Cybersecurity threats continue to make headlines as attack vectors become more targeted and sophisticated. And 2020 will be no exception. We sat down with Webroot’s threat research team and product experts to learn more about what industry trends they expect to see next year and beyond. Scroll the various categories below and comment with some of your own personal predictions!
Threats
- Emotet will continue to be the front runner in terms of both botnet size and malspam distributed. – Jason Davison, Advanced Threat Research Analyst
- Phishing will become more targeted as data collected from breaches is incorporated into the phishing email. Things like passwords and recent tractions can go a long way in convincing people the email is legit. – Grayson Milbourne, Security Intelligence Director
Attack Targets
- We will finally see a consumer IoT/connected goods certification body, similar to the Consumer Electrical Safety Certifications today. This will enforce the notion of Security By Design for an smart goods manufacturer. – Paul Barnes, VP Product Strategy & UX
- Expect a mass IoT breach spanning consumers and businesses, like the Mirai botnet, this time with little ability to remediate based on attack disabling hardware and demanding ransom – Paul Barnes
AI/ML
- Adversarial attacks against AI-based security products will grow in scope and complexity. There will be a bifurcation in AI providers with these attacks highlighting which systems are vulnerable to sophisticated attackers. It will become clear that there are fundamentally two types of AI in cybersecurity: AI which acts like a smarter conventional signature and AI which is built into every facet of an intelligent, cloud-based platform capable of cross-referencing and defending itself against adversarial attacks. – Joe Jaroch, Senior Director of Cybersecurity Strategy
Biometrics
- The trend to move away from passwords will continue but we need to ensure the alternate sources are secure. Simjacking will be a growing problem, making phone numbers even less secure. Numerous services and MFA checks will need to pivot away from using phone numbers and instead use unique IDs and push notifications. – Joe Jaroch, Senior Director of Cybersecurity Strategy
Cryptomining and Cryptojacking
- Cryptojacking will move in line with cryptocurrency prices. If prices increase, we'll see more cryptomining; as they fall, attackers will find other monetization strategies. As people move to more locked down devices, cryptojacking will become increasingly prevalent, monetizing threats through the consumer's electricity bill. – Joe Jaroch, Senior Director of Cybersecurity Strategy
Deepfakes
- Misinformation will continue to be a problem for the foreseeable future. Despite Facebook’s efforts, advancements in the ability to create deepfake videos has made it much easier to trick people into believe false information. – Grayson Milbourne, Security intelligence Director
Office 365 and the Cloud
- Business email compromise (BEC) attacks will continue to evolve in sophistication, making it ever more difficult for users to know real from fake communications with their colleagues, suppliers and customers, making advanced, regular, security awareness training and attack simulation absolutely critical. – Matt Aldridge, Senior Solutions Architect
Cyber Insurance
- Having cybersecurity protection and insurance coverage for cyberattacks on cars will become the norm down the road. Cybercriminals will take advantage of new unique automotive vectors to exploit, including un-monitored charge points for electric cars, as well as advanced software platforms on today’s cars that manufactures are incredibly slow to react to and patch. I anticipate that we will eventually see a proof of concept on ransomware for cars as well. – Tyler Moffitt, Security Analyst
What predictions stand out to you? What else do you see coming up in 2020?
I’m curious to hear what you think! - Keenan