Virtualization Technology News and Information
VMware Carbon Black 2021 Predictions: Time to Scale up Cybersecurity Efforts

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

Time to Scale up Cybersecurity Efforts

By Tom Kellermann, Head of Cybersecurity Strategy and Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black

As we look ahead to 2021, it's important to consider the cybersecurity challenges organizations faced in an unprecedented year. COVID-19 proved that a global pandemic will not stop cybercriminals from executing some of the most destructive attacks to date, further highlighting the need for a comprehensive view of security across personal devices, servers and the cloud.

The recent VMware Carbon Black Global Incident Response Threat Report found 54% of incident response (IR) professionals encountered destructive cyberattacks and 82% experienced counter-incident response. Cyber intrusions are escalating as cybercrime cartels have become more punitive. As many employees telework, it leaves them all too vulnerable to a plethora of cyberthreats, which cannot be mitigated by traditional corporate perimeter defenses. Industry experts warn that we could be facing another year of increasingly sophisticated attacks and now is the time to prepare your organization.

To help begin this preparation process, here are cyber trends that we can expect to develop and continue heading into 2021.

Tom Kellermann predicts:

Cloud jacking goes mainstream: If 2020 was the year of island hopping, in which cybercriminals infiltrate large company networks by targeting third parties using lower levels of protection, then 2021 will be when cloud jacking goes mainstream. Cloud jacking through public clouds will become the island hopping strategy of choice for increasingly sophisticated cybercriminals, especially considering the overreliance of public clouds by the newly distributed workforce.

All eyes on ICS destruction: As geopolitical tensions increase, we can expect an explosion of destructive cyberattacks against industrial control system (ICS) environments, with energy and manufacturing companies becoming renewed top targets for cybercriminals and spies. New, destructive malware specific to ICS infrastructure will be a hot commodity on the dark web, with new versions of the Triton malware already in development.

iOS attacks on the rise: In 2021, we'll continue to see nefarious, opportunistic cybercriminals leverage macOS as a means to conduct cyberattacks. They'll leverage custom malware, such as Shlayer, to gain access into iOS, ultimately turning Siri into their personal listening device. For those conducting private business dealings at home, you'll want to monitor your security settings on all mobile and connected devices, while practicing digital distancing more than ever before.

Greg Foss predicts:

Prepare for stronger, more sophisticated ransomware attacks: In 2021, ransomware will increase in terms of escalation as well as the punitive nature of the groups behind these attacks. We will continue to see more nation-state adversaries leveraging ransomware for purely destructive purposes, especially as a means to inflict kinetic damage in the real world. The new year will also witness an increase in refactored ransomware, leveraging for denial of service and pure wiping capabilities. For organizations, this means that even if the ransom is paid, they will not be able to decrypt the stolen assets. We'll also see these malicious groups increase double extortion ransomware, where a ransom will need to be paid to not only unlock systems but to also avoid leaking any stolen, sensitive data.

Additionally, ransomware groups will begin to combine forces. In order to attempt to outsmart security measures, notorious ransomware groups will team together to share resources, data and infrastructure, sharing code and thus further muddying the attribution waters. We'll also see conflicts arise between groups as they differ in ‘morals' -- some will continue to go after vulnerable industries like healthcare, where others have promised to stay away due to the nature of the global pandemic.

AI & ML will be a top tool for cyber offense and defense: Artificial intelligence (AI) and machine learning (ML) have significant benefits in cybersecurity -- but in 2021, expect for the technologies to be increasingly leveraged offensively, as well. From an adversarial perspective, we'll see malware continue to advance in the ways it utilizes AI/ML principals for post-exploitation activities, leveraging collected information to then pivot to other systems and potentially even partner organizations. This will allow malicious actors to move laterally and spread widely, quickly, and efficiently, all through automation.

The silver lining is that in 2021, defenders will begin to see significant AI/ML advancements and integrations into the security stack. In 2020, security automation was often overengineered and too complicated to be realistically implemented within organizations' cyber defense arsenal, aside from more mature operations. As awareness of this pain point increases, we can expect defenders to fix the issue, maximizing automation to spot malicious activity faster than ever before.

Cybercriminals will remain opportunistic, with government and healthcare data in demand: There was significant activity on cybercrime markets and forums in 2020, and we can only expect this trend to continue into the new year, with the increasing trends around initial access brokerage, Ransomware as a Service (RaaS), bulletproof hosting, and a myriad of privacy-centric cryptocurrencies, the underground economy is easier than ever to get involved in. This is especially critical now, as many traditional criminal enterprises have been forced to adapt their operations and move online, in much the same way as many legitimate businesses in 2020. As the world continues to battle COVID-19, we'll continue to see a load of private testing data available for sale, as well.


About the Authors

Tom Kellermann, Head of Cybersecurity Strategy

Tom Kellermann 

Tom Kellermann is the Head of Cybersecurity Strategy for VMware Inc. Previously Tom held the position of Chief Cybersecurity Officer for Carbon Black Inc. Prior to joining Carbon Black, Tom was the CEO and founder of Strategic Cyber Ventures. In 2020, he was appointed to the Cyber Investigations Advisory Board for the United States Secret Service. On January 19, 2017, Tom was appointed the Wilson Center's Global Fellow for Cyber Policy. Tom previously held the positions of Chief Cybersecurity Officer for Trend Micro; Vice President of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008 Tom was appointed a commissioner on the Commission on Cyber Security for the 44th President of the United States. In 2003 he co-authored the Book "Electronic Safety and Soundness: Securing Finance in a New Age."


Greg Foss, Senior Cybersecurity Strategist

Greg Foss 

Greg Foss is a Senior Cybersecurity Strategist at VMware Carbon Black where he focuses on detection engineering, security efficacy and bypasses across the diverse product line. In previous roles, Foss led a threat research team, built and ran a global security operations program, consulted in penetration testing and worked as a Security Analyst for the Federal Government. Foss is a very active member of the Denver information security community who loves to give back and support the industry.

Published Tuesday, December 01, 2020 8:01 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2020>