From CEO Deepfakes to Drone-Led Attacks: 6 Cybercrime Trends Businesses Need to Know in 2020

Cyber attacks targeting businesses in 2020 are expected to become more frequent, more costly, more sophisticated, and sometimes even downright strange. Threats could range from phony CEO calls attempting to make wire transfers to an ever-growing number of unsecured Internet of Things (IoT) devices to a drone hovering outdoors collecting user credentials.

Here are six cybercrime trends that could impact your company in 2020.

1. Executive Deepfakes Grow in Number

Experts predict that voice could become the new weapon of choice for corporate cyber attacks in 2020. For years, organizations have educated their staff on how to identify and avoid text-based phishing emails. But are employees prepared to detect a fraudulent—and very convincing—voice message from the CEO?

One such incident occurred in 2019 to a UK-based energy company when an employee was instructed to transfer approximately $240,000 based on a phone call he believed to be from the chief executive. Unfortunately for the employee—as well as the company—the call had actually been made by fraudsters who used software to realistically mimic the characteristics of the executive’s voice.

Cybercriminals can use deepfakes for immediate financial gain, but they can also be used to wreak havoc on a business, such as by faking audio clips of a key executive resigning from the company or of a spokesperson speaking negatively about the company’s products.

Industry analyst Forrester predicts that deepfakes could cost businesses up to $250M in 2020. And as the technology used to create deepfakes becomes cheaper and more accessible, experts believe that voice cloning could be seen on a widespread basis within the next few years.

2. Drone-Led Corporate Espionage

This could be the year that organizations must consider how to protect not only what’s inside their building and on their networks and devices, but also what’s lurking outside in their airspace.

Researchers have already demonstrated a range of possible drone-based corporate attacks. Drones have been used to control a Bluetooth mouse and install malware, and even to receive information from a malware-infected computer in the form of light pulses. Experts say that drones hovering near a target company can even be used to set up rogue WiFi access points in order to collect user credentials, perform man-in-the-middle attacks, and conduct network reconnaissance.

3. Phishing Attacks Persist

Phishing is certainly nothing new, but despite efforts in technology and training to curtail it, the statistics tell a disheartening story. According to one survey, 85 percent of senior security respondents reported experiencing a phishing and social engineering attack—an increase of 16 percent from the previous year.

Business Email Compromise (BEC), a form of phishing and social engineering that often targets finance departments, reportedly became more sophisticated in 2019. In the past, BEC attackers would attempt to install malware to gather data on the company’s network. Today’s BEC attackers compromise an email account and then spy on the company’s internal email conversations until they see an opportunity to enter a discussion and change payment details to redirect funds to their own accounts.

4. Attacks Focus on Cloud Providers; Cloud Misconfigurations Are a Weak Link

Experts predict an increase in the number of attacks targeting cloud service providers to harvest data from the companies the cloud providers serve, especially as organizations increasingly migrate their data and workloads to the cloud.

In addition, cloud misconfigurations may end up being the weak link that exposes billions of records. Misconfigured cloud storage was the cause of a substantial number of significant data leaks in 2019. For example, during Capital One’s data breach, an attacker reportedly exploited a misconfigured Amazon Web Services bucket to download sensitive data. The FBI reported that as many as 30 other organizations could have been compromised using the same misconfiguration.

Experts believe that cloud security incidents will continue to be a root cause of data breaches in 2020.

5. Ransom Payouts Lead to More Ransomware Attacks

Businesses, healthcare providers, and government agencies may find themselves in a downward spiral regarding ransomware in 2020.

Despite government warnings not to pay the demanded ransom to attackers, many organizations are choosing to purchase cyber insurance. However, experts believe that payouts from cyber insurance companies, who may be more likely to give in to ransom demands, may drive even more ransomware attacks. According to security experts, criminals may actually begin to target organizations that have cyber insurance, as those organizations may be more likely to pay the ransom.

As long as ransomware gives cybercriminals a relatively easy option for quick cash, it’s likely to remain a top cyber threat.

6. 25% of Attacks Predicted to Hit IoT Devices

The number Internet of Things (IoT) devices continues to rise, with an estimated 24 billion connected devices that now require monitoring and management. Add to that the fact that experts believe 25 percent of enterprise attacks will arise from IoT devices by the end of 2020.

That could mean that likely already overworked tech teams will have to expand their focus to include every potential device that could be connected to the company’s network—from smart air-conditioning units to vending machines to industrial machinery.

Healthcare organizations may face may more complexity with IoT. Ninety percent of healthcare networks use medical IoT devices, and threats to these devices have the potential to be much more devastating.

Be Prepared to Detect and Avoid Cyber Attacks in 2020

Experts believe the best approach is to better understand developing corporate cybersecurity threats and add potential scenarios to your crisis response plans. Having written crisis response plans to a host of potential cyber attacks that could befall your company could save hours or days that you’ll need if an attack occurs.