NeuShield predicts that 2020 will bring growing threats to Internet of Things (IoT) devices, increasingly organized cybercriminals, the exploitation of 5G vulnerabilities, more sophisticated ransomware attacks, and new cyberattacks on self-driving cars.
On the dark web, criminal activities are difficult to track so cybercriminals operate with impunity. Until now, the dark web has primarily attracted independent contractors seeking hacking jobs. But in 2020, encouraged by the global success of 2019 ransomware attacks, larger global groups will form to launch cyberattacks on government agencies and corporations.
“Many victims are paying their ransom and therefore encouraging these forms of attacks to continue and even increase,” said Elisha Riedlinger, COO of NeuShield. “Criminal organizations will deploy more assets to gain greater payback and cause larger impact.”
Fueled by vulnerabilities in remote desktop protocol and email phishing attacks, ransomware attacks have been increasing. Emboldened by their flush cryptocurrency accounts from these attacks, cybercriminals will develop new strategies for prying money out of people’s hands.
In 2020, these attacks will grow increasingly sophisticated, involving artificial intelligence, computer learning and other advanced technologies to bypass security measures. Also, more advanced social engineering tactics will be used to fool people into giving away their passwords or other critical data, making it harder to prevent ransomware infections.
As self-driving cars and autonomous vehicles become more prevalent, new types of cyberattacks will target cars, trucks and possibly even trains and airplanes. Research has shown that it’s possible to hack cars and discover vulnerabilities that could cause a crash, such as by turning the engine off at high speed.
Other scenarios could involve attackers asking car manufacturers for ransoms when vulnerabilities are found. This would create a new method for ransomware attacks. It could also damage the brand image of certain car models, once attackers have identified their weaknesses and made them public. The same tactics could be applied to trains and airplanes, with even more horrible consequences.
There will be a “significant surge” of cyberattacks against IoT devices in 2020, according to Riedlinger. Considering that by 2022, the world is expected to have more than 20 billion connected devices, this could mean catastrophic security incidents that wreak havoc with society.
As cybercriminals continue to develop increasingly sophisticated methods of attack, in 2020, NeuShield anticipates a significant surge in attacks against IoT devices, be it smart-home devices, smart-city devices, or enterprise IoT devices. IoT threats were rarely encountered before 2014, but the last years have seen a steady growth of IoT-related attacks. By now, there is consensus that the risk associated with IoT devices and apps could create catastrophic security incidents and wreak havoc on society.
Prominent examples of what happens when IoT devices are exploited range from unlocking home door, garage door, disabling the alarm, shutting down home thermostats, home camera, or turning on lights and oven. Criminals could find out when not at home or in the office.
Cyberattacks on enterprise IoT devices are no less scary, with possibilities of hacking the smart water system of a hotel, hacking companies’ security cameras and video surveillance system, desk IP phone, or the padlocks on warehouse equipment, for example. There is also a risk that attackers can use IoT devices to send compromised data out to millions of people. The consequences could be tragic.
It is estimated that there will be more than 20 billion connected devices in the world by 2022. As the number of IoT devices increases, so does the number of cyberattacks directed at them. Although the device suppliers are paying more attention now to security than in the past, a lot of devices from many different manufacturers still do not offer consumers or enterprises much in the way of security or privacy.
For years manufacturers have been releasing products without giving much thought to security, so there are many IoT devices vulnerable to simple attacks. It is critical that IoT device manufacturers, enterprises, service providers and policymakers come together in creating a safer IoT ecosystem and push for strict IoT security standards. In addition, end users should be aware of potentially disastrous consequences and prepare for them
Cyberattacks on enterprise IoT devices could include cybercriminals hacking the smart water system of a hotel, hacking companies’ security cameras and video surveillance system, or sending compromised data out to millions of people.
The ease of access of 5G will likely lead to more and increasingly varied IoT devices, including internet-enabled medical and cybernetic devices implanted into humans or other animals to track them, monitor vital functions or even perform specific bodily functions. 5G will give IoT and mobile devices additional bandwidth.
Vulnerabilities found in 5G could lead to attacks on IoT devices, everything from snooping on IoT traffic to remote reprogramming of IoT devices. And as many IoT devices don’t keep logs of inbound and outbound traffic, the attackers will be able to remain anonymous. IoT devices with cameras may also be exploited by governments and corporations that want to spy on citizens and employees.
Governments have numerous tools to spy on and monitor criminals. However, the new wave of cyber criminals that is sophisticated, experienced and skilled have surfaced. They use the dark web and decentralized servers to hide their activities. As soon as one server is shut down a new one pops up to replace it. By 2025, it is likely that governments will adopt a multi-pronged approach to combat the high-tech nature of cybercrime.
First, they will go after the source of their incomes, which is cryptocurrency. Cryptocurrencies have been an enabler for cyber criminals as they are easy to trade and almost impossible to trace. However, by regulating cryptocurrencies on the traditional exchange market, governments can attempt to deanonymize the entities behind the funds and ensure that no illicit activities happen. Second, governments will enact laws to regulate websites and social-platform owners.
Currently, website owners are not liable for certain illegal content, such as ads for dark web marketplaces. They are only obligated to provide reasonable effort to take it down when notified. By forcing the owners to be liable for the content, the government will force owners to devote more resources to moderate their user content.
Technological advances in self-driving cars and autonomous vehicles are set to bring continued benefits to consumers and businesses alike. However, this is not without cost or risk. In the next few years, once autonomous vehicles become more prevalent, we expect to see new types of cyberattacks targeting cars, trucks, possibly trains or even airplanes. Today, cars crash routinely from operators’ error or equipment failure. But, with connected cars and autonomous functionalities, the risks for such incidents could increase drastically.
Research has shown that it is possible to “hack” cars and that the vulnerabilities discovered could be used to cause a crash. Examples are that a hacker could take over the braking or accelerator systems or could turn the engine off while driving at high speed. Autonomous vehicles that automate functions like collision avoidance and lane-keeping are supposed to make cars safer. But since these vehicles are most of the time connected to the Internet, it increases vulnerability, and this can translate into major catastrophes.
“For years, manufacturers have been releasing products without giving much thought to security, so there are many IoT devices vulnerable to simple attacks,” Riedlinger said. “It is critical that IoT device manufacturers, enterprises, service providers and policymakers come together in creating a safer IoT ecosystem and push for strict IoT security standards. In addition, end users should be aware of potentially disastrous consequences and prepare for them.”
