Virtualization Technology News and Information
Article
RSS
Acronis 2021 Predictions: Navigating the "next normal" - Five cyberthreat predictions

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual VMblog.com series exclusive.

Navigating the "next normal" - Five cyberthreat predictions for 2021

By Candid Wüest, VP of Cyber Protection Research at Acronis

While 2020 began more or less like any other year, by April nearly half of the American workforce was working from home, relying on cloud services and remote tools for everyday business operations. As we look forward, it's unlikely that the traditional in-office model will be making a full return anytime soon - or perhaps ever.

This cultural change comes with a slew of new security challenges that IT professionals must be prepared to address. Here are five trends that are likely to define the cybersecurity landscape in 2021.

1. Increase of industrialized, personalized cyberthreats

While new cyberthreats are always emerging, we don't expect traditional dangers like ransomware, botnets, and phishing to disappear anytime soon. On the contrary, these threats are increasing and evolving, driven in part by an explosion in digital transformation and the widespread transition towards work-from-anywhere business models.

As raw computing power and artificial intelligence become more widely available, cyberattacks are increasingly automated. Cybercriminals can build and iterate new threats with impressive speed. We're seeing a greater degree of personalization in these threats as well, as targeted attacks are developed with information mined from social media and corporate websites.

Spear phishing campaigns have long since shown that when a cybercriminal is willing to put in the extra effort of individually tailoring attacks, they're rewarded with a greatly increased rate of success. The industrialization of malware and social engineering campaigns threaten to cause runaway damage to organizations worldwide if not properly addressed with comprehensive cyber protection solutions.

2. Why you must know your weakness

Cyberattack personalization is becoming easier than ever. But it's not only human recipients that must contend with this trend - your network is more exposed than you might realize.

There's a lot that cybercriminals can glean about the systems and applications that make up your company's network by simply mining social media and corporate websites. Another avenue is to buy previously leaked passwords or even direct access to desired systems from other cybercriminals via underground forums.

If they can compromise at least one individual system on the network, then it can be used to gain further insights. System tools like PowerShell and WMI may be used to reveal this information without raising any red flags. These dual-use tools and fileless attacks are still very popular among attackers, but the "living off the land" tactic goes even further. Attackers are increasingly abusing legitimate software rollout tools to distribute their malware inside a company. They will also hunt for unprotected administration consoles and, if successful, use them to disable antivirus solutions or delete previous backups - all through legitimate functions provided for normal administration.

3. Data extortion continues

Targeted ransomware has entered a new phase. Encrypting the data is no longer the prime directive. New ransomware groups are stealing sensitive data in bulk and then blackmailing the companies with the threat of publishing all stolen information. If the victim is unwilling to pay, then an additional DDoS attack may be used to target them further. Such attacks often demand multi-million dollars in bitcoin as ransom, as the alternative is to face millions in fines for violating privacy laws. A simple backup alone will not protect you from such attacks, which is why a comprehensive strategy is needed more than ever.

But this is not the end of ransomware. Attackers are expanding into new fields, including manufacturing OT, IoT devices, and cloud storage applications - anything that could be valuable leverage for their negotiation.

Attackers even abuse the trusted relationship with managed service providers by attacking the end customer through the MSP. Such supply chain attacks multiply the potential reach of the cybercriminals, increasing the profitability of each successful attack.

4. Attacks on business processes will increase

In the world of cybersecurity, the term "vulnerability" doesn't always refer to exploitable software or hardware. Sometimes it's the flow of business operations itself that's susceptible to attack - and this attack surface is only increasing as more and more organizations shift towards a complex digital-first model.

We've seen an uptick in business process compromises in which cybercriminals study an organization's regular processes in order to find a weakness that they can exploit for financial gain. Malware may be involved, of course: If attackers can discretely compromise a system on the target's network, it provides an excellent window for this sort of observation.

One example might involve a business that relies on an automated tool for generating invoices. Once a cybercriminal identifies this process, they can specifically target the invoicing tool and force it to populate their own bank account number - rather than that of the business - into each future invoice. Done smoothly, such an act could easily go unnoticed by the organization for quite some time.

5. Expect more cloud service attacks

To say that the COVID-19 pandemic accelerated a shift towards remote work is an understatement. As companies rushed to adopt new technologies - including remote access tools, collaboration apps, and cloud services - many lacked the time to properly vet each solution. Others lacked the budget to adopt tools from proven vendors rather than free alternatives that are often not as secure. Then, if the organization lacks an IT expert with relevant training in their chosen solution, the odds of misconfiguration are high.

Cybercriminals naturally see cloud services as a juicy target. They aren't always well-protected, and successfully attacking one service can effectively expose hundreds or even thousands of their client organizations.

Once a cloud service is compromised, it can lead to huge data breaches or lure unsuspecting victims into interacting with malware - after all, end users trust their service providers. As businesses continue to rely on cloud services for essential operations, this prospect underscores the importance of budget prioritization and working with security-minded providers.

Staying safe in 2021

Cyberattackers are profit-driven and will try to maximize their gains by automating their business and attacking companies where they are most exposed.

At the same time, businesses are already struggling to effectively protect their entire workloads across the complex ecosystem. Doing so requires robust solutions that integrate cybersecurity with data protection, as well as monitoring networks and endpoints for vulnerabilities and unconventional threats. It requires cyber protection.

To be sure, 2020 has been a tough year. While most have successfully navigated these rocky waters, it's important not to let our guard down, since 2021 will bring its own challenges.

##

About the Author

Candid Wuest 

Candid Wüest is the VP of Cyber Protection Research at Acronis, where he researches on new threat trends and comprehensive protection methods. Previously he worked for more than sixteen years as the tech lead for Symantec’s global security response team. Wüest has published various articles and books and is a frequent speaker at security-related conferences. Wüest is an advisor for the Swiss federal government on cyber risks. He learned coding and the English language on a Commodore 64. He holds a master of computer science from the ETH Zurich and various certifications and patents.

Published Monday, December 14, 2020 11:00 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2020>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789