2020 forecast: Attackers will target non-traditional systems

While plenty of attacks will continue to hit traditional targets such operating systems and humans, 2020 will see many attackers taking aim at non-traditional systems. Containers, connected devices and the communications between the two technologies will be a primary focus of both security researchers and attackers.

New technologies continue to shake up corporate infrastructure, and with new technologies comes unforeseen weaknesses and exploits for those weaknesses.

Here are four predictions of where attackers are headed in 2020 – areas that your technology security team should focus their efforts on.

Security researchers will focus on the container ecosystem

Companies are moving more of their applications and processes to the cloud—and not just one cloud, but many. Eighty-four percent of companies had a multi-cloud strategy in 2019, and on average, were using 5 different cloud infrastructures—two public clouds and three private clouds, according to the annual RightScale State of the Cloud report.

Because of the complexity of managing different infrastructure, the firms are naturally looking for easy ways to keep their workload and infrastructure portable. A key way to do that is containers. Container adoption has taken off, with 57 percent of companies using containers in 2019, up from 49 percent in 2018.

But with popularity comes scrutiny. Security researchers have begun focusing on containers and the ecosystem around containers. At this year’s Black Hat Briefings, four sessions focused on containers, DevOps or Kubernetes – the common management and orchestration platform for containers. In the past year, we’ve seen threats to containers including untrusted Docker images, the leaking of secrets such as API keys, and compromises of Kubernetes dashboards.

With the growth of containers and the complexity in managing the DevOps infrastructure, these issues will only continue in 2020.

API security becomes a significant threat surface

The growth of the container ecosystem and the popularity of mobile apps that connect to backend services has also pushed the microservices architecture to the forefront. A variety of information—from airline ticketing to online ordering—can be exposed through insecure APIs.

Two years ago, for example, a food retailer leaked up to 37 million customer records due to insecure access to its backend server and sequentially numbering customer records, allowing for easy enumeration of the entire customer base. Last year, more than 140 airlines had customer information compromised because a ubiquitous booking system allowed anyone to access passenger records just by changing an identifier in the URL.

In 2020, these attacks will only increase as automated bots are tasked with testing the security and enumerating information on microservices exposed to the internet.

The threat from Internet of Things continues to grow

Estimates of the number of IoT devices expected to exist in 2020 varies enormously. At one point, IBM had forecasted that the world would see more than 1 trillion devices by 2015.

Not including smart phones and routers likely puts us on the lower side of those estimates. But securing the billions of devices that interact with corporate networks and IoT providers on a daily basis is still a tall order.

The days of massive home-router botnets taking down key parts of the internet infrastructure may — and that’s “may” with a question mark — be behind us. However, the proliferation of connected devices whose manufacturers have not fully considered security implications will make the IoT a target of both security researchers and attackers for years to come.

For companies, the growth of connected devices increases the attack surface area that must be monitored. While much of the focus is on cyber-physical attacks, particularly against cars, wearable devices pose a real threat as they can interact with corporate networks for reconnaissance or as a jumping-off point for an attack. For the most part, security products do not know how to handle these devices from a network monitoring standpoint, so they can be a source of significant false positives, or conversely, when such alerts are ignored, a potential place to hide attacks.

Automated bots get smarter about fraud

As artificial intelligence and machine learning are applied to all sorts of areas of enterprise operations and technology, security researchers continue to study how applying the discipline of machine learning can benefit (and threaten) system security.

One of the most active areas of development for attackers is in increasing the intelligence of their automated systems, especially bots. Of the more than 3,000 web attacks and probes that organizations saw daily on average in the last three months, about half attempted to gain access to accounts using default or stolen credentials. Moreover, Signal Sciences has seen an increase in the number of attacks every month.

Attackers are also creating smarter bots, distributing attacks over the Internet’s address space and mimicking human behavior to try to avoid detection. These are trends we expect to continue in 2020.

While predictions should always be taken with a grain of salt, all four of these trends are strong and accelerating.