CrowdStrike VP of Technology Strategy Offers Four Cyber Threat Predictions for 2020

2019 has ended and as we look forward to the new year, one thing you are sure to see is a barrage of cybersecurity predictions. Undoubtedly, they will range from realistic estimations to “finger in the wind” guesses that will make for interesting reading, even if they never come true. As everyone in cybersecurity knows, preparation is critical. The following predictions focus on the issues that we are likely to see in 2020, with an emphasis on which attack vectors are most likely to be exploited — and more importantly, what you can do about it.

Four Cyber Threat Trends to Watch for in 2020

1. Targeted enterprise ransomware will escalate.

Although enterprise ransomware is not new, attacks that were once the domain of consumers, while declining in number, have spawned new monetization schemes. This means that ransomware will continue to be a huge issue in 2020. Attackers have realized that businesses and governments have more valuable information to target, more money for ransom payments, and can have poor cyber hygiene. This all indicates that 2020 will see an escalation in targeted enterprise ransomware attacks. In 2019, over 70 state and local governments alone were crippled by ransomware attacks. The Ryuk ransomware alone impacted hundreds of schools. Attackers globally have seen the level of damage they can inflict and the massive ransom payments some victims will pay to recover. During 2019, multiple U.S. organizations reported ransomware payments ranging from hundreds of thousands to nearly half a million dollars for various payments made to cybercriminals. Attackers globally are watching, leading them to move away from the “spray and pray” method to become more organized from an operations standpoint, securing larger and larger payouts as a result.

2. SMB threats will increase in 2020.

The venerated cybersecurity adage that “old vulnerabilities cause big damage” will still ring true in 2020. Attackers will look to increase their development of exploits that take advantage of the well-known and publicized vulnerability in Microsoft's Server Message Block (SMB) protocol and they will do it with great success. Ransomware such as Ryuk allows an attack on a single infected device to quickly spread throughout an organization. This indicates that the family of exploits used in the ransomware attacks of 2017 will continue to devastate the millions of still unpatched endpoints.

3. There will be an increase in the balkanization of technology domains to protect national interest and infrastructure.

The balkanization of the Internet in 2020 will continue due to technological, political, economic and nationalistic agendas.

 

Internet balkanization refers to the segmentation of one global open internet into multiple smaller internets, potentially aligned with geopolitical boundaries. 2020 will see more government efforts to reclaim the Internet, with China, Russia and Iran continuing to take technical control over the Internet in their countries. Additionally, we will see more balkanization of technology domains to protect national interests and infrastructure. This assumption is based in part on historical precedent. Consider the recent ban on the Russian government that prohibits their athletes from participating in international competition for four years, including events such as the Tokyo 2020 Olympics and Paralympics. Russian state-nexus adversaries will likely respond with targeted intrusions and/or information operations targeting the organizations responsible for the ban, although no such efforts have been observed as of this writing. In addition, with some countries banning technology from certain Chinese and Russian companies (and the increase in risk from nation-state cyberattacks), we expect to see continued and even greater balkanization of the Internet and technology domains.

4. State-sponsored and eCrime behavior will continue to blend together.

We have seen the blurring of lines between nation-state and eCrime actors for several years, with this trend continuing to escalate since 2017. It is not just because eCrime actors are becoming more sophisticated, although they are. It also reflects that state-sponsored adversaries are leaning more toward using lower-level tools, techniques and procedures (TTPs) in order to thwart attribution efforts and reserve their custom/advanced capabilities for more extreme needs.

Ensuring Optimal Cybersecurity for 2020 and Beyond

Whether you are dealing with nation-state attackers, eCrime actors or hacktivists, ultimately, your best defense is to make sure your organization is deploying true next-generation solutions, such as the CrowdStrike Falcon®® platform. The CrowdStrike®

 

platform uniquely combines endpoint detection and response (EDR), managed threat hunting,

 

next-gen AV with behavioral analytics and machine learning
, and automated threat intelligence. These tools are key to gaining the visibility and context you need to meet critical, outcome-driven metrics, and winning the race against even the most sophisticated adversaries.

Additional Resources

Breaches Stop Here