Biometric Data Leaks and Targeted Ransomware Threats Expected in 2020

Experts from Kaspersky Lab have shared their outlook on the development of advanced threats and targeted attacks (so-called Advanced Persistent Threats, or APTs) for 2020. Their forecasts are based on events and incidents observed over recent months. The identified trends suggest that threats will become more covert and targeted, while the spread of cutting-edge technologies such as machine learning and neural networks will take the complexity of cyberattacks to a new level.

Growing Risk of Biometric Data Leaks

According to Kaspersky Lab, there is an imminent risk of leaks involving especially valuable information—such as individuals’ biometric data. Personal user information helps cybercriminals refine their social engineering methods and carry out more convincing attacks, so their interest in personal data will only continue to grow. In addition, cybercriminals may begin using artificial intelligence to profile victims and create fake information—so-called deepfakes, which are already widely discussed today.

Shift Toward Targeted Ransomware Attacks

Recently, attackers have moved away from the practice of mass-distributing generic ransomware and have started to select their victims more carefully—in other words, they are looking for companies that are likely to pay significant sums to recover their data. Kaspersky Lab experts predict that this “targeted extortion” will gain momentum in the coming year and may become even more aggressive. For example, instead of encrypting files, attackers might threaten to publish stolen data. Additionally, in an effort to diversify their ransomware attacks, cybercriminals may target less obvious devices—such as smart TVs, watches, cars, homes, and more.

Increasing Stealth and Attribution Challenges in APT Attacks

One of the hallmarks of APT attacks is their stealth. These attacks are so carefully planned and executed that victims may remain unaware for a long time that they are under attack. In most cases, it is also impossible to determine exactly who is behind such malicious operations, partly due to the attackers’ own efforts: they meticulously cover their tracks and often plant so-called “false flags” to mislead investigators. Kaspersky Lab experts believe this trend will continue. Cybercriminal groups will strive not only to avoid attribution but also to frame others for their actions. For example, they may deliberately use backdoors associated with other APT groups or intentionally leak their code so that other attackers use it, further muddying the waters.

Looking Ahead

“No forecast, no matter how detailed and thorough, can anticipate everything that may happen in the future. The environments in which attacks unfold are so vast, and the circumstances so complex, that the future development of threats will likely be more complicated than even the best predictions. Moreover, no researcher has a complete picture of APT group activities. Nevertheless, we will continue to monitor the evolution of APT threats and the criminals behind them, striving to better understand their methods, anticipate their actions, and predict possible consequences,” said Dmitry Galov, antivirus expert at Kaspersky Lab.