By Sherri Davidoff   /   Jan 8th, 2020

Top Cybersecurity Threats for 2020

A new year brings new threats! Discover the top cybersecurity threats companies will face in 2020, based on the latest cases and trends observed by LMG Security’s team of experts. This year, watch out for:

  1. Cloud hacking
  2. Ransomware combined with exposure
  3. Sophisticated supply-chain exploitation

Here are the latest techniques hackers are employing for each of these top cybersecurity threats in 2020, along with tips for protecting your organization:

1) Cloud Hacking

Hackers are targeting the cloud and hybrid environments, leveraging increasingly sophisticated techniques. New cloud hacking toolkits have emerged which enable criminals to easily exploit common vulnerabilities. Common cloud hacking techniques include:

  • Shared Architecture Flaws – Attackers take advantage of common cloud configuration flaws, such as the AWS metadata instance leveraged in the CapitalOne data breach. 
  • Cross-Tenant Attacks – Attackers comprise a virtual server and move laterally to access other resources, leveraging trusted access within the tenant.
  • File Synchronization Poisoning – Attackers take advantage of file replication between the cloud and endpoints, using it to spread ransomware or malware throughout multiple cloud applications and hybrid environments.
  • Credential Stuffing – Criminals leverage massive databases of stolen usernames and passwords, and use them to attempt to login to other services. Credential stuffing rose to prominence in 2019, and experts anticipate that it will remain a top hacking technique in 2020.
  • Cloud Orchestration Attacks – Organizations build workflows to automate and scale cloud-based services. By targeting a weak point in the workflow, attackers can establish a foothold and spread throughout the architecture.

To make matters worse, many organizations are cloud-blind, with limited visibility into their cloud infrastructure. While defenders have become adept at logging and monitoring onsite operations, many are starting from scratch in the cloud. Meanwhile, providers themselves have inconsistent support for logging and monitoring. The result is that most organizations do not have the ability to detect even simple cloud attacks early on, which can lead to serious data breaches. Furthermore, while both customers and cloud providers must share responsibility for preventing data breaches, confusion over who is responsible for the different aspects of security is still common, making cloud hacking a top cybersecurity threat.

2) A Dangerous New Twist on Ransomware

To pay or not to pay? That is the question— and it just got a lot harder to answer with the emergence of ransomware’s latest trend: exposure threats.

In a classic ransomware case, criminals lock up an organization’s data using strong encryption, and will only release the key if the victim pays up. If you have good backups, you may be able to recover your data without paying. Many organizations also choose not to pay for ethical reasons, refusing to fund criminal operations.

Criminals have seized upon a new tactic: threatening to release the victim’s data to the world unless they receive their money (“exposure extortion”). This gives criminals a second opportunity to get their payout, leveraging the victim’s fear of a data breach, and all the reputational damage/financial repercussions that go with it.

 

Figure 1: Screenshot of the Maze gang’s web site. Image captured in LMG Security’s malware lab. Copyright 2020, All rights reserved.

In December 2019, the Maze ransomware gang created a web site where they released data stolen from victims that did not “pay up.” Among these victims was the City of Pensacola, which did not pay the $1 million ransom. In response, the Maze gang released 2 GB of the city’s data (10%), stating “We’ve shown that our intentions are real.”

The professional Sodinokibi ransomware gang similarly shifted tactics in December 2019. After hacking a large data center, CyrusOne, the criminals posted the following statement in a forum:

“In case of refusal of payment – the data will either be sold to competitors or laid out in open sources. GDPR. Do not want to pay us – pay x10 times more to the government. No problems.”

While the concept of exposure extortion is not new, combining it with ransomware is a brand-new twist with potentially far-reaching consequences.  Ransomware has become a turnkey operation, with criminals peddling automated commercial toolkits that support scalable, large-scale deployment. The marriage of exposure threats with modern ransomware toolkits raises the specter that data exposure cases could become turnkey as well, leading to data breaches on a massive scale, making this one of the top cybersecurity threats for 2020. For more advice on reducing ransomware risks, read our recent ransomware blog.

3) Supply Chain Exploitation

Underlying the epidemic of cybercrime are supply-chain risks: hackers are getting better and better at piggybacking from suppliers and customers (or vice versa), whether through technical exploits or social engineering.

During 2019, we saw an epidemic of wire transfer fraud due to business email compromise. For example, vendor emails got hacked, and were used to redirect payments from customers using phony invoices and social engineering tactics. These scams will only continue, as criminals build increasingly sophisticated social engineering operations, making supply chain exploitation one of the top cybersecurity threats for 2020.

On the technical side, criminals take advantage of supplier cybersecurity flaws and leverage these to worm their way into customer environments. For example, managed service providers (MSPs) have been increasingly and purposefully targeted, because they manage the networks for dozens, if not hundreds of customers. In August 2019, 22 towns in Texas were hit with ransomware simultaneously when criminals hacked into their MSP and used their remote access tool to quickly spread malware to all of their customer networks.

Staying Safe in 2020

Given today’s top cybersecurity threats—cloud hacking, ransomware with exposure, and supply-chain threats—here’s what defenders should prioritize in 2020:

  • Cloud Configuration Reviews – Often, damaging data breaches stem from a simple cloud misconfiguration, which can easily be prevented with routine technical assessments. In the coming year, organizations should prioritize technical configuration reviews of cloud platforms, such as Office 365, AWS, Azure and others. Read our recent blog on cloud breaches for more details.
  • Strong Authentication – Account cybersecurity measures are a “must” in 2020: organizations need to finish rolling out strong two-factor authentication, in order to protect against widespread password theft. Strong two-factor authentication options include smartphone apps such as Google Authenticator, or hardware tokens like the Yubikey that support “one-touch,” password-less logins. Visit our 2FA blog for more advice.
  • Supply Chain Risk Assessments – Make sure your suppliers are integrated into your risk assessment process. The U.S. federal government recently added Supply Chain Risk Management section to the NIST Cybersecurity Framework, establishing an important standard where supplier security is evaluated as part of the organization’s routine processes. Our vendor risk management blog also offers additional ideas.

We want your 2020 to be free from data breaches. Please contact us if you need help with any of the cybersecurity strategies listed above, or any of our other proactive testing, training and compliance services, as well as data breach prevention and remediation.

About the Author

Sherri Davidoff

Sherri Davidoff is the CEO of LMG Security and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity. As a recognized expert in cybersecurity, she has been called a “security badass” by the New York Times. Sherri is a regular instructor at the renowned Black Hat trainings and a faculty member at the Pacific Coast Banking School. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), and has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien.” Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and received her degree in Computer Science and Electrical Engineering from MIT.

CONTACT US