By Josh Lemos, Vice President of Research and Intelligence, BlackBerry Cylance
Uncommon attack techniques will emerge in common software
Steganography, the process of hiding files in a different format, will grow in popularity as online blogs make it possible for threat actors to grasp the technique. Recent BlackBerry research found malicious payloads residing in WAV audio files, which have been utilized for decades and categorized as benign. Businesses will begin to recalibrate how legacy software is defined and treated and effectively invest in operational security around them. Companies will look for ways to secure less commonly weaponized file formats, like JPEG, PNG, GIF, etc. without hindering users as they navigate the modern computing platforms.
Changing network topologies challenge traditional assumptions, require new security models
Network-based threats that can compromise the availability and integrity of 5G networks will push governments and enterprises alike to adopt cybersecurity strategies as they implement 5G spectrum. As cities, towns and government agencies continue to overhaul their networks, sophisticated attackers will begin to tap into software vulnerabilities as the expansion of bandwidth that 5G requires creates a larger attack surface. Governments and enterprises will need to retool their network, device and application security, and we will see many lean towards a zero-trust approach for identity and authorization on a 5G network. Threat detection and threat intelligence will need to be driven by AI/ML to keep up.
2020 will see more cyber/physical convergence
As all sectors increasingly rely on smart technology to operate and function, the gap between the cyber and physical will officially converge. This is evident given the recent software bug in an Ohio power plant that impacts hospitals, police departments, subway systems and more in both the U.S. and Canada. Attacks on IoT devices will have a domino effect and leaders will be challenged to think of unified cyber-physical security in a hybrid threat landscape. Cybersecurity will begin to be built into advanced technologies by design to keep pace with the speed of IoT convergence and the vulnerabilities that come with it.
State and state-sponsored cyber groups are the new proxies for international relations
Cyber espionage has been going on since the introduction of the internet, with Russia, China, Iran and North Korea seen as major players. In 2020, we will see a new set of countries using the same tactics, techniques, and procedures (TTPs) as these superpowers against rivals both inside and outside national borders. Mobile cyber espionage will also become a more common threat vector as mobile users are a significant attack vector for organizations that allow employees to use personal devices on company networks. We will see threat actors perform cross-platform campaigns that leverage both mobile and traditional desktop malware. Recent research discovered nation-state based mobile cyber espionage activity across the Big 4, as well as in Vietnam and there’s likely going to be more attacks coming in the future. This will create more complexity for governments and enterprises as they try to attribute these attacks, with more actors and more endpoints in play at a larger scale.