The findings of the Cybersecurity Threat Landscape Report 2019, research prepared using threat intelligence gathered from Subex’s global honeypot network now operational in 62 cities globally, have presented the global trends that have the most significant implications for enterprises, governments, citizens and other stakeholders.
The report highlights rising malware complexity and sophistication, increasing reconnaissance capabilities of hackers, and growing numbers of attacks on common IoT devices and critical infrastructure as areas of concern needing immediate intervention.
Cyberattacks motivated by geo-political influences dominated the threat landscape throughout 2019. More than 45% of attacks registered by Subex’s honeypots globally had some correlation with bilateral tensions between countries across regions including South Asia, the Middle East and Central and Eastern Europe. A steep increase in demand for malware saw the average price of malware grow sharply in the second quarter of the year. This supply-demand imbalance is likely to continue in 2020 as the demand for malware is not expected to slow.
Cities under threat
Many new cities entered the list of top 50 most attacked cities across the globe. The cyberattacks show a clear shift towards attacking cities located in remote corners of various countries. Attacks on ports, airports and other facilities in such cities witnessed a steep rise in attacks. The top ten cities that were attacked most often in 2020 were: New York, New Delhi, Atlanta, London, Kiev, Singapore, Dubai, Houston, Seoul and Lagos.
Focus on stealth
On the stealth front, Subex reports that malware developers continue to release malware that relies on multiple techniques to evade detection. The main aim of developers and hackers seems to be reconnaissance primarily to collect data on networks, security layers and monitoring systems, perimeter security tactics and downtime schedules. Such monitoring is also carried out to study the patterns of data flow and the nature of data as well.
During Subex’s virtual machine/sandbox testing, it found that credentials, financial and even intellectual property-related information was transferred to command and control servers faster than other information. Malware seems to be sensing the content of data by comparing keywords or even syntaxes to prioritise information.
2019 was a dynamic year for cybersecurity and saw the entry of malware variants with predatory properties. Such levels of malware aggression were previously quite rare but are now becoming more common and this is a cause of worry for security managers and CISOs everywhere. This trend also indicates impatience as hackers now want to monetise their attacks rapidly and are also competing aggressively with other hackers to attack networks and systems faster.
2019 also saw developers investing in techniques designed to prevent reverse engineering and de-bugging in order to prevent threat researchers from conducting detailed analysis and helping avoid detection thereby increasing persistence of attacks. Other than stealth and easy and rapid deployment, persistence was another key factor that malware developers are targeting.
Looking ahead to 2020, Subex believes that geopolitical attacks will continue to gain momentum across Middle East, Europe and Central America as social engineering practices designed to hook employees to click on links hosting malware or malicious codes get more personal and targeted.
Subex expects the number of attacks to rise in the May-July time period as has been the case for the last two years. Malware prices may stabilise as demand and supply levels attain an equilibrium. However, more malware developed in academic and other labs will be released in 2020 adding to a supply glut. This glut will be offset if demand for malware picks up mid-year. If that happens, unit prices of malware may increase further.
In terms of the countries under most threat, the US, India, UK, Singapore, Ukraine, UAE, Nigeria, Japan, South Korea and Spain will experience a significant increase in cyberattacks. Subex reports that signs of this were already apparent in the final months of 2019. The company expects state and local governments will be targeted more often in 2020.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.