Avast Threat Experts anticipate the following security trends for 2020:
In how PC malware is delivered
Avast’s Head of the Threat Intelligence Systems, Jakub Kroustek, expects advancements to be made in terms of how malware is delivered to PCs, with more sophisticated methods of spreading threats being deployed.
These include distribution via malicious emails, from stealing incoming emails either to spy on victims or to add a malicious payload to the email which is then sent back in the conversation.
A resurgence of exploit kits, indicated by his observation of a strong comeback in kits and malware to be spread via supply chain attacks. Finally, we are likely to see cybercriminals exploit RDP (Remote Desktop Protocol) vulnerabilities to distribute threats, predicts Kroustek.
“Cybercriminals are constantly innovating and looking for new ways to circumvent today’s powerful personal and business security solutions,” says Kroustek.
“Not only is it harder for people to spot malicious emails or suspicious links and attachments, making attacks more likely to be successful, but the exploitation of RDP vulnerabilities to spread worm-like strains of threats could have significant impact,” he further adds.
Mobile scams and iOS vulnerabilities
On the mobile side, Avast’s Head of Mobile Threat Intelligence and Security, Nikoloas Chrysaidos predicts that more subscription scams and fake apps will make their way onto official app stores. More iOS vulnerabilities will be exposed by security researchers and bad actors alike.
“Getting malicious apps onto the Google Play Store and the Apple App Store is not an easy task, which is why cybercriminals are shifting towards subscription scams, and fake apps integrated with aggressive adware to make money,” explains Chrysiados.
“We are already seeing community projects, like checkra1n, providing high-quality semi-tethered iOS jailbreaks based on the checkm8 bootrom exploit. While this could enable researchers to discover more vulnerabilities, we hope they will be reported to Apple and not abused by the bad guys,” adds Chrysaidos.
Internet of Things (IoT) devices will become an even greater target for hackers
Security researcher Anna Shirokova predicts devices and even physical locations will become smart – or even smarter than they already are – to be used by vendors to collect more data about users in order to learn and predict their behavior.
“Smart devices and locations that collect data offer convenience, but they limit people’s control over their privacy. Additionally, companies collecting and storing a plethora of customer data make attractive targets for data hungry cybercriminals looking to sell data for financial gain on underground markets,” explains Shirokova.
Cybercriminals to continue adding obfuscation to their IoT malware, similar to how cybercriminals attempt to protect their Windows malware code from being analysed by researchers, expects Shirokova.
Security researcher Daniel Uhricek foresees the development of new exploits for smart devices. He predicts that malware authors will continue to build upon older, already established malware families, expanding them with newly released exploits to widen their IoT attack surface.
“Malware authors have also been making progress in preparing their attack infrastructure. We have seen IoT malware adopting DNS-over-HTTPS, Tor communication, proxies and different encryption methods, and we expect malware authors will adopt other security practices to make their botnets more robust,” says Uhricek.
Privacy will become the new frontier for security
Rajarshi Gupta, Avast’s Head of Artificial Intelligence, expects to see practical applications of AI algorithms, including differential privacy, to profit from big data insights as we do today, but without exposing all the private details.
Gupta points that there is recent work, like the Data Shapley, to attribute value to individual pieces of data provided by users.
“While we do not foresee a monetization of personal data in 2020, per se, we hope to start seeing initial products that at least allow individuals to take back control their own data, by deciding whether and which companies can harness their data, and what data they can use,” concludes Gupta.
(Image source – Hypnobay on Pixabay)