G DATA IT Security Trends 2020: Early detection and repulsion of dangerous attacks

Security awareness is still the most underestimated security solution - it can bring the entire security-related defence landscape to the highest level. We should never forget that. Unfortunately, IT security still seems to be a human problem.

These include attacks on old routers, for example, which simply allow them to access the entire network. Companies need to act quickly and replace outdated hardware. Especially in these days of networked platforms, the danger of attacks in the supply chain increases when criminals attack the weakest link.

Apple, too, will be targeted more strongly by cyber criminals in the coming year. The iOS vulnerabilities found this year give cause for concern. In addition, only Apple can eliminate these problems. I see an operational risk here.

Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. I assume that cyber criminals will continue to professionalise the division of labour in the value chain. This means that, while one group specialises in penetrating corporate networks, the next group focuses on exfiltrating or encrypting data from the network. Some earn money by selling access data, others from ransom demands. Even criminals are careful to work efficiently and profitably. In addition, attack methods such as spear phishing or social engineering are gaining in importance.

Another trend is that small and medium-sized businesses are increasingly becoming the focus of cyber criminals - it is often easy for criminals to penetrate their networks because the IT security often has gaps. They are often not even the primary target, but the weakest link in the supply chain, enabling infiltration of a large corporation. Some industries, such as the automotive sector, have already responded. They are increasing the pressure on their suppliers to act by adapting their compliance requirements and threatening them with severe contractual penalties in the event of violations. Here, all sectors are called upon to implement their own standards. I see huge pent-up demand in the healthcare sector, for example, especially in outpatient healthcare. There is a lack of basic standards in the area of practical IT. When digitising this area, considerably more money must be invested in IT security.

In addition, the volume of IoT malware will increase as well. Smart home elements (heating, TV, refrigerator) can be externally controlled via malware, and so can medical devices (pacemakers). Perhaps the smart TV will soon display a ransomware message when the smart home is infected. Cyber criminals are increasingly using devices that record audio or video (baby monitors, Siri, etc.) to collect material that they can use to blackmail people. This will give a boost to IoT products that rely on security.

Activists could also use malware to infect smart homes and broadcast their own agenda via the television. Individuals and politicians alike could be threatened with IoT malware designed to achieve political goals. This wave of attacks on IoT is creating a new movement of people that will stay as far away from technology as possible.

In the coming years, cyber criminals will continue to use increasingly sophisticated methods to compromise systems. On the one hand, they are using increasingly complex attack patterns to do so and, on the other, they are relying more and more heavily on automated processes.

With BEAST, G DATA incorporated such a technology into its solutions back in the autumn. Unlike conventional behaviour analysis, the G DATA technology records all system behaviour in a graph, thus providing protection based on a holistic view.

Another trend is dynamite phishing. This variant is a further development of the well-known spear phishing that uses automation. Here, victims receive highly tailored emails that are difficult to recognise as malicious. With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user.

The digital transformation is now gaining momentum in more and more companies. However, many employees feel overwhelmed by digitalisation, because there is simply a lack of digital expertise.

Another issue is that the coming year will see further legal regulations in the area of cyber security and data protection. The implementation of the GDPR and the IT Security Act have already ensured that the behaviour of companies has changed significantly. The drastic fines are having an effect. However, the GDPR is not the end of the story. The ePrivacy Regulation, the forthcoming reform of the IT Security Act and the European CyberSecurity Act will introduce further requirements, with the aim of improving digital security.

In the coming months there will be interesting new developments in all sorts of areas. This will start with the race for data protection on websites. More and more browsers are blocking the storage of cookies by default, enabling advertisers to display increasingly targeted advertising to individual users. Queries from websites that the user wants to “allow notifications from this site” are also increasingly perceived as annoying. The advertising industry has recognised that it will no longer be possible to place their advertising exclusively via cookies in the long term. However, alternatives are already being actively sought, from browser profiling to the exploitation of files in the browser cache, which are not cookies by legal definition, but which allow data to be stored.

Providers of IT services are increasingly becoming the focus of attackers. In recent months, there have repeatedly been cases in which maintenance access has been used for attacks on corporate networks. Service providers often use such access to support their customers remotely. Since every IT service provider is dependent on having extensive permissions within a network, it doesn’t take much to recognise that one of the greatest risks for a corporate network is poorly secured maintenance access.

More and more people are using smartphones and tablets as a digital cockpit for their everyday lives, for example to control their smart homes while they are out.

Rather, the issue of security is becoming more crucial for smartphones and tablets, because smartphones are taking on more and more security-critical tasks. One example is the Payment Services Directive (PSD2). This ensures that more and more people use two-factor authentication for online banking with their mobile devices. So anyone who uses a smartphone with an outdated operating system or a missing security patch is wilfully opening the door to criminals.

The heterogeneity of the Android versions will continue to be a problem in the coming year. Unfortunately, this will not really change, because a current court ruling allows electronics stores to continue selling outdated, insecure Android smartphones in the future without informing customers of the risks. So the responsibility remains with the consumer.

But there is light at the end of the tunnel. Manufacturers and IT security service providers are working together to improve protection. G DATA is also engaged in the fight against dangerous apps.