Chronicle Cybersecurity Predictions: Crimeware, Cloud and Beyond

As we near the end of the decade, one notion is clear within the world of cybersecurity: data breaches and cyber attacks aren’t going anywhere. In mid-November, the total data breach count surpassed last year’s, as there have been 1,272 breaches in 2019 to date, compared to 1,244 total in 2018. Companies will continue to be plagued by these attacks, as bad actors gain access to more IP addresses, allowing them to be increasingly effective in compromising sensitive data.

There are some areas that should be of particular concern for security teams, such as the rise of credential stuffing and cryptocurrency crimeware, and some industries specifically, such as healthcare and local governments, need to beef up and prioritize their cybersecurity practices after being hit hard by ransomware and other cyber attacks in 2019.

But it’s not all doom and gloom on the cybersecurity horizon. Read on for some Chronicle team members’ predictions for the cybersecurity landscape within the next year, and what in particular security teams should prioritize in 2020.

Brandon Levene, Head of Applied Intelligence, Chronicle

Global law enforcement will dedicate increased resources to combat crimeware

Crimeware is a more likely business threat than APT attacks, yet law enforcement has been unable to defend against it. Efforts have been limited by time and geography, giving crimeware operations time to adapt tools for maximum impact. In 2019, law enforcement began to coalesce around crimeware. From IC3 to Interpol, there was an increased frequency in crimeware reporting and counteroperations. In 2020, crimeware initiatives will improve. There will be better public, private sector collaboration to develop strategies to defend against it. Crimeware will become a priority instead of a side effort, and law enforcement capabilities to combat its impact and scope will improve.

Beware the rise of credential stuffing

2019 has seen 1,272 data breaches to date, exposing more than 163M records. Attackers have latched onto transactional data — social security numbers, phone numbers, personal addresses, medical records, etc — and will redouble their use of it in the coming year. In 2020, expect to see credential stuffing — automated login requests of breached username/password pairs in order to fraudulently gain access to user accounts across a multitude of websites — grow in frequency and commonality as an aftershock of data breaches. As more data becomes available for exploitation, credential stuffing will become a more viable method of monetization for attackers.

The rise of crypto crimeware

In October, the cryptocurrency market hit $253 billion. As the market continues to grow, attackers will target it, bringing a rise in crypto-related cybercrime in 2020. Expect a swell of crypto-specific crimeware in the year to come, including more miners, more wallets being targeted and stolen, and a rise in ransom demands in crypto.

Security will get more transparent

As enterprises shed legacy colocation tools, and continue to pursue cloud deployments of tools, security will follow suit. Security services and platforms will continue to migrate to the cloud, and a new paradigm of security will emerge. In 2020, the focus of security in cloud environments will shift to access management, monitoring, and proactive scanning in order to facilitate better, more secure cloud transitions.

Anton Chuvakin, Head of Security Solutions Strategy, Chronicle

Healthcare and state agencies will be hit the hardest

Medicine and local governments are two of the most vulnerable industries. Between 2009 and 2018, there were 2,546 healthcare-related data breaches, exposing 190M records, while more than 40 municipalities fell victim to cyberattacks this year. These industries often lack effective cybersecurity as they wrestle with low budgets and understaffed IT teams — and attackers recognize them as low-hanging fruit. The 2018 Atlanta attack is the best example of this, as 1,500 and 2,000 security vulnerabilities were found in the city’s systems, allowing bad actors to deploy SamSam ransomware. Hospitals and municipalities aren’t prepared for last year’s threats, and they’ll continue to get hit with tried and true attacks, rather than more sophisticated threats.

As rapid cloud migration continues, there will be more cloud customer breaches

The public cloud services market is expected to grow to $250B by 2020. As cloud migration continues, new risks have emerged. Security teams are bringing outdated thinking to the cloud, protecting systems and technology as if they were on-premise. Legacy thinking manifests in many SaaS-first expressions. For example, 451 Research found that half of DevOps teams failed to incorporate application security into their CI/CD workflows. Security is seen to slow down the CI/CD process, yet, web apps are one of the most popular attack vectors for malicious attackers. Teams working at the speed of software need security policies and processes that support SaaS functions and business operatives. On prem security processes don’t suit the cloud, but legacy thinking will continue to be transferred to the cloud in 2020, creating critical cybersecurity problems for organizations.

Futuristic hacking won’t materialize

While advancements in attack techniques like adversarial AI have added variety to attackers’ playbooks, it’s unlikely we’ll see futuristic attacks emerge in 2020. Attackers look for the path of least resistance when it comes to targets, and between existing attack surfaces and emerging attack techniques — like cryptojacking and the container ecosystem — it’s highly unlikely novel surfaces like self driving cars, or AI networks will become targets. There’s simply enough capital to to gain from existing ecosystems, and FUDy futuristic threats won’t materialize.

Geopolitical conflict will spur fragmentation in cloud

Seams of fragmentation in the digital universe are emerging as geopolitical tension grows. Huawei’s line of 5G smartphones, Mate 30, is blocked from using Google apps due to China-US trade conflict, the Kremlin is creating its own sovereign internet, and China is building its own operating system to replace all use of Microsoft OSes nationwide. In 2020, these seeds of fragmentation will take root and the ramifications of geopolitical conflict will show in cloud computing. China will get its OS up and running, Russia will launch its internet, and cloud providers will face new tension in foreign markets.