Cybercrimes had already caused a lot of havoc in 2019. Is it going to continue in 2020 as well?
FREMONT, CA: The year 2020 will be experiencing new transitions in technology. The days are gone when networks were isolated behind an organization firewall, and there was a limited stack of enterprise applications. Over these few years, the manner in which the threat landscape has evolved, it has been successfully proven that threat actors will remain undeterred from jeopardizing the system for their own advantage. They keep shifting and adapting in their choice of attack vectors and techniques, thus facilitating the requirement for enterprises and users to stay one step ahead.
Fraudsters will outpace the incomplete and hurried patches
System administrators will be in a dual predicament, i.e., making sure the timeliness and the quality of the patches being deployed. Defective and incomplete patches can most likely disrupt or even break the crucial systems; however, making delays in their application can make the system vulnerable to threats. Besides, fraudsters will capitalize on ‘patch gaps,’ which act as windows of exposure between a defect in an open-source component being fixed and its patch being implemented on the software that makes use of it.
Fraudsters will capitalize on deserialization bugs and wormable flaws
There will be unveiling of more exploitation attempts on crucial and highly severe vulnerabilities, such as the wormable BlueKeep. In order to compromise susceptible systems, with the latter already being a common vector for ransomware, broadly utilized protocols, such as Remote Desktop Protocol (RDP) and Server Message Block (SMB) will be abused.
Defects and weaknesses that involve the deserialization of unreliable data will be a key concern, specifically in enterprise application security. The threats that exploit this category of vulnerabilities hold the potential to modify the data, which is assumed to be secure from alteration and enable the possible execution of attacker-controlled code. Instead of searching and chaining numerous susceptibilities together for executing malicious code, attackers will rather greatly exploit deserialization bugs for gaining control of systems more easily, even in sophisticated environments.
Deepfakes will be the next enterprise fraud’s frontier
The usage of deepfakes, i.e., AI-based frauds of videos, images, or audio, will migrate from creating fake celebrity videos to manipulating companies and their processes. For example, a company was defrauded of $243,000 via a fake, AI-generated voice of the CEO of an energy firm. The technology will add to the arsenal of cybercriminals and will be a shift from convention business email compromise (BEC). The C-suite will be the main targets for these kinds of frauds as they are generally in conferences, calls, online videos, and media appearances.
Keeping all these predictions in mind, enterprises should adopt the necessary security measures to keep themselves prepared in advance.