Connect with us

Hi, what are you looking for?

HEADLINES

Abuse of personal information and more sophisticated attacks are coming – Kaspersky

As banks will be required to open their infrastructure and data to third parties who wish to provide services to bank customers, it is likely that attackers will seek to abuse these new mechanisms with new fraudulent schemes.

Photo by Taskin Ashiq from Unsplash.com

Kaspersky researchers have shared their vision on Advanced Persistent Threats (APTs) in 2020, pointing out how the landscape of targeted attacks will change in the coming months. The overall trend shows that threats will grow in sophistication and become more targeted, diversifying under the influence of external factors, such as development and propagation of machine learning, technologies for deepfakes development, or tensions around trade routes between Asia and Europe. 

The predictions were developed based on the changes that Global Research and Analysis Team witnessed over the 2019 to support cybersecurity community with some guidelines and insights. The latter, along with a series of industry and technology threat predictions, will help to prepare for the challenges that lie in the coming 12 months.

The abuse of personal information: from deep fakes to DNA leaks 

After a number of personal data leaks that happened in the past years, the number of personal details available made it easier for attackers to perform targeted attacks, based on victims leaked info. The bar has been raised, and in 2020 the threat actors will dive deeper, hunting for more sensitive leaks, such as biometric data. 

The researchers pointed out a number of key technologies, which could lure victims of personal data abuse in the attackers’ traps, among them is publicly discussed video and audio Deep Fakes that can be automated and support profiling and creation of scams and social engineering schemes.

Advertisement. Scroll to continue reading.

Other targeted threat predictions for 2020 include:

  • False flag attacks reach a whole new level. This will develop further, with threat actors seeking not only to avoid attribution but also to actively lay the blame on someone else. Commodity malware, scripts, publicly available security tools or administrator software, mixed with a couple of false flags, where security researchers are hungry for any small clue, might be enough to divert authorship to someone else.
  • Ransomware shifts toward targeted threats. A potential twist might be that, instead of making files unrecoverable, threat actors will threaten to publish data that they have stolen from the victim company.
  • New banking regulations in EU open new attack vectors. As banks will be required to open their infrastructure and data to third parties who wish to provide services to bank customers, it is likely that attackers will seek to abuse these new mechanisms with new fraudulent schemes.
  • More infrastructure attacks and attacks against non-PC targets. Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems, VPNFilter and Slingshot, for example, targeted networking hardware.
  • Cyber attacks focus on trade routes between Asia and Europe. There are several ways this could play out. They include a growth in political espionage as governments seek to secure their interests at home and abroad. It is likely to extend also to technological espionage in situations of potential or real economic crisis and resulting instability.
  • New interception capabilities and data exfiltration methods. Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries.
  • Mobile APTs develop faster. There are no good reasons to think this will stop any time soon. However, due to the increased attention given to this subject by the security community, we believe the number of attacks being identified and analyzed in detail will also increase.
  • Personal information abuse grows, armed with AI. It is very similar to some of the techniques discussed for driving election advertisements through social media. This technology is already in use and it is just a matter of time before some attackers take advantage of it.

“The future holds so many possibilities that there are likely to be things that are not included in our predictions. The extent and complexity of the environments in which attacks play out offer so many possibilities. In addition, no single threat research team has complete visibility of the operations of APT threat actors. We will continue to try and anticipate the activities of APT groups and understand the methods they employ, while providing insights into their campaigns and the impact they have,” says Vicente Diaz, security researcher at Kaspersky.

The predictions have been developed thanks to Kaspersky threat intelligence services from around the world.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The exploit, discovered by Kaspersky’s Global Research and Analysis Team (GReAT), required no user interaction beyond clicking a malicious link and demonstrated exceptional technical...

HEADLINES

This recognition underscores Kaspersky's commitment to providing robust security solutions tailored for industrial environments.

HEADLINES

At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often...

HEADLINES

With the launch of KATA 7.0, organizations can now benefit from enhanced Network Detection and Response (NDR) capabilities with deeper network visibility, internal threats...

HEADLINES

In 2024, Globe blocked 3,096 child pornography domains or those containing child sexual abuse and exploitation materials (CSAEM), a slight increase from 3,047 domains restricted...

HEADLINES

During a recent webinar on Building Resilience Against Online Scams, hosted by fiber broadband and technology provider Converge ICT Solutions Inc., its Chief Executive...

HEADLINES

In 2024, Kaspersky restructured its Partner Program into four key partner types, recognizing the diverse profiles within its network – from traditional resellers and...

White Papers

The study tested 2,000 UK and US consumers, exposing them to a series of real and deepfake content. The results are alarming: only 0.1%...

Advertisement