Crime never sleeps – but it evolves. After a year marked ransomware, business email compromise (BEC)
fraud and an increase in targeted attacks against companies of all sizes, 2020 has racked up a sizable list
of cyberthreats to keep an eye on.
Here is our list of the 2020’s Top 5 “Most Wanted” Cyberthreats:
1. Mobile Phishing
Phishing scams are a well-known threat leveraging social engineering to trick targets to give up personal
information. But fraudsters are turning to new tactics. One of these – Mobile-first phishing – is expected
to rise in 2020.
In a recent example, phishing links were sent to users via email, masquerading as messages from
Verizon Customer Support and tailored to mobile viewing. When the malicious URL was opened on a
desktop, it looked sloppy and obviously not legitimate – however, when opened on a mobile device, it
looked like what you would expect from a Verizon customer support application.
Cybercriminals know that users are not yet conditioned to distrust mobile interactions – for now. So,
make sure that your user security training underscores this point.
2. Data Breach Bonanza
There’s no question that data breaches have gotten out of control. In the third quarter of 2019, the total
number of breaches was up , and the total number of records exposed more than doubled, up 112
percent, according to industry statistics. In 2020, there’s no sign of a waning appetite on the part of
cybercrooks bent on carrying out fraud and identity theft. Demand on the Dark Web for a record
containing sensitive, personally identifiable information (PII) is at an all-time high.
If you house sensitive customer or partner records, these need to be safeguarded like the crown jewels
they are. All too often, criminals are getting into data vaults by way of network compromise, such as:
• Unpatched software
• Credentials spilled online
• Poor password management
• Inadvertent misconfigurations of internet-facing databases
Tidying up these basics, can help your data from becoming easy pickings.
3. End-of-Life Exploits
January 2020 brings the end-of-life for Windows Server 2008 and Windows 7. Millions of devices are still
running these operating systems, but any vulnerabilities that come to light won’t be patched because
Microsoft will cease to support them. The only way to fix this is to replace the operating systems entirely
– a costly and potentially difficult proposition for companies of any size.
4. Supply-Chain Attacks
Cyberattacks are all about the weakest link, a chink in the armor. Increasingly the weak link is partner
companies, third-party services and third-party devices. For instance, Delta and Sears were both
compromised last year by attackers who targeted a weakness in a third-party customer-service chatbot
platform. Similarly, in the case of the infamous Target breach, which impacted 70 million people, the
attackers first compromised a HVAC contractor who had a data connection to the giant retailer for
electronic billing.
2020 will be the year of supply-chain and vendor vulnerability, as these kinds of weak links proliferate
thanks to the hyperconnectivity that comes with cloud migrations, the advent of 5G, the internet of
things (IoT) and more. You’ll need to have strict controls and visibility into not only your own security
posture, but that of your vendors and partners, too.
5. Deepfakes
Impersonation fraud is already a problem, and 2020 will bring more, but threat actors will refine their
strategies and start to impersonate users using “deepfake” technology. Deepfakes are created using
artificial intelligence. Examples include swapping in a new face onto video footage so that it looks
legitimate or creating audio imitating someone’s voice to a tee.
As you can imagine, this opens the door to a range of attacks. Cybercrooks recently successfully fooled a
company into a large wire transfer using an AI-powered deep fake of a chief executive’s voice, for
instance. Researchers say deep-fake tech is getting better and better – to the point where biometric
hacking using compromised data and malicious artificial intelligence to impersonate an identity is not
too far off.
Researchers are trying to fight fire with fire, using AI to detect these fabrications. Meanwhile, one of the
immediate measures to take is to educate your staff of the existence of deepfakes and put in place
verification procedures for high-value or sensitive disclosures, such as financial transfers.
There you have it: cyberthreats “most wanted” list for 2020. That’s just the top five – many more
emerging cyberthreats exist. If that fact scares you, then good – it should.
Ready to simplify cybersecurity in 2020? Connect Tech can help.