Watch out for rise of deepfakes and ransomware in 2020

The threat landscape is set to get all the more complicated in the coming year with the growth of ransomware and rise of deepfakes, which will be used to drive large-scale enterprise frauds, while advanced persistent threat (APT) attacks will be deployed against critical enterprise infrastructure to steal sensitive data, say experts. Currently, most ransomware authors target individual users and devices. This is expected to change in the future, with a projected increase in the number of complex ransomware attacks directed at Cloud infrastructures, said security researchers at Seqrite, the enterprise security solutions brand of Quick Heal Technologies Ltd.
“Ransomware will continue to be a major player in the threat landscape as long as victims remain easily identifiable. The low-hanging fruit of exposed services, unpatched systems and compromised credentials will provide an ample bounty to both skilled and unskilled attackers,” said Mark Loman, Director of Engineering for Next-generation Tech, at cybersecurity firm Sophos. Cybercriminals are also expected to figure out a way of moving beyond denial-of-service (DoS) attacks to target BlueKeep-like wormable exploits in 2020, according to Seqrite.
This will allow them to exploit these vulnerabilities to their full potential and launch more severe ransomware attacks with significant lateral movement across the network.
‘Deepfake’ techniques present realistic Artificial Intelligence-generated videos or audios of real people doing and saying fictional things. Deepfake can be used to create fake news and even carry out cyber frauds.
It is anticipated that deepfakes will be deployed to impersonate high-level targets at enterprises in order to scam employees to transfer money into fraudulent accounts, according to cybersecurity solutions provider Forcepoint.
“In 2020, we foresee the threat landscape become more challenging, as a large number of cybercriminals deploy AI to scale up their attacks. State-sponsored threat actors will increase their use and sophistication of AI algorithms, to scrutinise defence mechanisms and customise attacks targeted to vulnerable areas in the enterprise network,” said Sanjay Katkar, CTO & Joint Managing Director, Quick Heal Technologies.
“We also expect attacks like deepfakes, APTs, ransomware, web skimming to take centre stage in 2020,” Katkar added.
The Seqrite security researchers also underlined that the recent advanced persistent threat attack on Kudankulam nuclear power plant has emphasised on the significance of security of critical infrastructure.
They warned that India may witness a rise in such attacks on critical public infrastructure like transportation networks, power plants, telecommunication systems, etc.
Such attacks can function in hiding for days, even months, stealing very large chunks of data before getting detected.
With 5G-driven seamless interconnectivity becoming a tangible reality in future, Seqrite expects the threat exposure to increase substantially.
Cybercriminals will look to capitalise on the new potential entry points that will open up within enterprise networks as everything from Internet cars to smart refrigerators connect with them.