spike.
Beyond “spray and pray” time attacks, 2019 also saw very rapid growth in more targeted ransomware attacks. Although the number of impacted organisations remains low, such attacks – exemplified by the ongoing Travelex crisis, the October 2019 ransoming of shipping services firm Pitney Bowes, and various attacks on public sector bodies – are more severe and usually carefully chosen, as the organised gangs behind them are looking to extort the maximum possible sum of money.
Other growth areas in 2019 included Magecart infections against e-commerce websites, which hit hundreds of victims, and attacks conducted through the cloud. Check Point revealed that while 90% of enterprises now use cloud services, 67% of security teams feel they do not have proper visibility into their infrastructure. As a result, the magnitude of cloud-related attacks and breaches was up substantially, with misconfiguration of cloud resources the biggest cause.
Finally, Check Point observed that mobile attacks saw a notable decline, with just 27% of organisations impacted in 2019, compared with 33% in 2018. While the mobile threat landscape continues to mature, said the report, security teams are now aware of the threat and are moving to protect mobile device estates.
Looking ahead, Finkelstein said he expected to see an escalation in targeted ransomware exploits, building on what was seen last year, again targeting specific industries, such as public sector organisations, which are often more motivated to pay up. He noted that guidance from many law enforcement agencies is now shifting towards a softer stance on paying ransoms, and spoke of an escalation that will only get worse.
“In the light of such events, it is clearly evident that organisations must adopt a strategy of prevention and not merely rely on detection or remediation,” said Finkelstein.
Read more about security in the 2020s
- More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on in 2020.
- Confidence in the security of the 2020 US presidential election spanned the gamut, depending on who you asked at Defcon’s Voting Village, with local officials more optimistic than technologists.
- California’s consumer protection and data privacy laws came into effect on 1 January 2020, and present a golden opportunity for cyber security practitioners.
The surge in mobile banking malware seen in the past couple of years will doubtless continue through 2020, and is likely to become more sophisticated in how it steals payment data, user credentials and, ultimately, money. We are also likely to see more malware-as-a-service-type attacks as developers try to further monetise their work.
“Mobile banking malware requires little technical knowledge to develop, and even less to operate,” said Maya Horowitz, a director of threat intelligence and research at Check Point. “The malware searches for a banking app on the infected device and creates a fake overlay page once the user opens it. The user will then enter the user’s credentials, sending it directly to the attacker’s server.”
Phishing attacks will probably ramp up this year, moving beyond email to exploit other attack vectors. Increasingly, observers have seen phishing scams involving SMS messages, social media and gaming platforms, and even corporate voicemail, the latter particularly notable as the abilities of artificial intelligence (AI) grow.
Indeed, 2020 will see an escalation in the use of AI both as a defence mechanism – poring over reams of data in a way that would be impossible manually – but also as an attack vector to probe networks, find vulnerabilities and develop more evasive malware.
“AI is only as sophisticated as its learning curve,” said Neatsun Ziv, vice-president of threat prevention at Check Point. “Expose the machine to skewed data and suddenly the atypical can become the algorithms’ ‘normal’.
“When considering the dynamic world of cyber crime, AI detection can be manipulated by criminals who are savvy enough to understand this. Which is why a robust, future-proof fraud detection approach needs to include more than just AI.”
This year, Check Point predicted that more organisations will rethink their cloud strategies, putting in place more stringent security, particularly during the development process, which is often a vector for incidents as highly motivated DevOps teams push forward without the requisite controls.
Elsewhere, Check Point expects the Tokyo 2020 Olympic Games to emerge as a prime target for disruption by hackers, mirroring attacks on the 2018 Winter Games in South Korea, and the 2016 Games in Rio de Janeiro.
Finally, attacks conducted through internet of things (IoT) devices will continue to be a broad theme because of the inherent vulnerabilities of the IoT, and the advent of true 5G mobile networks will not help matters because they enable the acceleration of IoT device deployments and increase the network’s vulnerability to large-scale, multi-vector attacks.