Their predictions of APT (Advanced Persistent Threats) threats in 2020 are shared by Kaspersky researchers, pointing out how the landscape of targeted attacks will change in the coming months.
The general trend shows that threats will be developed more accurately, will be more targeted and differentiated under the influence of external factors, such as the development and dissemination of machine learning, the development of technologies for deepfakes or tensions around trade routes between Asia and Europe.
Forecasts were developed on the basis of the changes noted by the Global Research and Analysis Team in 2019 to support the digital security community through guidelines and information. The latter, coupled with a range of forecasts for industrial and technological threats, will help to prepare against challenges that may arise over the next 12 months.
Misuse of personal information: from Deepfakes to DNA leaks
After several personal data leaks in recent years, the number of personal data available has made it easier for attackers to carry out targeted attacks based on leaked information. The barrier has gone up, and by 2020 the threatening players will deepen, hunting for more sensitive leaks, such as biometric data.
Researchers have identified a number of key technologies that could lure victims into the traps of attackers, including publicly available videos and audio Deepfakes that can be automated and support profile recognition and the creation of fraudulent and social engineering systems.
Targeted threats for 2020 include:
- False flag attacks reach a whole new level. They will be further developed, with threatening bodies seeking not only to avoid taking responsibility for them, but to actively accuse someone else. Malicious software for sale, publicly available security tools or Administrator software, in combination with false flags, cases where security researchers “thirst” for any small element, may be enough to turn attention to someone else.
- From the ransomware programs to targeted threats. A possible reversal may be that, instead of making files unrecoverable, threatening bodies will threaten to publish data stolen from the victim’s company.
- New banking regulations in the EU are opening up new attackers. As banks will be required to open their infrastructure and data to third parties wishing to provide services to bank customers, it is likely that attackers seek to abuse these new mechanisms with new fraudulent systems.
- More attacks on infrastructure and against non-PC targets. Determined threatening bodies have, for quite a long time, expanded their tools beyond Windows, PCs, VPNFilters and Slingshots, for example, targeting networking hardware.
- Digital attacks focus on trade routes between Asia and Europe. There are several ways in which this could be done. They include an increase in political espionage, as governments seek to secure their interests both internally and externally. It is likely to extend to technological espionage in situations of potential or real economic crisis and instability.
- Mobile APTs grow faster. There are no good reasons to believe that this will stop soon. However, due to the increased attention given to this issue by the security community, we believe that the number of attacks identified and analyzed in detail will also increase.
- The misuse of personal information grows, armed with artificial intelligence. It is similar to some of the techniques used to distribute election advertisements on social media. This technology is already widely used and it is just a matter of time the attackers take advantage of it.
”The future is full of possibilities that may have aspects that we have not included in our predictions. The extent and complexity of the fields in which attacks are reproduced offer infinite possibilities. In addition, no individual research team has full visibility of the functions of menacing apt vectors. We will continue to try to predict the activities of the APT groups and understand the methods they develop while providing information on their campaigns and the impact of their actions”,
Says Vicente Diaz, security researcher at Kaspersky.