Nicole IbarraDecember 3, 2019
What Do The Cards Hold for 2020?
Over the past year there have been some incredible advancements in cybersecurity. Nevertheless, organizations cannot afford to rest on their laurels. Ceaseless vigilance is the name of the game because when protection strategies evolve, attack strategies are not far behind. To survive in this high-stakes environment, it is no longer enough to simply keep up with fraud detection and mitigation advancements, you need to be one step ahead.
Right about now you might be thinking to yourself, “If only there was some way to predict what the future of fraud – and fraud prevention – holds.” You are in luck. Our experts at Appgate have laid their cards down and are here to share their insights for 2020.
The World. Representing Time, Convergence, Resolution, and Freedom
The industry will focus more on integrated response teams from fraud management and security departments with timely sharing of intelligence around external threats, data breaches, and fraud trends.
According to Bryan Jardine, Director of Product Development, the integration will ensure that the (multi-disciplined organization’s) threat and risk mitigation strategies and anti-fraud playbooks are well-coordinated and aligned, creating more effective response plans and playing a vital role in the design and deployment of future defense strategies.
Appgate Vice President and General Manager Mike Lopez predicts that vendors will be more conscious of the convergence of the cyber/infosec and fraud sectors. Both units require actionable data they can leverage for effective mitigation, and vendors that can successfully detect and mitigate attacks while simultaneously providing actionable intel to different business units will gain a competitive advantage.
The Moon. Representing Illusion, Secrets, Change, Dreams, and Fears
The future of 5G technology will come with great advantages, but severe security issues will also arise, anticipates Beatriz Cleves, Total Fraud Protection Product Manager. The potential for speed connectivity to increase by 90 percent means that attacks are also being powered up and causing greater damage both in terms of impact and velocity, making it far more costly to repair and also opening the door to new connected IoT devices, adaption to new protocols, and implementations to new systems.
Expect a rise in attacks targeting mobile devices thanks to society’s high reliance on mobile payment applications such as Venmo, Paypal, Zelle, and Apple Pay, for example. Nicole Ibarra, Product Marketing Manager, states: “Malicious actors will be drawn to creating new methods to compromise these mobile payment accounts.”
Paul Wilson, Product Management Leader, anticipates malicious actors will abuse SMS and messaging applications in SMShing (aka smishing) attacks (a form of phishing that targets people through text or SMS message) geared towards social engineering. An attacker can lure end users to click on shortened links on platforms such as WhatsApp that are difficult to defend against since they circumvent most of the traditional security controls.
The Devil: Representing Illusion, Greed, and Temptation
“I expect more sophisticated phishing attacks and tactics to occur utilizing mobile devices due to the ease of app integration,” foretells Gustavo Palazolo, Malware Researcher. Malicious code recognizes the type of device being used and modifies its behavior to go undetected when interacting with applications to proliferate phishing.
The rise of fraud through micro-transactions such as in-app purchases makes Developer Sergio Florez Percy believe that fraudsters will target the gaming industry to access bank accounts and credit card information. Fortnite, for example, has already been leveraged as part of money laundering schemes in which stolen card details are used to buy V-bucks, the gaming platform’s virtual currency, then sold in bulk at discounted prices on the dark web and on social media. Percy thinks the gaming industry will become a favorite target of fraudsters and their money-making scams.
Seven of Swords: Representing Deceit, Lies, and Trickery
Based on what he is witnessing in the industry, Ricardo Elena, Director of Operations, sees a handful of inventive malware developments on the horizon.
Malware injection in banks’ post-login pages will occur more frequently due to their accessibility for misdirection. The injected malware takes end users to a fraudulent IP address that appears to be the official bank website. From there, hackers can hijack chat sessions and impersonate bank officials to obtain all sensitive data directly from the end user.
Injections are also expected to penetrate DNS servers directly as part of pharming attacks, deceiving internal customers into navigating over to sites that could harness malware. For example, an HR-related program such as Dayforce could be leveraged to redirect end users to an altered IP address, where fraudsters can easily obtain any personal information that is entered.
Social engineering that deceives users on online gaming and adult web-cam platforms will increase in popularity as an attack vector, reports Malware Analyst Felipe Duarte. “Not only, because these industries move large amounts of money between subscribers, but also because attackers can easily spread malware pretending to be promotions to trick users into installing it.”
Elena believes that social media will continue to be misused by malicious actors, especially on platforms such as Facebook, WhatsApp, and Instagram. Advanced and focalized social engineering that impersonates company executives will happen more frequently, where fraudsters set up fake executive accounts and join public, private, or even closed groups and mimic the original exec’s actions, behavior, and communication style to post links that entice people to take action, such as making investments or applying for job opportunities.
The Hermit. Representing Wisdom, Science, Mastery
Artificial Intelligence (A.I.) is also being adopted by threat actors to obtain biometrics and successfully guess security questions all via social media platforms.
Remember the #10yearchallenge? Well, A.I. can record those images people posted and form a biometric scan of all the physical traits and how they changed over the years to present day, explains Elena. A.I. can also compile a database of all the information shared on Facebook— photos of your baby’s birthday, the time you took a Harry Potter Quiz, and the post you made about your dead dog. A.I. can now guess the answers to the security questions about your firstborn’s birthday, your Hogwarts house, and the name of your pet.
Martin Ochoa, Head of Research, and David Camacho, Lead Data Architect of Research, foresee developments with Artificial Intelligence attacks.
To start, DeepFake will be utilized for disinformation, social engineering, and overall potential fraud through the enhancement of Generative Adversarial Networks (GANs) used for generating more realistic media such as photos, audio, and even videos. Meanwhile, algorithms such as GTP-2 are expected to be wielded for disinformation and deceptive communication due to their ability to generate extremely realistic text that is incredibly difficult for people to identify whether it was generated by a human or a computer. From there, it is only a matter of time until emails from coworkers or managers are duplicated almost perfectly and leveraged for advanced spear-phishing attacks and scams.
The Cards Never Lie (Now What?)
Now that you’ve had a glimpse into what the cards hold for 2020, our experts want to make sure you are in charge of your institution’s destiny. By following a few basic cybersecurity tenets, you can help control your fate:
- Expect fraudsters to continue with their ill-advised plans and develop even more creative means of attack. Implement a fraud-prevention solution that harnesses the power of machine learning so that instead of retroactively defending against them, you are in control.
- There is no magic bullet when it comes to protecting your organization. Instead, implement a multi-layered solution that looks at threats holistically, not individually.
- Employ strong, modern multifactor authentication.
- You cannot control what fraudsters do, but you can control how you proactively defend against them. Ensure your fraud security plan covers threats from inside and outside your perimeter.
Gain better control of your cybersecurity for 2020 and have look at Appgate's fraud prevention solutions.