Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Blog_ViewPoints: 2020: Rise of the world's elite hackers
#1
Lightbulb 
Quote:
 [Image: TVDumYE.png]

The geopolitical cyberwar between Iran, China, North Korea, Russia and the liberal democracies is about to get very sophisticated

The new year is a time for reflecting on the old and considering the new. In cybersecurity, this leads to a prediction-fest where vendors tell us what to expect over the next 12 months.

But to really understand what is likely to happen, we need to examine not what happened over the last year, but what has been bubbling under the surface. From there we can assess how the criminals are likely to respond in their drive for either money or political advantage.

The global background

2019 was dominated by a global rise in geopolitical tensions between China, North Korea, Iran, and Russia and the liberal democracies. This is a war being fought economically and in cyberspace, and it is likely to increase throughout 2020.

In cyber, this means increased efforts to disrupt public opinion and affect elections – especially, of course, the U.S. presidential election – and increased efforts to steal western intellectual property and money.

But the adversaries have slightly differing motives. Iran and North Korea seek to punish the West for real or imagined slights. With tensions heightened, Iran may feel justified and motivated for cyberattacks on America. Russia seeks to weaken the West. China, however, seeks to learn from, emulate, and overtake the west both economically and militarily. In all cases, there is a blurring (and sometimes an elimination) of lines between the elite criminal hackers and the state hackers. Both benefit. The state acquires increased expertise while the criminals get access to resources and state protection.

The effect in 2020 will be an increase in sophisticated attacks by the world's elite hackers. Russian attacks will be disruptive; on the one hand seeking to sow discord within western populations, and on the other hand testing its cyber weapons. Iranian and North Korean attacks are likely to be noisy and dramatic – these two countries have little to lose either economically or in public opinion.

But the Chinese attacks are likely to be the most dangerous. China is playing a long game. In the Chinese philosophy and culture, it doesn't matter if it takes 100 or more years to succeed. These attacks will be less dramatic as China seeks to infiltrate western companies, steal military and technology secrets, dominate western economies, and learn how to disrupt critical industries. There are rumors, for example, that China is intercepting and storing massive volumes of secret encrypted telecommunications, waiting for the time it can decrypt everything through the power of quantum computers. We may not even hear about the majority of China’s attacks.

The technology background

The two big technology developments were the proliferation of wireless connected devices (IoT) and the emergence of drones. Neither were new to 2019, but both reached a tipping point during the year.

The Internet of Things

The growth of IoT devices in the business world is being driven by business transformation, sometimes known as Industry 4.0. This process will gather pace through 2020, and the use of IoT will increase accordingly. Many new IoT devices will be manufactured in China; and even when they are designed and assembled in the West, the components will still mostly come from China.

There are two primary threats. The first is to the supply chain. There is the potential for hidden backdoors that can be exploited in the future, or methodologies for sending data back to the country of origin. The second is a more widespread lack of security. Whenever there is a burgeoning market, manufacturers rush to get new products to that market. And when they rush, security gets forgotten.

The result in 2020 will be an increased targeting of IoT devices by both nation-state and criminal hackers. This will apply to business IoT, smart devices in the home (such as cameras and routers), and personal devices (such as watches and activity trackers).

We should not forget that self-driving vehicles are effectively local collections of many IoT devices. The potential for hijacking smart cars has been frequently demonstrated in the past. As driverless vehicles – especially driverless trucks – take to the road, we will undoubtedly see attempts to hijack them.

Drones

Drones, like IoT devices, are not new. 2019, however, saw them transition from specialty to commodity items. At the lowest level, their nuisance and privacy intrusion activity will boom. Thousands of people have received low cost drones with cameras this Christmas, and many will be used to snoop on friends, neighbors, and strangers.

Higher up the criminal chain, drones will be equipped with Raspberry Pi computers and Wi-Fi sniffers to intercept and listen in on telecommunications. These will be listening for sensitive information and for credentials to access corporate networks.

Activists will also use drones to disrupt events or to make a political point – such as flying into commercial airspace to protest environmental pollution. At the opposite end of the same purpose, law enforcement agencies will use drones with facial recognition capabilities to monitor suspects and disrupt criminal activity.

Activist use is a short step from terrorist use. In September 2019 a successful drone attack against Saudi oil facilities was almost certainly directed by Iran. While this attack involved nation-state support, the use of drones as a weapon is no longer beyond the reach of even small terrorist groups. This is a danger that will grow throughout 2020.

The cyber background

Malware

Here, the standard prediction will be correct – there will be more malware throughout 2020. Nevertheless, three areas will be noteworthy:

1. Magecart. Financial fraud using stolen payment card details will increase. The transition to chip-based Europay, Mastercard, and Visa cards has driven criminals from card-present fraud to card-not-present fraud – that is, the use of card details for online purchases. It is easier to get card numbers from online databases. However, since the card number alone is not enough without the CVV number (which cannot be stolen from card databases), there has been a growth in Magecart-style attacks. This involves “skimming” the details from the retailer’s website as the payment details are entered in plain text and before the number is encrypted and the CVV number is discarded. The number of these attacks will grow and the attacks will become more sophisticated through 2020.

2. Targeted ransomware. Until all organizations refuse to pay ransoms – which is unlikely if not impossible – criminals will continue to use ransomware. The bigger the target, the more it can afford to pay; so ransomware will increasingly be targeted at large organizations: manufacturing, healthcare, and municipalities.

3. Malware-as-a-service (MaaS). MaaS is growing rapidly. This is where elite or competent hackers develop malware that is then hired out to less tech-savvy criminals. It is a quick, easy, and cheap way for wannabe criminals to steal money online. Through 2020, this will grow. Users of up-to-date anti-malware products will largely be kept safe – but those who don’t defend themselves will be exposed to far more malware attacks.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>