Biometric data leaks and targeted ransomware to dominate 2020 threat landscape
Expect attackers to go after devices previously overlooked
Cyber security company Kaspersky has released its predictions for the 2020 threat landscape, noting that cyber attacks are going to become more targeted and increasingly sensitive data leaks will proliferate.
The security firm believes that the trend towards more targeted attacks that have been observed for the past few years will continue and attackers will continue to build their banks of information with biometric data from new breaches.
As biometric technology becomes more prevalent in the technology used by individuals and businesses every day, there is an increased likelihood of the data these scanners collect being leaked.
"Not every adversary has a complete profile of potential victims to abuse, which makes the increasing amount of leaked data very valuable," said Kaspersky.
Ransomware attacks on UK businesses soar 195% The most popular ransomware strains targeting UK businesses Hacked for life: Why you should be terrified by biometric technology
The trend towards targeted attacks has been especially evident in ransomware which has strayed away from aimless targeting methods to a more methodical approach.
Targets have shifted to the wealthier organisations that have more to lose and are more likely to provide big payouts for quick release of their sensitive data, an act condemned by the industry but often works.
"Throughout the year, we recorded several cases where attackers used targeted ransomware, and we think that a likely future development will be more aggressive attempts to extort money," said Kaspersky. "A potential twist might be that, instead of making files unrecoverable, threat actors will threaten to publish data that they have stolen from the victim company."
Given the success of ransomware in recent years as a tried and tested business model, it’s unlikely that the rate of attacks will decline. Ransomware has been among the top attack vectors for some time but last year it's targeting of UK businesses soared by 195%.
Aside from ransomware, the security company recognised that the shift from data storage has gradually moved away from PCs and servers and more into mobile devices which is why it expects attacks to focus on these devices more in 2020.
Kaspersky cited the 14 vulnerabilities in Apple’s iOS exposed by Google this year as an example of how the focus is shifting to mobile.
Attackers will always go where the valuable data is and it’s ‘only a matter of time’ before more sophisticate mobile attacks are seen more in the wild.
"There are no good reasons to think this will stop any time soon," said Kaspersky. "However, due to the increased attention given to this subject by the security community, we believe the number of attacks being identified and analyzed in detail will also increase."
Attacks are also expected to proliferate on other non-PC targets such as VPN software, networking hardware and other infrastructure.
-
MSPs grow wary over supply chain security threatsNews CyberSmart’s 2026 MSP Survey found that more than two-in-five firms experienced a cyber incident linked to a supplier or third-party vendor over the past year
-
Dell Pro Max with GB10 reviewReviews This juggernaut of a machine can be a gateway to AI productivity, with plenty of power and playbooks to get you started – but it comes at a high cost
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
