NortonLifeLock Predicts 2020 Security and Privacy Concerns

NortonLifeLock Predicts 2020 Security and Privacy Concerns
The emergence of new technologies and devices in an increasingly connected world also means consumers will encounter a range of vexing new cyber security and privacy challenges.

Hong Kong – 22 January 2020 – With the rapid development of technology, our daily lives, and even personal data, are increasingly connected to the online world. The development of technology has made our lives easier, but at the same time it has brought cyber security issues and unprecedented privacy risk challenges. According to figures from the Hong Kong Police Force, the number of computer crimes in Hong Kong has increased more than fourfold in the past decade. In the first three quarters of 2019, there were more than 4,500 technology-related crimes, most of which were online business scams and social media scams. The amount of losses was about 2.25 billion, with an average loss of $490,000, which is more than the average loss of $350,000in 2018. Experts from NortonLifeLock research team have made 7 predications about cybersecurity and privacy risks consumers will face in 2020, reminding consumers stay alert.

Cyber Threats Morph into Physical Threats
Cyber criminals have made a business out of stealing personal data. But their ambitions aren’t stopping there, and we expect 2020 to be a year in which they increasingly lend a helping hand to criminals looking to carry out crime in the non-cyber world. In practice, this means you’ll find them trafficking (stolen) smart lock passwords combinations on underground forums – coveted information that can give the buyer control over the digital devices like smart locks commonly found in “smart homes.” Armed with that password information, a bad actor would have the capability to lock the doors and force a victim to pay in bitcoin in return for control over their house. You can also imagine attackers armed with stolen password data being able to remotely splice someone’s online security camera recordings, essentially allowing them to remove any segments filmed while they were ransacking the victim’s home, thus removing evidence of themselves ever committing a crime. All this moves the threat from the cyber realm to the kinetic – even to the point where there’s potentially an actual physical safety threat.

“Creepware” Menace Goes Mainstream
By this time next year, we expect the world will be familiar with the concept of “Creepware.” These are applications meant to harass victims, allowing attackers to launch a variety of personal attacks that embarrass, bully or otherwise disrupt their victims’ lives. Cyber security researchers, including researchers with NortonLifeLock, have been tracking the phenomenon as operators of download sites battle to keep creepware out of their app stores. Despite their efforts, new creepware apps replace the removed apps. Making it more difficult, the developers behind creepware products often attempt to obfuscate their app’s purpose to evade policy enforcement.

Over the course of 2019, NortonLifeLock found a significant number of creepware apps being used to spy on people for interpersonal kinds of attacks. In fact, we located 1,000 creepware and surveillance apps that Google subsequently removed from its Google Play Store.

Attackers are getting very creative in the type of nasty and abusive apps they use to target each other. For instance, some creepware apps can hit a person with hundreds of text messages at one time. Imagine if the victim had a pay-per-text plan. This could result in a very expensive phone bill. Or consider what can result from the use of spoofing programs that send out fake texts. A domestic abuser now has a tool they can deploy to send messages that could potentially ruin someone’s relationships with their friends and family. Other apps offer impersonation capabilities that can be used to frame people. The list goes on, but this is uniformly bad news for the victims. Until now, the general public has been largely unaware of this threat. We expect this to change as creepware goes mainstream over the course of the next 12 months.

Disinformation and its Discontents
As the United States enters an election year, we expect disinformation campaigns to blur the line between what’s real and what’s not as the technology tools to support this improve. If someone saw a picture, it was probably real. That doesn’t work automatically in the digital world in which you cannot always trust your ability to discern real from fake. He was off by a few decades: with DeepFake audio and video becoming mainstream, what used to be thought of as science fiction has increasingly become fact.

In talking about disinformation, we usually hear about fake news sites. However, that’s not how disinformation manifests itself. What the originators do is find existing reporting that might be polarizing in and of itself and then promote such news through artificial accounts. They often take something out of context, such as a picture that was taken a long time ago and blast it out over social media, pretending it was taken recently in an effort to make a political point.

Unfortunately, there is no uniform way to identify and counter disinformation campaigns, but this much is assured for 2020: disinformation is here to stay.

5G’s New Challenge to IoT Security
The 5G era promises to stimulate the growth of super-fast networks with billions more devices working at higher speeds that make for seamless user experiences. At the same time, it throws down a new gauntlet to IoT suppliers who will be under acute pressure to up their game when it comes to ensuring device security. Their track record isn’t promising as IoT security has remained a laggard for years. Device manufacturers prefer to roll out devices as fast as possible and come out with features that consumers want. They also take security shortcuts in order not to hold up their production schedules. The upshot: Consumers have little way to understand the security risks of devices they buy off the shelves or online. Even toys are not immune, especially when they are GPS-enabled and might inadvertently disclose a child’s location to outsiders. And now, even before the industry has had a chance to figure out how to better protect these devices, 5G presents a challenge that’s orders of magnitude larger than anything they’ve faced previously.

To be sure, large botnet attacks in the past have featured commandeered IoT devices. But those were just the coming attractions of what we can expect in 2020 and beyond. Given the tens of billions of devices connecting to 5G-based business networks and (increasingly) smart homes, the prospect of an “IoT Armageddon” will remain a very real threat unless device vendors are able to react timely to device security. The optimists shouldn’t hold out hope. The debate over whether an IoT disaster is possible isn’t any longer a matter of whether it will happen, but when and at what scale.

Ransomware Attackers Go for the Big Score
For the last couple of years, Ransomware has been a source of trouble for municipalities, healthcare organizations and small businesses. These were all targets where malicious attackers exploited underinvestment in infrastructure as well as sloppy security practices among the rank and file to freeze their victims’ networks and hold their data hostage to ransom payment. That was the low-hanging fruit. In 2020, count on ransomware attackers going after harder – and far more profitable – targets in the manufacturing sector as well as critical infrastructure organizations that cannot afford downtime.

And it’s going to be increasingly difficult to combat this cohort of professional ransomware attackers. They are perfectly capable of conducting sophisticated campaigns in which they sit quietly inside networks for months gathering up intelligence and learning the location of assets, backups and endpoints before striking. How well their plans succeed will hinge on the security postures of their victims. While companies are aware of the threat, many still face financial restraints that have forced security down their priority list.

Internet Fraud on the Rise
Fraudsters will step up their efforts to rip off victims using a variety of techniques old and new to steal data and other valuable information from people unaware they are walking into internet traps.

One growing problem is “juice jacking,” where victims charge their device by plugging into a USB port or using a USB cable that’s been surreptitiously loaded with malware. So, while they were getting a charge, they also put themselves at risk of getting their data stolen. It’s still unclear how big a problem this will be in 2020 but concerns arose after the Los Angeles County District Attorney’s Office published an advisory across its social media platforms warning holiday travelers of juice jacking at airports and other public locations.

Scammers are also increasingly using deepfake audio where victims receive a call that appears to come from a loved one in their own voice, saying they’re traveling but lost all their money and need a wire transfer.

Lastly, credential stuffing (cyber attack where stolen account credentials are used to gain access to accounts through large-scale automated login requests) is primed to be problematic as fraudsters increasingly turn to the dark web to acquire stolen usernames and passwords, they can then use on social media platforms, or websites to try and unlock a victim’s personal data. Within seconds, they blitz hundreds of sites until looking to gain entry. Unless someone has elected to use 2FA, they are going to be at risk.

Public Concern Towards Personal Privacy
With each new data breach, consumers grow understandably frustrated with the poor protection afforded their private information by supposedly responsible stewards. It doesn’t help that the data collection policies of many companies remain shrouded in mystery and difficult to understand. Consumers often remain in the dark about who has their data and how it’s being used. So, don’t be surprised if their discontent boils over with demands that companies and institutions finally get serious protecting both privacy and user identity. In recent years, various large-scale personal data leakage incidents have caused consumers’ concerns about cyber security and personal privacy. The public hopes the Hong Kong Government to review the data privacy law. At the same time, cyber insurance will most likely grow as a business as more corporations and individual seek such insurance against cyber threats.

Another potential flashpoint: the increasing use of sophisticated facial recognition and surveillance technologies as the public faces the prospect of a world in which cameras are trained on you almost all of the time. In some parts of the world, people regularly encounter this type of intrusion into their private lives and assume as a matter of course that cameras are tracking their movements. But in developed countries, where privacy has been considered a fundamental right that government ought to protect, if not regulate, the growing accuracy of face recognition is going to raise hackles. It almost feels as if privacy is becoming a privilege so expect a push by people to reclaim it as a right.

About NortonLifeLock Research Group
NortonLifeLock Research Group, known as Symantec Research Labs until 2019, was formed in June 2002 to secure the world’s computing devices and information through novel security and privacy paradigms. As NortonLifeLock’s global research organization, NortonLifeLock Research Group (NRG) is focused on driving trust and safety in an online world by creating new paradigms to enable digital security and privacy. NRG (pronounced “energy”) has played a leading role in exploring many cutting-edge technologies now commercialized across NortonLifeLock’s many product areas. Such technologies from the group include targeted attack protection, reputation based security, industry-leading rootkit protection, cloud based security services, and some of the industry’s earliest behavioral protection technologies. NRG is actively pursuing research with many partners in universities and beyond.

About NortonLifeLock Inc.
NortonLifeLock Inc. is a global leader in consumer Cyber Safety. We are dedicated to helping secure the devices, identities, online privacy, and home and family needs of nearly 50 million consumers, providing them with a trusted ally in a complex digital world.

Media contacts
Archetype Hong Kong
Fran Tam
Tel:+852 2534 8700/ +852 9777 5388
Email:[email protected]

SHARE THIS STORY

Share on facebook
Share on twitter
Share on linkedin
Share on email

RELATED POSTS

Elon Musk Buy Next

What Is Elon Musk Going to Buy Next?

There are moments in our lives—perhaps we are in the shower or struggling to sleep at 2 A.M.—when we think about all the ways we could influence the world. We find solutions to crypto volatility, world hunger and our neighbor’s ultra-dry plants.

5 Technologies

5 Technologies That Are on Stage in Russia’s Invasion of Ukraine So Far

On February 21, 2022, Vladimir Putin, President of the Russian Federation, declared the independence of the Donetsk People’s Republic and Luhansk People’s Republic. Arousing international outcry, this ignited the ultimate invasion of Russia on Ukraine three days later. While Ukrainians are still defying Putin’s covetous ambitions, new technologies have been floating on the surface to take advantage of each other.

Technology Joy Ghose

Technology Pioneers – Interview With Joy Ghose of FreeD Group

Over the past 15 years, the Chief Commercial Officer (CCO) of FreeD Group Limited, Joy Ghose, has accumulated plenty of experience in the travel and technology industry. Before joining FreeD Group, Ghose was involved in sales, marketing and management roles at companies like Merlin Entertainments and The Hong Kong Tourism Board.

Creamy Mattes and Beyond Reviewing GoPlay Cosmtics’ Custom Lipstick Maker

To Creamy Mattes and Beyond: Reviewing GoPlay Cosmtics’ Custom Lipstick Maker

While researching for our piece on personal color analysis, I came across the LIPSKIT, a custom lipstick-making tool created by GoPlay Cosmetics. GoPlay Cosmetics is a DIY (do-it-yourself) make-up brand that is looking to prioritize sustainability in the make-up industry without compromising the variety of your lipstick collection.

Ledger vs Trezor

Ledger vs Trezor: Where Should You Store Your Crypto Holdings?

As lucrative as the cryptocurrency world is, it comes with a high risk of losing your crypto because of hacks. To make sure that your crypto holdings stay safe with you, you must carefully choose effective storage solutions for them. One of the ways to keep your crypto secure is by holding it in a hardware wallet.

4 best companion robots to consider in 2022

Alone No More: 4 Best Companion Robots to Consider in 2022

The Covid-19 pandemic and the isolation that accompanied it has given many of us a healthy appreciation for good company. Over the long periods of self-isolation and quarantine, we have come to the realization that company can also come in many non-human forms, like pets, plants and… Roombas?