Cloud, 5G and 'wetware' attacks — the 5 biggest cybersecurity threats of 2020

(Source: Giphy)

Artificial intelligence (AI) and machine learning (ML) make human processes more efficient. It’s how Google Search can predict what you’re looking for and how Facebook knows just which products to advertise for your particular interests.

It’s also how hackers can now carry about ‘wetware’ attacks — automated content is generated to target a particular set of victims rather than individuals.

Sophos Labs notes that this is the first generation of offensive ML tools and is expected to get more sophisticated in the coming year.

“Automated 419 scams, phishing, vhishing, and perhaps even deepfake-enabled video attacks against human elements of systems seem likely, and the inherently adversarial method by which they are trained suggests that automated systems will be of limited effectiveness in stopping them,” it says.

(Source: Giphy)

More people access the internet using smartphones than they do using computers. That’s why cybercriminals are growing the variety and variability of the types of attacks that can be used to target smartphone owners, according to Sophos Labs 2020 Threat Report.

The irony is that most people smartphones to secure their most sensitive data. Ideally, two-factor authentication and one-time passwords would be enough to thwart off any hack attempts — but that isn’t the case. A number of ‘SIMjacking’ cases in 2019 show that hackers can now target the weak link between users and their phones.

In addition, dirty tricks like malware, fleeceware, bank-credential stealers and hidden adware will continue to get more complex in 2020, according to Sophos Labs.

^{(Source: Giphy)}

While 5G promises considerable improvement over 4G networks, it’s not all rainbows and sunshine. Data transfer at ten times speed means that a person can download a whole high-definition movie within minutes. It also means they can transfer gigabytes of data within the same time frame.

“While this appears to be a promising service for organisations, the more reliable connectivity and lower latency of 5G will also work in favour of determined employees wishing to transfer swathes of corporate data,” says Forcepoint.

Not only do organisation need to implement better methods to protect data but they also need cybersecurity measures to detect data thefts in a timely manner.

^{(Source: Giphy)}

Businesses are getting cosier with the cloud. As more data pours in, it makes sense to use a public cloud server rather than set up servers in-house. But just because they’re moving to a ‘cloud smart’ agenda doesn’t mean that they aren’t being ‘cloud dumb’.

According to Forcepoint, public cloud systems are going to be the new bullseye for attackers worldwide in 2020. “We expect to see more breaches both from external and internal parties as Cloud applications become more ubiquitous,” it says.

While cloud service vendors are obligated to protect the infrastructure and make sure that data keeps flowing smoothly, they’re not actually responsible for data security. That liability lies with the enterprise — something that most businesses don’t seem to realise.

“From the cloud layer all the way down to the home network, IT security leaders will need to reassess their cyber risk and protection strategy in 2020,” says Nilesh Jain, vice president for Southeast Asia and India at Trend Micro.