Top Nation-State Cybersecurity Threats in 2020

Top Nation State Cybersecurity Threats in 2020 RiskXchange The leader in Third-Party Cyber Risk Management

Cyberattacks and data breaches are a major problem for businesses everywhere. It’s therefore fundamentally important to ensure that superior cybersecurity measures are in place to stop hackers in their tracks and to protect assets.

Organisations everywhere must pay special attention to nation-state attacks, and that includes those that don’t believe they will ever become a target. If they don’t tread with caution and protect themselves at all levels, companies may find out the costs the hard way.

Unfortunately, cybersecurity professionals and experts are few and far between in today’s rapidly evolving environment. But RiskXchange is leading the fight against cyberattack and data breaches by operating the best cybersecurity measures.

However, before we learn more about RiskXchange, let’s take a look at the main areas of fallibility and the top nation-state cybersecurity threats in 2020.

The three Ds – Disruption, Distortion and Deterioration

According to the University of San Diego, there are three key areas that should be protected at all times. The “three Ds” are your main cause for concern and should be strengthened at all costs.

1) Disruption

Over-reliance on fragile connectivity creates the potential for premeditated internet outages capable of bringing operations to its knees and a heightened risk that ransomware will be used to hijack the Internet of Things and infiltrate systems.

2) Distortion

The intentional spread of misinformation, including by bots and automated sources, causes trust in the integrity of information to be compromised.

3) Deterioration

Rapid advances in intelligent technologies plus conflicting demands posed by evolving national security and individual privacy regulations negatively impacts an organisation’s ability to control their own information.

With the above in mind, let’s take a look at the top threats you should be aware of to ensure your organisation has the best cybersecurity measures in place.

Top nation-state cybersecurity threats in 2020

According to RiskXchange and other leading organisations, cybercrime costs are projected to hit GBP 5 trillion this year. It therefore makes sense to invest a small sum in protecting your business against the biggest threats, because it could save you much more in the long-run.

According to Tech Target, the following are the main threats:

Public web server-based APTs

Chinese-sponsored groups have launched waves of advanced persistent threats (APTs) against telecommunications providers for years. The attacks capture data from Active Directory, compromising usernames and passwords, along with other personally identifiable information, including billing data, call records, credentials, email servers and user geolocation data.

Supply chain attacks

Attackers observe financial activity that might indicate a future merger or acquisition, initially targeting gaming companies. It has since moved to target a range of verticals, including the automotive industry, media, high-tech firms and healthcare organisations.

Hijacked attacks

Attackers typically operate autonomously. However, some have begun to use other bad actors’ infrastructure to launch attacks. One such example is Turla, a Russian group that used a host of tactics against a range of government and high-tech organisations in 10 countries. In its most recent slew of attacks, Turla hijacked the infrastructure used by the nation-state group Crambus to deliver malware. Although there is no direct way for enterprise cybersecurity professionals to protect against hijacked attacks, they should be in the back of security leaders’ minds.

What’s more, the evidence of nation-state attackers learning to piggyback on top of one another’s efforts is compelling – and something to watch out for in 2020.

According to Michelle Moore, PhD, Academic Director of the Master of Science in Cyber Security Operations and Leadership at the University of San Diego, there are range of threats that should be at the top of every organisation’s priority list.


Phishing attacks have become more sophisticated. Carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data. Now that employees at most organisations are more aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are upping the ante.


Ransomware strategies have evolved. Ransomware attacks are believed to cost victims billions every year, as hackers deploy technologies that enable them to literally kidnap an individual or organisation’s database and to hold all of the information for ransom. The rise of cryptocurrencies like Bitcoin is credited with helping to fuel ransomware attacks by allowing ransom demands to be paid anonymously.


The cryptocurrency movement also affects cybersecurity in other ways. For example, cryptojacking is a trend that involves cyber criminals hijacking third-party home or work computers to “mine” for cryptocurrency.

Cyber-physical attacks

The same technology that has enabled us to modernise and computerise critical infrastructure also brings risk. The ongoing threat of hacks targeting electrical grids, transportation systems, water treatment facilities, etc., represent a major vulnerability going forward. State-sponsored attacks

Beyond hackers looking to make a profit through stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and perform attacks on critical infrastructure. Cybercrime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. State-sponsored attacks are expected to increase in 2020, with attacks on critical infrastructure of particular concern.

IoT attacks

The Internet of Things includes laptops and tablets, but also routers, webcams, household appliances, smart watches, medical devices, manufacturing equipment, automobiles and even home security systems. More connected devices means greater risk, making IoT networks more vulnerable to cyber invasions and infections. Once controlled by hackers, IoT devices can be used to create havoc, overload networks or lock down essential equipment for financial gain.

Smart medical devices and electronic medical records (EMRs)

The healthcare industry is still going through a major evolution as most patient medical records have now moved online, and medical professionals realise the benefits of advancements in smart medical devices. However, as the healthcare industry adapts to the digital age, there are a number of concerns around privacy, safety and cybersecurity threats.

Third parties

Third parties such as vendors and contractors pose a huge risk to corporations, the majority of which have no secure system or dedicated team in place to manage these third-party employees.

Connected cars and semi-autonomous vehicles

Driverless cars and connected cars utilize on-board sensors to optimize its own operation and the comfort of passengers. This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent; by 2020, an estimated 90 percent of new cars will be connected to the internet.

Social engineering

Hackers are continually becoming more and more sophisticated not only in their use of technology, but also psychology. Using a variety of media, including phone calls and social media, these attackers trick people into offering them access to sensitive information.

RiskXchange delivers cost-effective solutions

RiskXchange is leading the fight against cybercrime, coming up with novel solutions to everyday problems. Not only are we able to tackle the above-mentioned top nation-state cybersecurity threats, but are also able to protect organisations anywhere at any level – regionally, internationally, societal, individuals and economically.

We offer continuous cybersecurity monitoring, providing real-time visibility of users and their devices on all applications, software and device types. Our cybersecurity monitoring best practices give organisations the ability to continuously look over their network to stay one step ahead of any cyber threats.

About RiskXchange

RiskXchange is an information security technology company, that helps companies of all sizes fight the threat of cyber threats by providing instant risk ratings for any company across the globe.

RiskXchange was founded and is led by recognised experts within the security industry, who have held leading roles within companies such as IBM Security.