Deepfake video technology, the Internet of Things, and new ransomware schemes are poised to wreak maximum damage on companies and individuals in 2020.
That’s the assessment of Forrester, which has prepared an analysis of upcoming cyberthreats for ZDNet.
Forrester believes deepfake technology, which allows criminals to create convincing videos of people doing or saying things they never did, could cost businesses as much as $250 million in 2020.
Hackers could use deepfake to discredit a CEO, Forrester says, causing stocks to plunge. That would mean a quick payday for cybercriminals who had shorted the stock. Same with creating scandals around celebrities associated with particular brands. One viral video hits the company hard and gives crooks a big payday.
Deepfake could even be combined with phishing to convince employees that they are talking with company executives and should therefore comply with a request for database passwords or access to banking information.
Second on Forrester’s list: the Internet of Things. Smart devices make home life more convenient and manage complexity in many business fields. They ship with default passwords, however, and studies show that many users never bother to change them. IoT devices are as vulnerable to hacking as PCs ever were.
The IoT field also includes industrial systems that control the electrical power grid, municipal water systems, traffic lights, hydroelectric plants, and more. Most of these control systems were deployed before they were connected to the internet, and many lack industrial-strength security.
The third threat involves schemes, not tech. It’s a new wrinkle in ransomware.
Ransomware happens when a hacker gets access to a computer or computer network and encrypts critical data, demanding a cash – or, increasingly, Bitcoin – payment in exchange for the decryption key. Ransomware attacks have declined in recent years but payouts have grown much larger as cybercrooks increasingly target critical functions in industries with deep pockets.
Ransomware hackers are now making themselves copies of sensitive corporate data before encrypting targeted systems. Even after the ransom payment is made, they’re offering the stolen information on sale on the dark web – or just threatening to, looking to extort victims into making an endless cycle of payments.