As a cybersecurity and artificial intelligence innovator, we are often asked about our predictions for the year to come. AI, in all its flavors, is a hot technology and it is being applied in many fascinating and powerful ways. Our focus, of course, is on using deep learning to advance the standards in malware detection (and we see a lot of good happening in that regard) so we bring a unique perspective to these two areas.
And not to brag, but when the question came up last year we provided a modest forecast that turned out to be fairly accurate. Here’s a quick recap:
-Our bet was behind the emergence of AI-as-a-Service. It’s comforting to know that Microsoft CEO Satya Nadella agrees, and sees a $77 billion market by 2025, according to Motley Fool.
-Last year we predicted the emergence of more sophisticated learning techniques, advancing the capabilities and efficacy of machine learning and deep learning algorithms, and that has been happening.
-We’ll even take credit for our prediction that AI in all its forms would see greater commercialization and consumerization, even though that one was probably self-evident in hindsight. Development and improvement in products like smart assistants, smartphones, autonomous vehicles, medical devices and more will continue apace now that AI is mainstream.
So what can we expect for 2020? We’re going to keep our forecast in the realm of cybersecurity and AI this year, looking at both the threat landscape and the emergence of innovative defenses. Here are five trends we see developing in the new year.
Cybercrime will focus on ransomware and cryptojacking
The focus of the global hacker community will shift to emphasize ransomware and cryptojacking. Ransomware has proven to be a lucrative source of income for hackers, and as associated malware and delivery techniques become more effective, that is only going to embolden them. Most hackers launch attacks from locations beyond the reach of U.S. authorities, and they collect payments in the form of cryptocurrency to minimize the risk factor of their illicit endeavors. And as cryptocurrency becomes more mainstream, we foresee a sharp increase in attacks intended to hijack computing resources to power the computations necessary to “mine” coins. What we’re seeing in Blue Hexagon Labs research is that cryptojacking attacks appear to have an inverse relationship to ransomware attacks. This is likely driven by hacker motivations; as the value of cryptocurrency increases, it may be more lucrative (and easier) to focus on cryptojacking than ransomware.
Malware-as-a-Service becomes increasingly sophisticated
Criminal hackers are innovators and entrepreneurial (even if they are evil, self-centered, and destructive innovators and entrepreneurs). As such, they are keen on minimizing cost and risk, and one way they are doing that is by productizing their tools and skills. As a result, Malware-as-a-Service hacking groups are now selling kits and automated services on dark web marketplaces. In March of this year, we wrote about Gandcrab ransomware-as-a-service. We will see these services increase in sophistication in the coming year–for example, the ability to select customizations such as the type of obfuscation or evasion techniques, and the way the malware is delivered. This will make it easier for anyone to get in on the malware game, creating a force multiplier effect that will increase the number of threats enterprises will face in the years to come.
First malware using AI-Models to evade sandboxes will be born in 2020
Malware developers already use a variety of techniques to evade sandboxes. A recent article explained that “Cerber ransomware runs 28 processes to check if it is really running in a target environment, refusing to detonate if it finds debuggers installed to detect malware, the presence of virtual machines (a basic “tell” for traditional sandboxes), or loaded modules, file paths, etc., known to be used by different traditional sandboxing vendors.”
In 2020, we believe that new malware–using AI-models to evade sandboxes–will be born. This has already been investigated in academia. Instead of using rules to determine whether the “features” and “processes” indicate the sample is in a sandbox, malware authors will instead use AI, effectively creating malware that can more accurately analyze its environment to determine if it is running in a sandbox, making it more effective at evasion. As a result of these malware author innovations and existing limitations, the sandbox will become ineffective as a means to detect unknown malware. Correspondingly, cybersecurity defenders’ adoption of AI-powered malware defenses will increase.
The rollout of 5G networks will bring new attack vectors
The infrastructure needed to roll out and manage new 5G networks requires a more complex, software-defined architecture than older communication networks. This new architecture means services will operate within a more complex environment with a broader attack surface that requires more security diligence on the part of the service providers. In addition, the advent of 5G networks will enable more endpoint devices that will require security at the network edge. Hackers, in particular, nation-state threat actors, will work hard to find and exploit weaknesses in this architecture to intercept traffic, disrupt services, and deliver payloads to endpoints and networks.
Privacy regulations drive more spending in cybersecurity
The European Union’s General Data Protection Regulation (GDPR) has inspired a number of privacy regulations, including the new California Consumer Privacy Act (CCPA). In the CCPA, California has created a combined privacy and breach disclosure law that goes into effect on January 1, 2020. The office of the California attorney general recommends NIST (800-53 or CSF) or ISO 27001 as their standards for implementation, and uses CIS Controls for security program guidance. That means an emphasis on malware detection and prevention, and with data breach violations reaching hundreds of millions of dollars in the EU and U.S., we predict CCPA and the recent history of enforcement will drive a significant increase in cybersecurity spending.
Even though the overall theme of these predictions suggests increasing threats and risks to the enterprise, we do see cause for optimism. Our experience with the application of deep learning to meet the challenges of threat detection and prevention give us hope that, as our efforts and those of other innovators continue and build momentum, we are confident that 2020 will be regarded as the year our industry finally turned the tide against hackers.