G DATA IT Security Trends 2020: Early detection and repulsion of dangerous attacks


Medium-sized companies are being targeted even more heavily by cyber criminals than before. They are often the weakest link in supply chains that include large corporations. In 2020, attackers will exploit this to an even greater extent than before and strike in a targeted manner - using new methods such as Living Off The Land attacks. And the number of harmful apps for smartphones and tablets reached a new record in 2019 - with the trend set to rise in 2020. Experts from G DATA CyberDefense reveal the IT dangers that will threaten companies and private individuals in 2020. We asked them which challenges, developments and dangers in IT security will shape the coming year, and how companies and private individuals can best meet them and protect themselves against them.

Eddy Willems, Global Security Officer & G DATA Security Evangelist

We already have very good defence mechanisms in place to protect ourselves from existing threats, but unfortunately many companies and people forget that numerous attacks can be fended off using sheer common sense.

Security awareness is still the most underestimated security solution - it can bring the entire security-related defence landscape to the highest level. We should never forget that. Unfortunately, IT security still seems to be a human problem.

I see further threats in 2020. Cyber criminals are automating attacks through machine learning algorithms. At the same time, they are continuing to look for vulnerabilities to infiltrate businesses.

These include attacks on old routers, for example, which simply allow them to access the entire network. Companies need to act quickly and replace outdated hardware. Especially in these days of networked platforms, the danger of attacks in the supply chain increases when criminals attack the weakest link.

Apple, too, will be targeted more strongly by cyber criminals in the coming year. The iOS vulnerabilities found this year give cause for concern. In addition, only Apple can eliminate these problems. I see an operational risk here.

SMEs in the crosshairs

Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. I assume that cyber criminals will continue to professionalise the division of labour in the value chain. This means that, while one group specialises in penetrating corporate networks, the next group focuses on exfiltrating or encrypting data from the network. Some earn money by selling access data, others from ransom demands. Even criminals are careful to work efficiently and profitably. In addition, attack methods such as spear phishing or social engineering are gaining in importance.

Another trend is that small and medium-sized businesses are increasingly becoming the focus of cyber criminals - it is often easy for criminals to penetrate their networks because the IT security often has gaps. They are often not even the primary target, but the weakest link in the supply chain, enabling infiltration of a large corporation. Some industries, such as the automotive sector, have already responded. They are increasing the pressure on their suppliers to act by adapting their compliance requirements and threatening them with severe contractual penalties in the event of violations. Here, all sectors are called upon to implement their own standards. I see huge pent-up demand in the healthcare sector, for example, especially in outpatient healthcare. There is a lack of basic standards in the area of practical IT. When digitising this area, considerably more money must be invested in IT security.


Karsten Hahn, Virus Analyst

I expect politically motivated activists to use more malware in the future. They could use malware such as ransomware to promote their own political ends. Of course, that would be criminal, but it's not unthinkable.

In addition, the volume of IoT malware will increase as well. Smart home elements (heating, TV, refrigerator) can be externally controlled via malware, and so can medical devices (pacemakers). Perhaps the smart TV will soon display a ransomware message when the smart home is infected. Cyber criminals are increasingly using devices that record audio or video (baby monitors, Siri, etc.) to collect material that they can use to blackmail people. This will give a boost to IoT products that rely on security.

Activists could also use malware to infect smart homes and broadcast their own agenda via the television. Individuals and politicians alike could be threatened with IoT malware designed to achieve political goals. This wave of attacks on IoT is creating a new movement of people that will stay as far away from technology as possible.

Thomas Siebert, Head of Protection Technologies

In the coming years, cyber criminals will continue to use increasingly sophisticated methods to compromise systems. On the one hand, they are using increasingly complex attack patterns to do so and, on the other, they are relying more and more heavily on automated processes.

One trend is so-called Living Off The Land attacks. This is where, for example, attackers combine legitimate Microsoft tools with a malicious script so that they themselves execute an attack. They then read passwords and forward them to criminals or encrypt important data to extort a ransom. To even be able to detect such attack patterns requires behaviour monitoring that can reliably identify even complex process chains as being malicious.

With BEAST, G DATA incorporated such a technology into its solutions back in the autumn. Unlike conventional behaviour analysis, the G DATA technology records all system behaviour in a graph, thus providing protection based on a holistic view.

Another trend is dynamite phishing. This variant is a further development of the well-known spear phishing that uses automation. Here, victims receive highly tailored emails that are difficult to recognise as malicious. With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user.

Since the recipient has no knowledge of their correspondent’s infection, such emails are of course difficult to identify as malicious. We expect such emails to be even more tailor-designed by the attackers, for example through keyword analyses.

Ralf Benzmüller, Executive Speaker G DATA CyberDefense

The digital transformation is now gaining momentum in more and more companies. However, many employees feel overwhelmed by digitalisation, because there is simply a lack of digital expertise.

This also leads to a lack of IT security awareness among many employees in this new working environment. For this reason, companies will increasingly invest in training activities. But simple phishing simulation tools will bring no added value. On the contrary, some well-intentioned phishing tools can unsettle employees more than they help. There is a danger of training fatigue here.

Another issue is that the coming year will see further legal regulations in the area of cyber security and data protection. The implementation of the GDPR and the IT Security Act have already ensured that the behaviour of companies has changed significantly. The drastic fines are having an effect. However, the GDPR is not the end of the story. The ePrivacy Regulation, the forthcoming reform of the IT Security Act and the European CyberSecurity Act will introduce further requirements, with the aim of improving digital security.

Despite the current reservations, the initiatives will contribute to improving the required awareness of IT security in companies. However, the implementation still requires a lot of work, especially among medium-sized companies.

Tim Berghoff, Security Evangelist

In the coming months there will be interesting new developments in all sorts of areas. This will start with the race for data protection on websites. More and more browsers are blocking the storage of cookies by default, enabling advertisers to display increasingly targeted advertising to individual users. Queries from websites that the user wants to “allow notifications from this site” are also increasingly perceived as annoying. The advertising industry has recognised that it will no longer be possible to place their advertising exclusively via cookies in the long term. However, alternatives are already being actively sought, from browser profiling to the exploitation of files in the browser cache, which are not cookies by legal definition, but which allow data to be stored.

Users must therefore be on their guard when the time comes - because if cookies are being bypassed via a legal loophole, companies will continue to happily collect data about users’ surfing behaviour without having to inform them about it at all.

Providers of IT services are increasingly becoming the focus of attackers. In recent months, there have repeatedly been cases in which maintenance access has been used for attacks on corporate networks. Service providers often use such access to support their customers remotely. Since every IT service provider is dependent on having extensive permissions within a network, it doesn’t take much to recognise that one of the greatest risks for a corporate network is poorly secured maintenance access.

While there is a legitimate interest in having such access, it is no longer acceptable for both customers and service providers to leave this unsecured in the hope that it will be overlooked. In this case, service providers in particular are obliged to reinforce the trust placed in them and to take special internal protective measures.

Alexander Burris, Lead Mobile Researcher

More and more people are using smartphones and tablets as a digital cockpit for their everyday lives, for example to control their smart homes while they are out.

Mobile devices are therefore another attractive target for cyber criminals. This is also confirmed by our analyses. The number of malicious apps reached a record level in 2019. There is still no end in sight here.

Rather, the issue of security is becoming more crucial for smartphones and tablets, because smartphones are taking on more and more security-critical tasks. One example is the Payment Services Directive (PSD2). This ensures that more and more people use two-factor authentication for online banking with their mobile devices. So anyone who uses a smartphone with an outdated operating system or a missing security patch is wilfully opening the door to criminals.

The heterogeneity of the Android versions will continue to be a problem in the coming year. Unfortunately, this will not really change, because a current court ruling allows electronics stores to continue selling outdated, insecure Android smartphones in the future without informing customers of the risks. So the responsibility remains with the consumer.

But there is light at the end of the tunnel. Manufacturers and IT security service providers are working together to improve protection. G DATA is also engaged in the fight against dangerous apps.

As a member of the “Coalition against Stalkerware”, G DATA is committed to informing users better of potential risks and is working with victim protection organisations to tackle non-technical problems associated with stalkerware.

from Stefan Karpenstein
Public Relations Manager