The geopolitical cyberwar between Iran, China, North Korea, Russia and the liberal democracies is about to get very sophisticated
The new year is a time for reflecting on the old and considering the new. In cybersecurity, this leads to a prediction-fest where vendors tell us what to expect over the next 12 months.
But to really understand what is likely to happen, we need to examine not what happened over the last year, but what has been bubbling under the surface. From there we can assess how the criminals are likely to respond in their drive for either money or political advantage.
The global background
2019 was dominated by a global rise in geopolitical tensions between China, North Korea, Iran, and Russia and the liberal democracies. This is a war being fought economically and in cyberspace, and it is likely to increase throughout 2020.
In cyber, this means increased efforts to disrupt public opinion and affect elections – especially, of course, the U.S. presidential election – and increased efforts to steal western intellectual property and money.
But the adversaries have slightly differing motives. Iran and North Korea seek to punish the West for real or imagined slights. With tensions heightened, Iran may feel justified and motivated for cyberattacks on America. Russia seeks to weaken the West. China, however, seeks to learn from, emulate, and overtake the west both economically and militarily. In all cases, there is a blurring (and sometimes an elimination) of lines between the elite criminal hackers and the state hackers. Both benefit. The state acquires increased expertise while the criminals get access to resources and state protection.
The effect in 2020 will be an increase in sophisticated attacks by the world's elite hackers. Russian attacks will be disruptive; on the one hand seeking to sow discord within western populations, and on the other hand testing its cyber weapons. Iranian and North Korean attacks are likely to be noisy and dramatic – these two countries have little to lose either economically or in public opinion.
But the Chinese attacks are likely to be the most dangerous. China is playing a long game. In the Chinese philosophy and culture, it doesn't matter if it takes 100 or more years to succeed. These attacks will be less dramatic as China seeks to infiltrate western companies, steal military and technology secrets, dominate western economies, and learn how to disrupt critical industries. There are rumors, for example, that China is intercepting and storing massive volumes of secret encrypted telecommunications, waiting for the time it can decrypt everything through the power of quantum computers. We may not even hear about the majority of China’s attacks.
The technology background
The two big technology developments were the proliferation of wireless connected devices (IoT) and the emergence of drones. Neither were new to 2019, but both reached a tipping point during the year.
The Internet of Things
The growth of IoT devices in the business world is being driven by business transformation, sometimes known as Industry 4.0. This process will gather pace through 2020, and the use of IoT will increase accordingly. Many new IoT devices will be manufactured in China; and even when they are designed and assembled in the West, the components will still mostly come from China.
There are two primary threats. The first is to the supply chain. There is the potential for hidden backdoors that can be exploited in the future, or methodologies for sending data back to the country of origin. The second is a more widespread lack of security. Whenever there is a burgeoning market, manufacturers rush to get new products to that market. And when they rush, security gets forgotten.
The result in 2020 will be an increased targeting of IoT devices by both nation-state and criminal hackers. This will apply to business IoT, smart devices in the home (such as cameras and routers), and personal devices (such as watches and activity trackers).
We should not forget that self-driving vehicles are effectively local collections of many IoT devices. The potential for hijacking smart cars has been frequently demonstrated in the past. As driverless vehicles – especially driverless trucks – take to the road, we will undoubtedly see attempts to hijack them.
Drones, like IoT devices, are not new. 2019, however, saw them transition from specialty to commodity items. At the lowest level, their nuisance and privacy intrusion activity will boom. Thousands of people have received low cost drones with cameras this Christmas, and many will be used to snoop on friends, neighbors, and strangers.
Higher up the criminal chain, drones will be equipped with Raspberry Pi computers and Wi-Fi sniffers to intercept and listen in on telecommunications. These will be listening for sensitive information and for credentials to access corporate networks.
Activists will also use drones to disrupt events or to make a political point – such as flying into commercial airspace to protest environmental pollution. At the opposite end of the same purpose, law enforcement agencies will use drones with facial recognition capabilities to monitor suspects and disrupt criminal activity.
Activist use is a short step from terrorist use. In September 2019 a successful drone attack against Saudi oil facilities was almost certainly directed by Iran. While this attack involved nation-state support, the use of drones as a weapon is no longer beyond the reach of even small terrorist groups. This is a danger that will grow throughout 2020.
The cyber background
Here, the standard prediction will be correct – there will be more malware throughout 2020. Nevertheless, three areas will be noteworthy:
Magecart. Financial fraud using stolen payment card details will increase. The transition to chip-based Europay, Mastercard, and Visa cards has driven criminals from card-present fraud to card-not-present fraud – that is, the use of card details for online purchases. It is easier to get card numbers from online databases. However, since the card number alone is not enough without the CVV number (which cannot be stolen from card databases), there has been a growth in Magecart-style attacks. This involves “skimming” the details from the retailer’s website as the payment details are entered in plain text and before the number is encrypted and the CVV number is discarded. The number of these attacks will grow and the attacks will become more sophisticated through 2020.
Targeted ransomware. Until all organizations refuse to pay ransoms – which is unlikely if not impossible – criminals will continue to use ransomware. The bigger the target, the more it can afford to pay; so ransomware will increasingly be targeted at large organizations: manufacturing, healthcare, and municipalities.
Malware-as-a-service (MaaS). MaaS is growing rapidly. This is where elite or competent hackers develop malware that is then hired out to less tech-savvy criminals. It is a quick, easy, and cheap way for wannabe criminals to steal money online. Through 2020, this will grow. Users of up-to-date anti-malware products will largely be kept safe – but those who don’t defend themselves will be exposed to far more malware attacks.
Artificial intelligence (AI)
AI has so far been seen as the great hope for cybersecurity. In the future, it will also be used as a weapon by cybercriminals. In future years it will become a major threat, but it has already started and will increase through 2020 in two significant ways:
Deepfakes. Deepfakes involve the use of machine learning to transpose the static image and recorded voice of a target onto a video of an actor. The quality is improving rapidly, and the technology will be used in various scams, particularly business email scams. It will also be used to sow discord and ruin reputations ahead of elections.
Highly targeted malware. The ability to build intelligence into malware will enable highly targeted malware that is virtually undetectable. It could be trained to detonate only if it recognizes a specific person or target. Such precision targeting will not appeal to average criminals seeking to infect as many victims as possible, but it has a ready home with nation-state espionage activities.
Cybersecurity insurance has been around for about 10 years but is only now beginning to gain a serious foothold. While this should, in theory, be a safeguard rather than a threat, it will affect the security landscape in ways we cannot yet imagine. The main cause for this is its expected growth – it has the potential to become a larger industry than the entire existing cybersecurity industry. The question then will be whether the larger industry will refrain from dictating to the smaller industry.
While the cybersecurity industry is focused on defeating cyberthreats, the insurance industry will focus on minimizing losses. Today it does not dictate whether clients should or should not pay a ransom. This is unlikely to continue. When the insurer believes that it will be cheaper to pay the ransom than pay for recovery from encryption, it will do so. What then for the criminals? It will become a question of mathematics – criminals will be encouraged to cause more severe damage in the expectation that the insurer will pay.
Predictions are a balance between what is happening and what could happen, influenced by underlying factors. The influencing factors here are geopolitics, globalization, business transformation, artificial intelligence, and new technology. Against this background, criminals seek to make money while nation-states seek information and political advantage. We’ve looked at some of the ways they are likely to do this in 2020, but the reality is that they will always come up with new ways and new weapons to do so. Those we cannot predict.