How will the cyberthreat landscape look with changing trends in cybercrime, technology, and legislation? eSecurity firm McAfee gives us a sneak peek of the cyberthreat landscape, 2020 and beyond, in its latest report.
Broader deepfakes capabilities for less-skilled threat actors
Deepfake video or text can be weaponised to enhance information warfare. Freely available video of public comments can be used to train a machine-learning model that can develop of deepfake video depicting one person’s words coming out of another’s mouth. McAfee predicts the ability of an untrained class to create deepfakes will enhance an increase in quantity of misinformation.
Adversaries to generate deepfakes to bypass facial recognition
Enhanced computers can rapidly process numerous biometrics of a face, and mathematically build or classify human features, among many other applications. While the technical benefits are impressive, underlying flaws inherent in all types of models represent a rapidly growing threat, which cyber criminals will look to exploit. As technologies are adopted over the coming years, a very viable threat vector will emerge, and McAfee predicts adversaries will begin to generate deepfakes to bypass facial recognition. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and invest in educating themselves of the risks as well as hardening critical systems.
Ransomware attacks to morph into two-stage extortion campaigns
The rise of targeted ransomware created a growing demand for compromised corporate networks. This demand is met by criminals who specialise in penetrating corporate networks and sell complete network access in one-go. For 2020, we predict the targeted penetration of corporate networks will continue to grow and ultimately give way to two-stage extortion attacks. In the fi rst stage, cybercriminals will deliver a ransomware attack, extorting victims to get their fi les back. In the second, they will target the recovering ransomware victims again with an extortion attack, but while threatening to disclose sensitive data stolen.
API- a weakest link to cloud-native threats?
Threat actors are following the growing number of organisations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams. The increasing need and hurried pace of organizations adopting APIs for their applications in 2020 will expose API security as the weakest link leading to cloud-native threats, putting user privacy and data at risk until security strategies mature.
Devsecops will rise to prominence
Container-based cloud deployments are growing in popularity due to the ease with which DevOps teams can continuously roll out micro-services. As a result, the number of organisations prioritising the adoption of container technologies will continue to increase in 2020.