By Emma Okonji
A report has highlighted the rapidly evolving cyber-threat landscape across the globe.
The Sophos 2020 Threat Report, showed how cyber-attackers were raising the stakes in ransomware, increasing stealth in malicious Android apps, exploiting misconfiguration in the cloud, and abusing machine learning.
The report which was released recently by SophosLabs researchers, explored changes in the threat landscape over the past 12 months, uncovering trends likely to impact cybersecurity in 2020.
The Senior Security Advisor at Sophos, John Shier, said: “The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report we look at how current trends might impact the world over the coming year.
“We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps and inside networks.
“The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare.”
The SophosLabs 2020 Threat Report, focused on six areas where researchers noted particular developments during the past year.
It listed some attacks expected to have significant impact on the cyber-threat landscape into 2020 and beyond to include: Automated active attacks; Unwanted apps; Misconfiguration and Machine Learning.
Ransomware attackers, according to the report, would continue to raise the stakes with automated active attacks that turn organisations’ trusted management tools against them, evade security controls and disable back-ups in order to cause maximum impact in the shortest possible time.
The Threat Report highlighted how these and other potentially unwanted apps like browser plug-ins, were becoming brokers for delivering and executing malware and fileless attacks.
It stated that the greatest vulnerability for cloud computing was misconfiguration by operators.
“As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a readymade target for cyber-attackers,” it added.
It also explained that Machine learning designed to defeat malware found itself under attack.
“2019 was the year when the potential of attacks against machine learning security systems were highlighted.
“Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering.
“At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future,” the report said.
