By Pedro Tavares,  Founder of CSIRT.UBI & Editor-in-Chief seguranca-informatica.pt

We are facing a transition to a new decade. The maturity in the field of cybersecurity is growing, but a wave of new risks from the previous decade is carried over to this new cycle.

Cyber threats have been continually improved by its operators, and increasingly using sophisticated techniques deceiving victims and also avoiding protection systems, such as antivirus, anti-malware agents, and firewalls. I’m talking about malware as a cyber threat in 2020.

In this digital era, any professional designs and thinks about planning a product safely. However, if the company the professional works for experienced some challenges for aligning priorities over time with the market, the costs of a security incident can become catastrophic.

Some of the biggest threats in 2019 will transition to 2020 with a fully consolidated malicious infection process. We can take a close look at the last quarter of 2019, where multiple security breaches were announced.

A data breach is usually seen as the last step in a chain of malicious events that occur on specific targets within a given threat group scope.

To corroborate this statement, we can look at the latest statistics for the third quarter of 2019, which highlights a notable absence of one of the most worrying threats today, the Trojan banker Emotet. However, this also made an opportunity for other less popular media malware.

These threat agents exfiltrate sensitive data from the infected machines, jumping between machines, compromising organizations without leaving clues.

Through these pieces of malware, operators gain access to corporate infrastructures via deployed backdoors. Since access is carried out with valid and legitimate access credentials (previously exfiltrated), these accesses are marked as trustworthy because they are performed based on trusted connections and devices – those devices that the protection and monitoring systems trust.

After long weeks of compromise, undetectable in corporate networks of organizations, eliminating and corrupting backup systems, and others available there, in order to prevent successful data recovery, the ransomware is then implanted to close the infection chain.

At this stage, operators are using ransomware if the target system offers information indicating that the organization can pay the ransom. During 2019 Ryuk was one of the many choices of operators. It was designed to change the ransom amount depending on how much it thinks the victim can pay.

Threat agents and products with evolved threat detection technology are playing this cat and mouse war. The polymorphic and modular capacity presented by current malware makes the detection process difficult, and in this case, it is also a user task – to know how to face these challenges. So, this is not just a technology problem.

This is a crucial issue for 2020, as a threat of this nature could destroy a business with more than 20 years in the market.

Focusing on a doctrine of intensive training of company employees, including certifications within this context, workshops, and even corporate awareness can be a measure, in the short term, to keep professionals on the alert of the danger of these threats.

The same applies to cyber users in general. The benefits of cyber-education should be one of the major focuses and goals for 2020. Just think that the biggest vehicle for the proliferation of malware worldwide is still a simple email, where the responsibility is always on the side of the recipient and never on the side who sends the message.

About the Author

Pedro Tavares is a cybersecurity professional and a founding member and Pentester of CSIRT.UBI and Editor-in-Chief of seguranca-informatica.pt.

In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, malware, ethical hacking (OSCP-certified), cybersecurity, IoT, and security in computer networks.  He is also a Freelance Writer.

Segurança Informática blog: www.seguranca-informatica.pt
LinkedIn: https://www.linkedin.com/in/sirpedrotavares
Twitter: https://twitter.com/sirpedrotavares
Contact me
: ptavares@seguranca-informatica.pt