Cybercrime and the Internet of Threats 2020

Posted on by James Moar

The ubiquitous presence of cybercrime in the digital space is an everyday challenge for the sector, in finance in particular. Cybercrime is now a fully established threat to corporations and consumers that increases year-over-year. This is largely due to the increasingly internet-connected manner in which we run our businesses and our lives.

Coupled with the challenges of cybercrime, financial services are also feeling the effects of various disruptions, from fintechs to PSD2 (Payment Services Directive 2) legislation. Open Banking initiatives and more stringent authentication requirements are encouraging adoption of new payment regimes in this climate of cybercrime, but legislation updates themselves are challenges.

It is in this atmosphere that financial sector players need to make informed decisions on where to focus budget for security matters. The Return on Investment for a security project is not an easy calculation; knowledge is crucial in making those decisions.

The bottom line is, the financial sector must apply best practice cybersecurity measures to obtain a competitive edge, such that the organization moves from disrupted to disrupter.

Ransomware Trailing off but Still a Problem

Ransomware is still part of the landscape, but general security awareness and patch awareness is helping to contain vulnerabilities. RDP (Remote Desktop Protocol) was the key factor in successful 2018 campaigns, with cybercriminals using vulnerabilities to infect networks. As ransomware trailed off, cryptomining increased. However, with the price of cryptocurrency dropping, the equilibrium is likely to move again. Ransomware-as-a-Service will continue to add fuel to the flames of this method because of its ease of use for cybercriminals across the globe. Until forces such as intelligent threat prevention mixed with excellent security awareness training campaigns take hold, we should expect ransomware to continue at a low level.

Cryptojacking Emerges, Then Recedes

As ransomware decreased, cryptojacking increased. However, this has leveled off, in line with cryptocurrency's decline in value throughout the year. Upward movement of cryptocurrencies may lead to a resurgence in cryptomining bots in the future, so this is one to watch.

Cryptojacking bots are lightweight, being easily deployed in a few lines of code into a browser and then inserted into an OS through an automated JavaScript execution. Cheap cryptojacking kits available on the darknet also make this an accessible method for cybercriminals.

Social Media Platforms Are a Malicious Actor Toolbox

Social media platforms provide both a rich source of information on individuals that can be harnessed for spearphishing attacks and a potential attack surface for malware distribution. This has been exacerbated by the use of fake accounts to ostensibly engage with large events, distribute fake ad links or bootleg copies of popular mobile apps. This is a key area of unaddressed vulnerability for businesses. The organization’s own social media accounts are exposed to these attacks and are typically outside any form of enterprise endpoint security provision. Employee access to personal social media accounts through work networks poses an additional risk.

New phishing vectors, such as Google Calendar, are also being used as novel ways to circumvent raised security awareness of email phishing. The Google Calendar phish threat is being used by spammers to send out calendar invites en masse. This mode of operation could also be used by phishers to include phishing links to malicious sites.

Phishing is a highly successful vector and will continue to evolve and morph with changes in social platforms.

The AI Element and Deepfakes

While AI offers a potential new horizon for cybercrime in general, its use in the case of social media malware is particularly poignant. The amount of stylistic information contained in social media accounts means a text analytics program can be used to mimic a user’s posting style. This allows malicious actors to solicit personal details from a user under the guise of a trusted contact, enabling spearphishing to a much greater extent than previously possible. Whereas before an email hijack, for example, could simply send out malicious links or similar, the use of textual AI on a user’s sent items beforehand can enhance the credibility of the malware-containing message.

Deepfakes have the potential to change the game, giving cybercriminals an unprecedented advantage. Deepfake technology uses AI-based tools to alter existing videos to create new ones. These new videos can be used to give out altered messages. In terms of misinformation alone, deepfakes can cause high levels of concern for customers.

Deepfakes, however, have more malicious reach than misinformation. They can also be used as a means of social engineering, tricking employees into certain behaviors. Business Email Compromise, for example, could be augmented with deepfakes to build relationships and trust with targets in a spearphishing exercise.

Find out more with our research report, The Future of Cybercrime & Security.

James Moar

Lead Analyst, Juniper Research

Hackers & Threats

ransomware cryptography social networking artificial intelligence & machine learning

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs