Press release

Advanced Persistent Threats in 2020: Abuse of Personal Information and More Sophisticated Attacks Are Coming

Sponsored by Businesswire

Kaspersky researchers have shared their predictions on Advanced Persistent Threats (APTs) in 2020, pointing out some of the ways the landscape of targeted attacks could change in the coming months. The overall trend shows that threats will grow in sophistication and become more targeted, diversifying under the influence of external factors, such as the development and propagation of machine learning, technologies for deepfake development, and tensions around trade routes between Asia and Europe.

The predictions were developed based on changes that the Global Research and Analysis Team witnessed over 2019, and are an effort to help the cybersecurity community prepare for the challenges that lie ahead in the coming year.

The abuse of personal information: from deepfakes to DNA leaks

After a number of personal data leaks that happened in recent years, the number of personal details available made it easier for attackers to perform targeted attacks, based on victims’ leaked info. In 2020, threat actors will dive deeper, hunting for more sensitive leaks, such as biometric data.

The researchers pointed out a number of key technologies which could lure victims of personal data abuse into the attackers’ traps. Among them are video and audio deepfakes that can be automated and support profiling, as well as the creation of social engineering and other schemes.

Other targeted threat predictions for 2020 include:

  • False flag attacks reach a whole new level. These attacks will develop further, with threat actors seeking not only to avoid attribution but also to actively lay the blame on someone else. Commodity malware, scripts, publicly available security tools and administrator software, mixed with a couple of false flags, where security researchers are hungry for any small clue, might be enough to divert suspected authorship to someone else.
  • Ransomware shifts toward targeted threats. Attackers will focus more on organizations that are likely to make substantial payments in order to recover their data. A potential twist might be that, instead of making files unrecoverable, threat actors will threaten to publish data that they have stolen from the victim company.
  • New banking regulations in EU open new attack vectors. As banks will be required to open their infrastructure and data to third parties who wish to provide services to bank customers, it is likely that attackers will seek to abuse these new mechanisms with new fraudulent schemes.
  • More infrastructure attacks and attacks against non-PC targets. Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. VPNFilter and Slingshot, for example, targeted networking hardware.
  • Cyberattacks focus on trade routes between Asia and Europe. New attacks could hit regions including Turkey, East and South Europe and East Africa. Possible scenarios include a growth in political espionage as governments seek to secure their interests at home and abroad. They could extend also to technological espionage in situations of economic crisis and instability.
  • New interception capabilities and data exfiltration methods. Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries.
  • Mobile APTs develop faster. There are no good reasons to think this will stop any time soon. However, due to the increased attention given to this subject by the security community, the number of attacks being identified and analyzed in detail will also increase.
  • Personal information abuse grows, armed with AI. It is very similar to some of the techniques used for driving election advertisements through social media. This technology is already in use and it is just a matter of time before some attackers take advantage of it.

“The future holds so many possibilities that there are likely to be things that are not included in our predictions. The extent and complexity of the environments in which attacks play out offer so many possibilities. In addition, no single threat research team has complete visibility of the operations of APT threat actors. We will continue to try and anticipate the activities of APT groups and understand the methods they employ, while providing insights into their campaigns and the impact they have,” said Vicente Diaz, security researcher at Kaspersky.

The predictions have been developed thanks to Kaspersky threat intelligence services from around the world. On November 20, Kaspersky GReAT researchers will also share, via webinar, their predictions for upcoming changes in the world of major threat actors in 2020. To join the webinar please click this link.

The full list of Kaspersky Threat Predictions for 2020 is available on Securelist.

This list of predictions is a part of Kaspersky Security Bulletin (KSB), an annual series of predictions and analytical articles on key changes in the world of cybersecurity. Follow this link to look at other KSB pieces.

To look back at what Kaspersky experts expected to see for advanced targeted threats in 2019, please read more here.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at