Threat Intelligence

Top Cybersecurity Predictions for 2020

Pierluigi Paganini
December 30, 2019 by
Pierluigi Paganini

The 2020 Cybersecurity Landscape

Here we are again for the annual prediction of the events that I believe will impact the cybersecurity landscape in the next year. Let’s try to imagine what threats and bad actors will influence the cyber arena in the next 12 months.

Targeted ransomware attacks on the rise

In 2020, we will witness an increase of targeted ransomware attacks. Threat actors behind ransomware campaigns will switch tactics, leveraging access to organizations available for sale in the cybercrime underground.

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.

Targeted ransomware attacks require a more accurate intelligence-gathering activity on the victims, but they can allow criminals to earn much more money and inflict maximum disruption to the victims.

This new tactic will allow threat actors to tailor attacks to organizations and large enterprises in almost any industry.

The targeted ransomware technique will lead to increased ransomware demands. Hospitals, school districts and municipalities continue to be privileged targets of cybercriminal organizations likely because they have limited resources and poor cyber hygiene.

Most nation-state attacks remain unattributed

Geopolitical tensions will cause a significant increase of cyber espionage campaigns and disruptive cyberattacks. Once again, the lack of a global framework of norms of state behavior in cyberspace and the absence of sanctions for rogue nation-state actors will continue to encourage state-sponsored hacking.

APT groups linked to Russia and China will carry out numerous operations against countries worldwide, respectively aimed at Western and Asian states. The level of sophistication of campaigns carried out by nation-state actors will continue to increase, making it impossible to attribute to specific threat actors. In 2020, the number of attacks associated with Advanced Persistent Threat actors that haven’t been previously identified by the security researchers will increase.

IoT devices under attack

The exponential increase in the number of IoT devices, along with the 5G networks roll out, will dramatically increase the number of attacks against smart devices on a large scale.

We will see a rapid increase in the number of IoT botnets, even if most of them will be based on the best-known bot (i.e., the Mirai bot).

Although the device vendors are implementing new security features in their systems, a lot of them from many manufacturers still do not implement security-by-design, making these systems easy to hack.

I expect that specific segments of IoT may become more secure over time, but the main problem with these families of devices could be that the speed to market takes precedence over security. This is a dangerous process, resulting in a growing number of vulnerabilities in the devices that could be exploited by attackers.

AI-based attacks, a nightmare for security experts

The adoption of AI dramatically improves the early detection of the threats and their mitigation. AI accelerates the identification of threats, especially new ones, and helps organizations to rapidly respond to them to block ongoing attacks. According to Capgemini, 63% of organizations are planning to deploy AI-based solutions in 2020, most of them to improve network security. 

However, threat actors like nation-state hackers will take advantage of the same intelligence to gather information on their adversary and adapt the hacking techniques to the real-time response of the organizations under attack.

AI-powered defense systems are currently used to automate manual tasks and enhance human activities, but their involvement in offensive operations will characterize the next years.

Particularly dangerous will be the adoption of AI-based systems in misinformation campaigns carried out by nation-state hackers, and in the generation of deep fakes. 

Compromised credentials and data breaches will continue to be a problem for organizations

According to the Data Breach Report published by the Identity Theft Resource Center, more than 1,200 data breaches were disclosed in 2019. As a result, hundreds of millions of records flooded the cybercrime underground. The availability of such data will be the root cause for most of the data breaches reported in 2020. In the next 12 months, we will see the rise of credential-stuffing attacks.

Credential stuffing is a type of attack where stolen account credentials (i.e., lists of usernames or email addresses and the corresponding passwords) obtained from past data breaches are used to access user accounts through large-scale automated login requests. The attackers automate the logins for thousands or millions of previously discovered login credentials using web automation tools available online.

With the availability of such a huge amount of data, credential stuffing will become a popular money-making method for cybercriminals.

ICS/SCADA systems are still too vulnerable

In 2020, the number of cyberattacks against ICS/SCADA in critical infrastructures will continue to grow. In most cases, these systems were not designed to be exposed online or remotely controlled. For this reason, it will be quite easy for attackers to exploit vulnerabilities affecting them.

Most of the attacks launched by threat actors against ICS/SCADA systems will be opportunistic in nature, however, state-sponsored hackers could launch targeted attacks against critical infrastructure of foreign states.

Energy, healthcare and facilities industries will be the most-targeted sectors in the next year.

The good news is that vendors of ICS solutions will release new products that implement efficient security controls. However, organizations will take years to replace legacy technologies they use.

Supply chain attacks will grow slightly in frequency

Software and hardware supply chain attacks will characterize the threat landscape in the next 12 months. Attackers will attempt to compromise the supply chain of legitimate software packages by implanting malware. The attacks will aim at both software vendors during the development phase and third-party suppliers. Attackers seek to replace legitimate software and related updates with tainted versions to distribute malware through the legitimate software’s distribution channel.

The software supply chain attacks will increase in volume and level of sophistication, and we can’t underestimate the risk of more insidious hardware supply chain attacks. 

In the last months, threat actors developed malicious rootkits to compromise UEFI/BIOS. The likelihood that malware like this could compromise the supply chain of software shipped out to millions of computers is high. Such attacks are very difficult to detect and implanted malware would be very difficult to remove, even after computers are reformatted.

Supply chain attacks will be a privileged attack option for nation-state actors that explore new and more sophisticated methods to infiltrate target organizations.

Cybercrime-as-a-service — stronger than ever

The crime-as-a-service (CaaS) model will continue to fuel the growth of the cybercrime ecosystem. The model facilitates the emergence of new criminal organizations and speeds up the operations of existing ones.

CaaS allows attackers to rapidly access malicious services and products, including malware, exploits, DDoS-for-hire services, RDP accesses and botnets.

The crime-as-a-service is also interesting for nation-state actors, who could leverage services available with this model to rapidly arrange hacking operations, making their attribution complex.

Among the numerous services offered in the cybercrime underground, ransomware-as-a-service platforms, DDoS-for-hire platforms and spamming services will monopolize the threat landscape in the coming months.


Reinventing Cybersecurity with Artificial Intelligence, Capgemini Research Institute

Hands-on threat intel training

Hands-on threat intel training

Learn how to collect, analyze and act on cyber threat intelligence with expert instruction and hands-on exercises in Infosec Skills.

Data Breach Reports, ITRC

Pierluigi Paganini
Pierluigi Paganini

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.