By Or Katz, Principal Lead Security Researcher at Akamai

Enterprise Threats Will Increase and Humans Will Continue to be Scammed

Looking back at the past years, analyzing the evolvement of attack campaigns, vulnerabilities that were used and incidents that were reported, we can come to the obvious conclusion that in 2020 cybercriminals will not slow down and will continue in their malicious activity.

We will continue to see new evolvement of cybercriminal activities in the threat landscape and the cybercriminals will continue to introduce new techniques, methods and tools for exploiting and abusing enterprise networks. 

In this post, we will share some of the predictions and trending threats enterprises will see in 2020 that might require their attention and reactions:      

Phishing campaign activity will increase and humans will continue to be scammed

Although phishing is a well known threat, it does not change the fact that people will continue to become victims of phishing scams. Phishing campaigns and websites are becoming more sophisticated and trustworthy, creating engagement with targets and resulting in victims giving away their personal information. In 2020, new and improved phishing campaign techniques will also increase in effectiveness and longevity - giving threat actors the ability to develop techniques that make the phishing kits become more evasive from detection and at the same time more selective on the targeted victims. The use of social networks as a distribution channel will continue to rise, leading to more propagated and widely spread phishing campaigns. In 2020 and beyond, phishing campaigns will be much more resilient to detection, effectively targeting only relevant victims and being propagated rapidly, resulting in more victims.   

The weakest part of the security chain is... you!

Enterprise users will be the weakest security link and will continue to be targeted with more sophisticated attacks that will lure them to do the one mistake that will lead to threat actors getting access to an enterprise's network; provide the attackers with network credentials. We anticipate an increase in the volume of more sophisticated phishing attacks that use social engineering techniques leading to victim engagement. Email will continue to be a highly prevalent technique for distributing malware and phishing, but we will also see an increase in the usage of social networks as a method for propagating these attacks. 

Web attacks will continue to evolve

Web threat landscape will adopt trends from enterprise landscape, we will see more targeted attacks that are motivated by money driven objectives such as stealing financial data from targeted victims once they use credit cards to purchase on websites.

Web attacks will continue to evolve, we will see attacks similar to the ones associated with the magecart hacker group, targeting victims' sensitive and financial data. Threat actors will look for footholds into client-server communication by abusing 3rd party components or by injecting server side resources by abusing 3rd party libraries consumed by the web applications.

##

About the Author

Or Katz is a Principal Lead Security Researcher at Akamai and is the head of research for Akamai's Enterprise Threat Protector technology. Or is a frequent speaker at security conferences and has published numerous articles and white papers on threat intelligence and defensive techniques. He began his career in the early days of web application firewalls (WAFs) and used to lead the OWASP Israel chapter.