State-sponsored cyberattacks are on track to eclipse last year’s pace. Mirai-type threats are turning networked IoT devices running Linux into remotely controlled malware bots. Emotet and others are creating multi-layered malware ecosystems, and in turn introducing an era of permanent bugs. Cloud misconfigurations are leaving SaaS subscribers unwittingly vulnerable.
That’s just a slice of what we’ve seen in 2019. And among all this activity, very few were major surprises. In a webcast we hosted late last year, we presented six predictions about threats most businesses would likely face over the following 12 months. I’d argue most of them were fairly safe. (After all, who wouldn’t expect hackers to target Microsoft Office with continuously evolving phishing attacks—and Emotet was right there proving us right all year long.)
This year, we’re back at it. Driven by our broad visibility of threat data, weaponization trends, and remediation data, we’ve compiled a list of eight cybersecurity trends compared to last year’s six. (Leave it to the cybersecurity world, where even the number of trends to watch grows by 33% year over year.)
Check out our latest webinar, A 2019 Cybersecurity Retrospective + Trends to Watch in 2020, to go deep on the threat landscape enterprises faced this year. For instance:
- Last year we pegged IoT Devices such as consumer routers as increasingly attractive malware targets. And sure enough, attacks on these devices were on the rise this year, with a variety of exploits weaponized both in IoT targets, as well as enterprise software. That’s what makes this bot so interesting. The cross-platform nature and varied propagation methods are impressive, to say the least. A few of the affected software bugs: CVE-2019-12780 (Belkin Wemo), A 0day affecting Ubiquity Nanostation5 and CVE-2019-18377 (Symantec Messaging Gateway) — and many others.
- We also predicted an increase in Application-Layer Breaches. This, too, was an easy call, as an array of businesses, including Capital One, Gitlab, Slack, Jira and others, were hit with some of the highest-profile attacks.
- We knew that perennial targets Windows and Microsoft Office would continue to attract increasingly sophisticated threats. Emotet proved the worst of these, distinguishing itself as the most prolific of the 2019 malware distribution platforms.
- Then came Leaks and Misconfigurations, with a vengeance. There are literally hundreds of examples affecting the largest and most well resourced organizations on the planet, with every single one signaling that this is a growing class of problems in the increasingly cloud-intensive world of enterprise computing.
But that’s 2019. For 2020, we’ve identified eight trends that are worth your attention, particularly if you use Adobe software or services, rely on open source software, and take way too long to remediate your highest-risk threats (I’m looking at you, insurance industry).
Here’s a rundown of the threats we think you’ll need to watch next year.
Kenna Security’s Top Cybersecurity Trends for 2020
While most of these are in line with current trends, there are a few that are informed by Kenna data and probably somewhat controversial. Specifically, with so much phishing-oriented exploitation of Microsoft products lately, it’d be surprising to see a switch back to Adobe and other third-party products. Sure, CVE-2018-4878 remains a standby, but I suspect a push of patching will make other third parties more attractive in 2020.
Consider these nuggets discussed on the webinar:
- Even though the new IMDSv2 service was released this year shortly after the Capital One breach, the old service remains available and on by default. This doesn’t exactly foster confidence that we will see a dip in these “confused deputy” type problems.
- BlueKeep remediation. Where are we? And what should we expect of these kinds of high-visibility vulnerabilities going forward.
- Finally, we’re not just picking on the insurance industry. Details on why we singled them out, and why each of these are included, are covered in the webinar.
I hope you’ll find it worth your time. Keeping ahead of the next threat—and particularly, the ones that pose the greatest risk to your organization—is what Kenna Security is all about. And it’s what our collective cybersecurity efforts should be all about. Its our hope that this webinar helps you in your efforts. Check it out.
WATCH THE WEBINAR: A 2019 Cybersecurity Retrospective + Trends to Watch in 2020