Sophos, a cybersecurity solutions company, has said that unwanted apps are acting as brokers and will become a threat next year. These apps are helping in spreading and execution of malware.
The firm has come out with 2020 Threat Report, giving contours of threats in the coming year.
“Ransomware attackers continue to raise the stakes with automated active attacks that turn organisations’ trusted management tools against them. They evade security controls and disable backups to cause a maximum impact in the shortest possible time,” the report said.
Many ransomware-deploying attackers seem to have developed a keen understanding of how network and endpoint security products detect or block malicious activity. “Ensure any management accounts or tools use multi-factor authentication to prevent criminals from using them against your organisation,” the SophosLabs 2020 Threat Report said.
“The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable,” it said.
The report focuses on unwanted apps, ransomware attacks, machine learning tools designed to fight malware, becoming targets of attacks.
“The greatest vulnerability of cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready-made target for cyber attackers,” John Shier, senior security advisor, Sophos, said.
Machine learning under attack
The report sees an interesting trend wherein machine learning tools that are designed to defeat malware are coming under attacks.
“Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering,” he said.
This advanced game of cat and mouse is expected to become more prevalent in the future.
The other important trends would include cyber-criminal reconnaissance hidden in internet scanning applications and advancement of automated active attacks.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.