AhnLab Security Center


Cybersecurity Trends That Will Shape 2020


Concerns for cybersecurity threats are increasing now more than ever as industries shift towards digital transformation. With the commercialization of 5G technology, which was first introduced last year, 2020 is expected to be a year of hyper-connected society with threats becoming destructive than ever before. However, security experts of AhnLab predict that the threats will be quite familiar as if we had already seen it in a movie.

“To Infinity and Beyond!”: Ransomware Spreading Across Industries 
Some things never stop. They just keep spreading. So does ransomware. The creator of GandCrab, a prime example of a Ransomware-as-a-Service (RaaS), announced the end of its operation on May 2019. Nonetheless, the ransomware market did not falter. Instead, it became more popular with an increase in ‘Big Game Ransomware,’ threat groups targeting large organizations for only big deals. This was due to individual users easily giving up on restoration, discouraged by the high expense. On the other hand, businesses or organizations are more willing to pay the ransom to ensure business continuity and avoid other consequences, such as violation of privacy policies, that might end up costing more.

During the first half of 2019, various organizations and businesses around the globe were attacked by ransomware. Victims included an aluminum manufacturer in Norway, an aerospace parts manufacturer in Belgium, transportation facilities, banks, and local autonomous entities in the United States. CLOP ransomware, for one, was an Advanced Persistent Threat (APT) that specifically targeted IT industries in East Asia. But instead of focusing on one specific industry, it continues to expand its target to maximize their profits. They also attempt to increase the rate of success by exploiting social engineering techniques and file-less attacks via known vulnerabilities.

This does not, however, imply that individual users are completely safe from business-targeting ransomware. Anyone and everyone can be subject to cyberattacks. After all, individual users are easier targets compared to organizations and businesses.

Into the Unknown: Threats Going After Cloud Storage
The concept of cloud may still seem unfamiliar, almost like an unknown area. However, it has become a norm to store data in the cloud instead of storing it locally. In other words, sensitive information is no longer saved on individual computers, while a growing number of source codes and services are saved and processed through cloud computing. Likewise, many businesses have been migrating their business infrastructure to cloud for cost reduction and work efficiency.

However, many businesses and organizations still wrestle with cloud computing anxiety. This is because an increasing number of cybersecurity threats target the cloud. In July 2019, an American financial institution, for example, suffered a massive data breach of over one hundred million users. Moreover, as the market shift towards multi-cloud, concerns over security accidents, caused by human element or technical flaws within the cloud system, increase.

The Phantom Menace: Invisible Threats in Fixed-Function System and OT environment
Just because you can’t see it, doesn’t mean it doesn’t exist. Industrial Control Systems (ICS) often exist in a hidden world, closed networks, managed and operated via network connections. OT (Operational Technology) environments, including ICS, are vulnerable to cyberattacks nonetheless. We have already witnessed social infrastructures, such as factories and power plants, being forced to stop their operation due to cyberattacks. Attacks targeting OT environments are only expected to increase as ICT-based Fourth Industrial Revolution and smart factories automation progress.

Systems we face almost every day are often neglected as well. Fixed-function systems, such as POS Terminals and ATMs, repetitively faced with cyberattacks as their security are easily overlooked, despite being a direct branch for financial transactions and sensitive data. The new decade has marked the dawn of a "cashless society," and cyberattacks on POS Terminals and ATMs will only increase.

Gone with the Wind: Poof Goes Your Data!
Stick to the classics, and you can never go wrong. That seems to be the motto behind cybersecurity attackers. Data breach is one of the most classic but unchanging goals of various cyberattacks. Recently, even notorious ransomware, such as Nemty, Sodinokibi, and Maze, have started to leak the data of victims that have failed to pay the ransom. Attackers have begun to go after a wide range of data with the development of information and communication technology (ICT). In the past, login credentials were widely targeted, whereas recently, the target has shirted to sensitive information, such as social security numbers, bank account credentials, credit card information, and internal access code.

Despite threat groups utilizing advanced methods to steal sensitive data, many businesses and organizations still maintain an outdated way of responding to cyberattacks, such as resetting the infected PC to factory settings. This might seem like a quick and easy solution, but it could lead to more problems. Malware that has infiltrated the system can continue to move around and steal additional information without the user knowing. Thus, businesses and organizations must employ the latest security technologies to collect all evidence and analyze the threat, such as the behavior and infiltration path, to prevent further attacks once and for all.

Parasite: Threats Living off of Mobile Environment 
A decade has passed since the release of the first iPhone on December 2009. The mobile market, mainly divided into iPhone and Android smartphones, will further advance in 2020 as a result of 5G network and foldable smartphones. So too will cybersecurity threats aiming for mobile environment.

Many mobile threats in the past tricked users to illegally make profits. Today, attackers have changed their business model using advanced skills. Attackers can create and distribute the Software Development Kit (SDK). Exploiting the SDK within legitimate applications, attackers can easily gain financial profits, as if they were a parasite of the normal app. As applications are often distributed via app stores, such as Google Play Store, there are also concerns that these type of attacks could lead to a mobile supply chain attack.