Positive Technologies explores trends and forecasts in cybersecurity

Homeland January 24, 2020

A new report from positive technologies explores trends and forecasts in cybersecurity in 2019-2020.

The Positive Technologies report, ‘Cybersecurity Trends and Forecasts 2019-2020’, explores common methods of attack used by cybercriminals and what businesses can do to ensure they are protected against them. The report identifies the most common forms of attack in 2019 and the most vulnerable sectors. It examines how companies have adapted to protect themselves against threats and what they may need to do in order to remain vigilant against attacks when they adopt new methods.

Key trends in 2019 included an increase in targeted attacks over mass ones, which rose to 65% in the third quarter and look set to continue along with this trend. Criminals exploited weaknesses in cryptocurrency software and were able to use bitcoin to make payments. APT groups across different sectors saw a rise in attacks, Positive Technologies identify data showing a higher number of unique incidents and attacks on individual users. The report identifies the possibility for high-profile attacks during the US presidential elections and says there is a possibility of weaknesses in e-voting systems being exploited, and continued targeting of personal data and use of phishing and scam phone calls to steal information.

The industrial sector saw several attacks on large companies in 2019 including aluminium manufacturer Norsk Hydro. The ransomware LockerGoga has been detected in attacks on three companies in the US with a different ransomware strain targeting aviation manufacturer ASCO later in the year. In 2019, 83% of attacks on industrial groups involved phishing and 89% included malware. For the next year, Positive Technologies predicts an increase in cyberespionage and a larger number of companies using effective systems to fight against the threat posed by sophisticated attackers and small scale criminals.

The report looks at faults in 2G and 3G networks. More advanced networks have fewer vulnerabilities, but the biggest risk is not to individual network users but large telecom systems. IoT (Internet of Things) devices make up a large part of telecom networks and present the biggest security challenge, requiring strong security systems to maintain the integrity of their networks. Positive Technologies forecasts new challenges with the introduction of 5G networks, which will first have to rely on the security features of old networks, as well as a growth in 4G users.

Many attacks target the financial sector, with positive technologies reporting 61 attacks in the first three quarters of 2019 (a decrease from 69 in the previous year). Criminals continually update their technology to keep up with banks, meaning staying up to date with security and criminal tactics is essential. ATMs and wireless transactions present opportunities for hackers, as well as online banking and payment. The report predicts that attackers will continue to update their methods and banks should aim for fast updates and stay informed about cyberattacks.

Hardware remains a potential security issue, especially as manufacturers can overlook flaws to achieve faster performance or facilitate software development. Reverse engineering has been used to patch security issues with hardware and finding vulnerabilities has become a more frequent practice among security specialists. Vulnerabilities are mostly found in ARM and AMD processors which attackers can use to access data on the Cloud. Positive Technologies recommends taking these issues seriously and says that while manufacturers are addressing the problem, there are still very present risks.

Smartphones present opportunities for hackers, with many features used to keep phones secure able to be bypassed by experienced attackers. Apps can be poorly protected and hackers can exploit flaws in their programming to access user information. User-installed applications represent the biggest threats, especially with accessible apps. Whatsapp vulnerabilities were a problem last year and Google took steps toward improving the security of Android apps available on the play store.

Operating systems have undergone a number of improvements in recent years, with two different approaches being put to use. With the first, operators develop OS kernel self-protection mechanisms which allow the system to solve problems itself. The second used continuous automated dynamic and static analysis. Automated testing tools can have downsides, however, as the technology can be used to identify vulnerabilities by malicious parties.

If you would like to join our community and read more articles like this then please click here.

5G Computers cybersecurity malware ransomware software testing