The 2020 Threat Outlook
February 14, 2020 by
Hackers are constantly developing new ways to infect systems globally. As threat detection services and security teams catch on to their tactics, they continue to build and deploy new malware to feed their personal wallets. We are seeing more malware than ever, and this cycle will only get worse. Let’s review the predicted threat environment for 2020.
A New Malware Suite
In late 2019, a new malware suite came to life. During that time, researchers began to see incidents of infections dropping up to six different pieces of malware at a time. Together, these six pieces of malware are referred to as Hornet Nest. Let’s dive into the details.
- Vidar – Malware that steals credentials and other personal information
- Predator the Thief – Steals data and can capture images using the victim’s webcam
- Racoon Stealer – Malware that can bypass Microsoft and Symantec anti-spam messaging gateways
- Crypto Stealer – A PowerShell based cryptocurrency stealer which allows the attacker to steal from a victim’s bitcoin wallet
- Crypto Miner – Exploits the victim’s computer and its processing power to help mine cryptocurrency over a longer period
- RDP Backdoor – Provides the attacker entry into the victim’s compromised machine, allowing the attacker to execute additional attacks in the future
Most malware today – including Vidar found in Hornet Nest – is a service, meaning that hackers do not need much skill to deploy it. The producers of these types of malware usually have a nice websites and full marketing departments, just like any other business. If hackers decide to pay for their malware package, the company will give them a dashboard with real-time alerting on their phishing campaigns. It’s easy, and nearly anyone can do it. Keep this top of mind in 2020, so if you see something suspicious you can act fast.
Most cyberattacks these days start with phishing, and hackers continue to evolve their techniques. They will keep finding new, clever ways to attack the innocent. Phishing is when hackers send fraudulent emails by disguising them as being from a trusted and reputable source to try to get individuals to disclose personal information, like passwords and credit card numbers. It is often connected with trends or events happening in the world. Christmas is a popular theme in December, and now we’re seeing IRS and tax themes becoming more prevalent. No matter how hackers try to theme their attacks, though, their messages all have one thing in common: they encourage you to click something, and whatever you visit – website, PDF attachment, call-to-action in their email – will attempt to install malware onto your machine or prompt you to volunteer critical information as a result of clicking.
Most phishing is not targeted, but there are certain instances where it is targeted. This is known as spear phishing. Hackers will purposely send emails from a known or trusted sender – usually by spoofing the email address – in order to induce targeted individuals to reveal confidential information. They are typically related to financial fraud.
Whether you are targeted or not, the Emotet trojan is the most common type of malware being deployed as a result of phishing scams. Stay conscientious of your emails so you can avoid being phished.
Unfortunately, ransomware is here to stay. In fact, ransomware is the number one cyber threat for public sector organizations today, with the cities of Atlanta and Baltimore being memorable incidents from 2018 and 2019, respectively. Ransomware is a type of malicious software that is designed to block access to a computer system and its files until a sum of money is paid. It takes your data, performs a complex mathematical computation on the contents, and rewrites the data to your hard drive with the calculation. This process is called encryption. Once the data is encrypted, you have three options:
- Do nothing, and lose the data forever
- Restore your data from the most recent backup
- Pay the ransom to the hacker to obtain a decryption key in return for the data
A popular family of ransomware in 2020 will continue to be Ryuk, which often starts with Emotet. Once the Emotet infection is deployed and left undetected, ransomware such as Ryuk will follow. It takes time to encrypt large data sets and files, so, the developers of Ryuk decided they didn’t want to wait for that. Instead, they figured out a way to encrypt only the first 54MB of a file to save themselves time and get paid faster. The problem with that is that most of the critical data will be within the first 54MB of a file, and successful decryption of this strain may be less reliable than other types of ransomware.
Not only do we predict that 2020 bring Emotet, Ryuk, and other threats, but hackers are also upping their game in the data exfiltration category, too. In mid-2019, some families of ransomware, most notably the Maze ransomware, started exfiltrating data to post publicly if an organization chose not to pay the ransom or disclosed that they were attacked. Moreover, if an organization is prepared with backups and has been able to restore the data unharmed, the threat of the infection being disclosed to the public is heightened.
Be cautious of these tactics because hackers are not backing down in 2020. Know how to detect threats before they turn into ransomware attacks, and always keep a current air-gapped back-up of your data on a separate, secured network.
Mitigate Threats on Your Network
These threats are real and can happen to any organization at any time. There is no silver bullet in cybersecurity. However, there are easy controls you can put into place to protect against threats, like having strong passwords, enabling multi-factor authentication, training employees on cybersecurity awareness, and frequently backing up data.
Explore Tyler Detect, our managed threat detection service that will monitor your environment 24/7 for malicious activity. With analysts observing your network traffic every day, Tyler Detect will help protect you against hackers and their crafty tactics.