Sophos, a Global cloud-enabled next-generation cybersecurity company compiled a 2020 Threat Report that provides an insight into the fast-evolving cyber threat landscape. The Sophos Threat Report (2020) focuses on four areas that researchers noted particular developments during this past year (Ransomware, Malware, Cloud Computing, and Machine Learning).
John Shier, Senior Security Advisor, Sophos said that:
The threat landscape continues to evolve and the speed and extent of that evolution are both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report, we look at how current trends might impact the world over the coming year. We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps, and inside networks. The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare.
Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls and disable backups in order to cause a maximum impact in the shortest possible time. Once any internal protective measures are deactivated, the attackers strike. The initial attack is over a few minutes, but the encryption takes a bit longer to complete and by the time IT managers take note of what’s happening, the damage must have been done.
For a while now, it’s been the case of malicious versions of popular apps been found on third-party app stores. The malware that runs on Windows operating system vastly outnumbers malware for any other platform, but users of mobile devices are more and more affected by malicious activities and pushing malware apps to their phones, tablets, and other devices that run on Android and iOS. A lot of us use these high-powered computers to protect our most sensitive information like our contact list, password managers, social media accounts, SMS text messages, and two-factor authentication apps. It is recommended to use the legitimate app stores, but still, be aware of unwanted apps. Google and Apple may offer a closed ecosystem for app distribution and continuously scan newly-uploaded apps for snippets of code considered to be malicious, but their methods are not 100% sure. The apps created by malicious developers still appear in the Google Play Market and Apple App Store, because they have been gaming the system for years.
As cloud systems become more complex and flexible, operator error is a growing risk and combined with a general lack of visibility, this makes cloud computing environments an easy target for cyber attackers.
This year has seen the potential of attacks against machine learning security systems and research has shown how machine learning detection models could be tricked and could be applied to offensive activity to generate highly convincing fake content for social engineering. Defenders are now applying machine learning to language in order to detect malicious emails and URLs.
The threat landscape is evolving, less-skilled cybercriminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries. These new cybercriminals are basically a combination of the once-secret, targeted attacker, and the pedestrian supplier of ready-made malware, using manual hacking techniques, not for sabotage, but to maintain their unlawful ways of getting a steady income.
Working on computer security can be a very daunting profession and there is a tendency to judge ourselves by our failures, and no one takes the time to celebrate our successes. It turns out that, when we pay attention to security and recognize a threat, we take action. Defenders need to think outside the box because the attacker waits for the opportunity to strike.