Skip to main content

Cyber-warfare may be imminent, but defender power is on the rise

(Image credit:

2020 started off ominously with geopolitical tension between the U.S. and Iran, which set in motion, again, the prospect that Iran would respond to this tension with a series of cyber-strikes.  To this point, Iran has developed destructive malware over the years and now has the capacity to destroy the integrity of data and systems. It has the technical acumen to conduct attacks against the West across numerous sectors, including energy, financial services, and critical national infrastructure, which is a reality that organisations need to be prepared for, bolstering their systems to defend against potential cyberattacks.

But even before this recent aggression, we foresaw that geopolitical tension and domestic terrorism would continue to manifest in cyberspace, ushering in an era of destructive attacks that could, for example, be used to influence the 2020 US elections.  In my opinion, geopolitical tensions are going to explode in cyberspace and domestic terrorism will manifest here as well. I think we are going to see a resurgence of organised hacking as well as geopolitical clashes, specifically with Iran, Russia and China, escalating dramatically in cyberspace.

As a result, destructive attacks will increase and we predict a modernisation of wipers and wiper malware that won’t just be specific to Windows; wiper malware that is specifically for Linux and OS X will be developed and will become more common.

In general, outside of geopolitical conflict and terrorism, our research has found that malware continues to be a major threat.  In fact, it was the most prolific type of cyberattack UK businesses experienced in 2019, according to our latest UK Threat Report, which was published in October 2019.  One in five businesses (21 per cent) reported seeing custom malware attacks most frequently and 10 per cent cited commodity malware, therefore together 31 per cent of businesses reported malware to be the most witnessed attack type.

The rise of cloud-jacking

We conduct this research to understand the challenges and issues facing UK businesses when it comes to escalating cyberattacks.  Its purpose is to identify trends in hacking and malicious attacks and the financial and reputational impact any breaches have had on organisations. In terms of the prime cause of successful breaches, we found that humans are proving to be the weakest link in the cyber-defence chain.  Phishing attacks were the primary cause of attacks that resulted in a breach, with a third (33 per cent) of respondents affected.  Ransomware took second place with 20 per cent of businesses citing this as the primary cause.

That said, I predict that cloud-jacking and subsequent island hopping will become a more common practice in 2020 as attackers look to leverage an organisation’s infrastructure and brand against itself. There will be a lot more cloud-jacking and island hopping via public clouds as well as new-fangled techniques for hypervisor escapes.

We will also see an increase in mobile root kits, allowing hackers to gain full control over a victim’s device. These are rootkits that will give hackers control over other people’s mobile devices and allow them to manifest in the physical setting i.e. leveraging proximity settings on microphone, camera, location etc once they are in the device.  This is going to become much more common as a form of competitive intelligence and industrial and economic espionage in the year ahead.

Access mining as a service will grow as cybercriminals see the benefits of not having to hack the victim but outsourcing that function or purchasing the backdoor into that system that has already been planted.

And, virtual home invasions of well-known public figures (celebrities, CEOs, politicians) will occur. Significant personalities - whether they be film stars, corporate executives, or politicians - will be hacked through the technology they've deployed in their homes, specifically through things like nest and others.

The age of cyber-warfare

The good news is that businesses appear to be adjusting to the ‘new normal’ of sustained cyberattacks.  Greater awareness of external threats and risks have also prompted businesses to become more proactive about managing cyber-risks.  In our report we found that companies are tightening up on factors that they can control such as process weaknesses and, while 84 per cent reported being breached in the past 12 months and 90 per cent saw an increase in attack sophistication, 76 per cent of companies said they are more confident that they can repel cyberattacks today than they were a year ago.   For many this is because threat hunting is reaping the rewards as teams identify threats that would previously have gone undetected.  To this point 90 per cent of the companies that we surveyed said threat hunting had strengthened their defences.  Likewise, there is a sustained level of investment with 93 per cent planning to increase their spending on cybersecurity which demonstrates that cybersecurity is maturing, and businesses are beginning to prioritise it effectively.

Who knows how the Iran situation will continue to unfold? The 2020 landscape looks eerie and this situation heightens awareness for all businesses who must be extra vigilant against such threats.  Right now, CEOs should be meeting with their CISOs to understand the vulnerabilities in their systems, asking them “do we have visibility across all of our devices? Are security controls integrated? Do we have a cyber-threat hunting team that is actively conducting hunt exercises in our infrastructure now to root out threats and identify whether malicious actors already have a foothold in our networks?” Because this is not a question of if but when.

The age of cyber-warfare is upon us and the threat of cybercrime to businesses continues to multiply by the day, which means the imperative to defend is stronger than ever in 2020.

Tom Kellermann, Head Cybersecurity Strategist, VMware Carbon Black

Tom Kellermann is the Head Cybersecurity Strategist for VMware Carbon Black. Tom also serves as the Wilson Centre's Global Fellow for Cybersecurity Policy and sits on the Technology Executive Council for CNBC.