High profile data breaches have underscored the vulnerability of consumer information in an age of increasingly sophisticated cyber attacks. As hackers become more targeted and sophisticated in their attacks, financial institutions must work to deploy controls that deter criminals while not impeding authentic users. In the official annual cyber crime report in 2019, Frank W. Abagnale, an FBI consultant for over 40 years and one of the world’s most respected authorities on forgery, embezzlement, and secure documents, concurs with the $6 trillion cybercrime damage cost prediction. “I’m very concerned with cyber starting to turn very dark,” says Abagnale.
We’ve seen a massive increase in attackers using spear phishing to obtain cloud credentials, and then using those credentials to achieve their goals. The number one step to ensuring cloud security in 2020 is email security. Beyond that, we’re seeing a lot of misconfigurations, problems with web application security, and things such as API keys floating around on the internet. All these add up, and attackers will use whatever they can to get in. Few threats observed in the beginning of 2020 have been described below to understand the gravity of the threat.
In 2020, defenders need to be looking out for new techniques involving ransomware. With the recent pattern, it has been observed that attackers have been targeting organizations that are well known and have been publicizing their acts. Not a single industry has been left behind by the ransomware attackers. Some of the most sophisticated criminal intrusion operations shift has been observed to this type of ransomware deployment. The fear of Ransomware attacking the organization is not only making the organization vulnerable but is also posing a grave threat to other organizations. While many criminal actors avoid targeting governments to reduce exposure, we have even seen a major increase in the targeting of state and local government organizations, most likely because they have fewer resources than the federal government
- Impact of Elections in States
U.S. Elections Bring Rise to Cyber Activity going ahead with the most important elections of the United States. Expectations are clear for a raise in not just cyber espionage and cyber influence operations targeted at the electoral systems, but also candidates being impersonated on social media and other types of information operations designed to target the voters themselves.
In an effort to support election security, FireEye recently launched an election security resource center where we have a lot of information that should help defenders during this critical time. Attackers have been creative with their hosts now. We’re seeing cyber criminals have the sophistication level of nation states. Organizations need to ensure in 2020 that innovation comes from ethical hackers as a security measure that leaves behind the attacks by criminals. In order for us to defend, we need to get ahead of the threat.
There have been other attacks in the past like, Attacks via smartphones, Crypto Jack attacks which still need to be addressed. Thus every industry irrespective of how valuable data it holds needs to follow cyber protection protocols.
Preparing for the Future:
One important realization for the upcoming year is that every organization is somehow related to a possible target. Even if an organization is small or seemingly insignificant to threat actors, it’s likely a supplier, third-party vendor, or in some way connected to a bigger, larger target. Organizations need to be mindful that they could be the critical node—they could be the weakest link. Organizations should consider themselves in a broader context. It’s not just what’s happening between a target and a threat actor—the entire ecosystem that they’re a part of matters. The best thing organizations can do going into 2020 is to understand where they sit in the threat landscape, but that’s easier said than done. Those that are trying to use intelligence are now seeing that it’s quite a large task to really understand their threat profile.