Proofpoint has gathered its top predictions for CIOs to watch out for in 2020. Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, tells us downloaders and botnets abound while supply chains and account compromises will drive phishing.
During 2019, there were many trends within the threat landscape that help paint a picture of what we can expect in 2020. These include the results of widespread RAT and downloader distribution, significant evolution in impostor attacks and increasingly sophisticated attacks on cloud applications.
Notably, email will remain the initial threat vector of choice for most actors, driving credential phishing campaigns; targeted attacks with malware to establish a beachhead within organisations; and for widespread distribution of banking Trojans, downloaders, backdoors and more.
However, cloud-based email systems like Microsoft Office 365 and GSuite will themselves also be key targets for threat actors, providing platforms for future attacks and lateral movement within targeted organisations.
As cybercriminals are increasingly shifting their focus from targeting infrastructure to targeting people, in 2020 it is vital that organisations in the Middle East, as well as across the globe, recognise the human factor threat as any organisation, regardless of its geography, is a target of those threat actors.
Aligned with this, Proofpoint gathered the below top predictions for CIOs to watch out in 2020:
Ransomware
Despite its near absence as a primary payload in malicious emails, ransomware continued to make headlines throughout 2019, largely in so-called ‘big game hunting attacks.’ We expect these types of attacks – in which threat actors focus on high-ransom attacks on servers and endpoints in mission-critical environments that are most likely to pay to decrypt their files for rapid recovery – to continue in 2020.
Additionally, organisations will increasingly find that once they are victims of ransomware, they have already been compromised with a versatile malware strain that creates potential future vulnerabilities and exposes data and intellectual property.
Complex infection chains
While most users have largely been conditioned to avoid attachments from unknown senders, the increasing prevalence of cloud applications and storage means that we are all conditioned to click through links to view, share and interact with a variety of content.
Threat actors will continue to capitalise on this in 2020, both because of its effectiveness in social engineering and because URLs can be used to mask increasingly complex infection chains that make detection more difficult than a simply linked payload.
Whereas URLs frequently linked to an executable for a malicious document in the past, 2020 will see increases in the use of URL shorteners, traffic distribution systems and other hops to hide final payloads from defenders and automated systems.
Abusing legitimate services
Threat actors will expand their abuse of legitimate services for hosting and distributing malicious email campaigns, malware and phishing kits. Similarly, the widespread abuse of other legitimate cloud-based hosting services for malware delivery will continue, capitalising on our conditioning to click through links for shared content and the inability for most organisations to blacklist services like Dropbox and Box.
Finally, we predict malvertising activity associated with the Keitaro traffic distribution system (TDS) will expand and continue in 2020 based on its traffic statistics and the difficulty in blacklisting IPs associated with this type of service.
Brute force attacks get smarter
As organisations continue to adopt cloud-based productivity and collaboration software, these platforms become increasingly attractive targets for threat actors.
While traditional brute force attacks on these and other cloud services will continue in 2020, we expect these attacks to become increasingly advanced.
Additionally, while adoption of multifactor authentication is helping to mitigate risks associated with cloud attacks, vendors and organisations alike are finding that robust implementation carries its own challenges, driving organisations to look at biometrics and other potential solutions to secure their infrastructure, whether owned or purchased as a service.
Supply chains expose vertical and horizontal partners
Supply chain vulnerabilities took centre stage with the breaches of major retailers in 2013 and 2014. While threat actors have continued to exploit the supply chain for everything from credit card theft to business email compromise (BEC), we expect this tactic to become even more sophisticated in 2020.
We also anticipate organisations will begin looking more closely at the wide range of suppliers with which they engage. Knowing who these suppliers are and requiring specific types of email security in vendor contracts will be critical to limiting threat actors’ ability to hop from one supplier to another until they compromise intended targets.
Furthermore, this will also drive further adoption of DMARC as information security teams come together with procurement teams to demand standards-based approaches to vendor security.
Training takes centre stage
While automated systems can prevent many threats from reaching inboxes, users remain the final line of defence, especially as threat actors turn to voice and SMS phishing and multi-channel attacks.
As a result, training is a critical component of security but scarce resources demand that organisations be increasingly selective about the training they provide for their users. In order to effectively train employees on cybersecurity and ensure those trainings capture the main key-learnings, organisations must offer localised content into different languages taking into consideration the diverse cultural background of the workforce especially in countries such as the United Arab Emirates.
In 2020, we expect that training priorities will be driven by threat intelligence and the types of threats organisations are actually experiencing. Additionally, there will be a wider adoption of in-client email reporting mechanisms including automation to avoid overwhelming IT resources.
Finally, given the challenge in detecting the attacks with automated systems, we also expect that organisations will focus training on internal phishing and email account compromise.
Click below to share this article