Spotlight on the 2019 threat landscape and cybersecurity outlook for 2020

Each year, BlackBerry Cylance publishes a Threat Report analyzing the current threat landscape and predictions for the coming year. The Threat Report for 2020 can be taken as a basis to not only look at the major threats that occurred in the past year but to analyze the evident security issues that exist and pose challenges to today’s inter-connected world.

Overall Threat Landscape in 2019

According to BlackBerry Cylance, 2019 observed an increase in Advanced Persistent Threats (APTs) and development of the vectors, tools, and techniques used to carry targeted attacks. Advancements in encryption mechanisms allowed criminals to successfully hide malicious activities and hence, target different enterprises and industries. Using methods, such as steganography, permitted criminals to safely hide their attack methods and avoid being detected. These methods are very sophisticated in nature, which could often bypass Managed Security Service Providers (MSSPs).

Major attack vectors

Three main vectors emerged in 2019, posing major threats to enterprises, which include phishing, ransomware, and cryptocurrency mining.

• Phishing techniques were carried out against employees through social engineering tactics. Attackers use targeted emails that usually contain a malicious file or link that allows them to steal or take control of the available data. Human error, in this case, helps attackers to successfully carry out such activities, as employees lack the necessary education.
• Ransomware is another major threat that affected enterprises in the past year. The attack uses sophisticated tools that decrypts the victim’s endpoint or network, making all the data and information unavailable until a specific amount is paid. Social engineering techniques are used as leverage when demanding ransom.
• Criminals took advantage of the rising trend in the use and interest of cryptocurrencies. They target individuals with malicious software, usually via email, that helps generate crypto coins, which are then stolen by the criminal. As crypto-mining requires large computer processing power, slow system performance can be an indication of a targeted infection.

Affected industries

While criminals are constantly developing their tools and techniques to attack enterprises, it is interesting to observe the industries they target and the underlying motives. According to BlackBerry Cylance, the top three industries that were largely affected by attacks were:

• Retail and Wholesale (with 23% of targeted attacks)
• Technology/Software (11%)
• Healthcare (9%)

These industries are highly data-driven, technology-oriented or human, and time-sensitive.

The retail and wholesale industry store user information, such as log-in credentials, addresses, and banking details. Attackers, therefore, target this industry to exploit sensitive data and manipulate businesses. Technology/software, on the other hand, stores valuable product information such as intellectual property. Stealing such information allows attackers to utilize the source codes and resell the software, destroying the whole value chain of the targeted company. Healthcare is a very critical and sensitive industry, as it not only stores profound personal information, but deals directly with human lives. Hijacking healthcare systems allows attackers to obtain huge financial benefits as such institutions are likely to pay the ransom immediately.

Other industries that were affected include:

• Service Providers (7%)
• Business Services, NEC (6%)
• Manufacturing (5%)
• Finance ”“ Banking / Investments (5%)
• Government ”“ Local / Education (5%))
• Education Services (4%)
• Technology Software (4%).

2020 outlook: Technology innovation and digitalization pitfalls

Mobile device security

As Blackberry Cylance notes, there has been a 280% surge in stolen credentials since 2016. Growth of wireless information and connected devices has evidently induced the number of such attacks. One major threat posed to businesses is the bring-your-own-device policies because employees access critical company information and data through their personal mobile phones or computers. Often, these devices are insecure, and therefore, if attackers gain access to your device, they gain access to sensitive company information.

Many enterprises adopted the multi-factor authentication (MFA) or two-factor authentication (2FA) technique, which provides an additional security layer to confirm identity and log into accounts. However, attackers discovered loopholes to exploit flaws, intercept codes, or redirect SMS communications, which consequently permits access to the device.

One way to avoid losing control to attackers, according to BlackBerry Cylance, is to implement continuous user authentication through AI to detect and analyze user behavior. BlackBerry Cylance announced to offer new, advanced identity access technology in the medium run that will offer stronger and total mobile protection.

Deep fake technology

Researchers at BlackBerry Cylance found the use of deep fakes increasing at an alarming rate during the first 7 months of 2019. The recently coined term refers to machine learning techniques that can alter and manipulate a real person’s image or speech. This has widely spread among the geopolitical landscape, as criminals can modify the speech of public figures to spread fake news or deformed perspectives. At the same time, it can highly affect the business world as the technology can be used as a social engineering tool to target employees through fake audio of CEOs or upper management that can affect the decision-making process and result in dire impact on the business operations.

Misconfigured cloud resources

Unsecured cloud databases pose a large threat to the enterprise, which leads to publicly exposing internal information. Researchers at BlackBerry Cylance found on average, at least three breaches attributed to unsecured databases every month, leading to a total of over 7 billion records exposed publicly. This is largely due to implementing security measures only after getting pressure for compliance and regulatory reasons.

Future mobility

The automotive industry is shifting towards a more mobile ecosystem with vehicles becoming more connected to communication networks. Clearly, this raises questions on security measures that manufacturers employ. According to BlackBerry Cylance, over 60% of original equipment manufacturers (OEM) rarely test their hardware and software for vulnerabilities. Additionally, the long-life cycle of vehicles means that many components do not receive continuous software or firmware component updates, leaving space full of vulnerabilities. Technological advancement, or IoT connection, stores personal information, geographic locations, and more, which raises security threats. Thus, securing vehicles becomes vital, not only to avoid possible data breaches or violations in privacy laws but also because it puts drivers’ lives out in the open.

Lessons learned

According to the BlackBerry Cylance Threat Report 2020, in the past year, we’ve witnessed a massive increase in the different modes of attacks as cybercriminals become more sophisticated. As a result, businesses find their security systems do not match the modern-day threat landscape.

• Human error constitutes a large part, as criminals can manipulate employees through social engineering techniques for financial benefit or reputational damage.
• Companies that store sensitive user information, are highly technology-driven, and migrate towards digital platforms suffer most from severe consequences.
• The bring-your-own-device policy raises security questions as businesses are threatened by attackers gaining control of their resources.
• Deep fake technology is emerging and can potentially turn into a large-scale threat, not only in the business world but also on a nation-wide scale.
• The rising trend of IoT makes all devices across the entire chain vulnerable to attacks.
• The future of mobility raises doubts due to the lack or absence of security across the entire process chain.

Digitization is inevitable in today’s world as well as the future environment. But how can businesses ensure the safety of their people, products, services, data, and resources?

• Training and educating employees on the relevant threat landscape is the first step towards a safer environment. Once employees have enough knowledge on how to avoid falling victim into criminal’s laps, tactics that exploit people’s psychology can be avoided.
• The next step is to analyze the threat environment and conduct a thorough analysis of where exactly the enterprise lacks security measures.
• Based on that, it is important to implement strong cybersecurity policies. Although, the traditional cybersecurity products are no longer enough to stop attackers. You need to carefully evaluate and select services that offer a wide range of cybersecurity mechanisms that will act as a business security alarm system. Cybersecurity providers that offer to Manage, Detect, and Respond to threats are one way to safeguard your employees and business.

About BlackBerry Cylance 2020 Threat Report

The BlackBerry® Cylance® 2020 Threat Report contains a broad range of topics vital to the interests of businesses, governments, and end-users. It delivers the combined security insights of BlackBerry, a trailblazer in the Internet of things (IoT) and mobile security, and Cylance, an early pioneer of AI-driven cybersecurity and endpoint security market disruptor. To download the report, follow this link.

About BlackBerry

BlackBerry Limited enables the Enterprise of Things by providing the technology that allows endpoints to trust one another, communicate securely, and maintain privacy. Based in Waterloo, Ontario, the company was founded in 1984 and operates globally. On February 21, 2019, BlackBerry acquired Cylance, a privately held artificial intelligence and cybersecurity company based in Irvine, California. For more information, visit Blackberry.com .

About Ackcent

Ackcent exclusively dedicates its capabilities and know-how to evaluate and manage security risks of critical digital assets and provide automated solutions to take care of these risks. Our security solutions combine our services with the highest technical performance products in the sector. Based in Barcelona, Spain, Ackcent was founded in 2014, serving customers locally and internationally. Ackcent is a strategic partner of Cylance, acquired by BlackBerry in February 2019. For more information, visit Ackcent.com.