Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
From the rise of ransomware to remote working, it is time to shore up your defenses
By James Muir, Threat Intelligence Research Lead, BAE
Systems Applied Intelligence
James Muir of BAE Systems Applied Intelligence lays out his
2021 cybersecurity predictions on ransomware, synthetic media, hacking for
hire, and remote working for organizations worldwide.
1.
Ransomware continues its march; policy complexities follow
The surge of
ransomware attacks against organizations was *the* central cyber threat theme
of 2020. We have seen more and more groups adopting the 'double extortion'
model based on data theft and public victim blogs. A 'perfect storm' of factors
has contributed to the success of this criminal enterprise. We expect criminal
groups to continue in this vein, evolving their tools and finding ways to
collaborate. This will result in a greater number of effective attacks. We also
anticipate increased use of ransomware-like attacks by unscrupulous state
actors, both for financial gain, as well as for disruptive attack under a false
flag. Recent advisories by US Treasury bodies are a first sign of policy
complexities to come, with legislation around ransom payment likely to emerge
in a number of countries. Financial institutions, especially those offering
cyber insurance, will need to watch this space closely in 2021. Whether policy
measures are sufficient to stop the scourge of ransomware attacks remains to be
seen; collaborative defensive and increased pursuit of the criminals is also
likely required.
2.
Synthetic media goes mainstream, and threat actors capitalize
Technological
developments in synthetic media (AI-generated faces, voices, etc.) have boomed
in 2020 and will continue to do so in 2021. The benefits of this could be
many-fold. For example, NVIDIA has proposed an AI-based mechanism to minimize bandwidth use in
videoconferencing, with impressive results. However, time has told us that
threat actors are always quick to exploit technological advances to support
their goals. The immediate use of 'deepfakes' for disinformation will be in the
interests of several different threat actor groups with political or subversive
goals. Synthetic media will also be increasingly used for new twists on social
engineering - e.g., AI-generated faces on social media profiles, fictitious
personnel at spoofed/front companies, etc., and an array of potential uses of this technology for cybercrime
and fraud are likely to be seen in the wild. A scenario in which 'your CEO' requests
over Zoom that a wire transfer is made, when in reality it is a real-time
deepfake video overlay and audio from a cyber-criminal, is increasingly a
possibility.
3.
Hacking-for-hire becomes a booming industry and intrigue abounds into the
'hirers.'
2020 has
seen a massive increase in disclosure of threat activity constituting 'hacking
for hire.' Often referred to as corporate or industrial espionage or
'mercenary' activity, an increasing number of threat groups and corresponding
companies have been implicated in this. We predict that further to the apparent
nexuses for these companies in India and Russia, more groups and centers will
appear. To date, organizations and individuals in legal, financial services,
and government sectors have been heavily targeted, but the ultimate 'hirers' of
this activity remain unclear. We expect more investigative effort will shine a
light on this eco-system in 2021.
4. The
implications of remote working become clearer
Much has
been written about the potential implications of increased remote working on
organizational security, with particular attention to increased attack surface
through additional devices and different connectivity mechanisms. Survey data has suggested that a lack of
awareness around security best practices has led to an increased rate of data
breaches. There have been reports of 'WFH compromise' leading to 'organizational
compromise' - although it is unclear whether these would have occurred from the
office anyway. Definitive trends in whether remote working has led to increased
prevalence of specific attack paths are currently unclear. However, we expect
further attention from both attackers and defenders in 2021. As a global
movement to work from home has shifted the enterprise' last mile' to include
consumer network-enabled technology, 2021 shapes up to be the beginning of a
new revolution in adversary tactics, tools, and strategy.
5.
Organisations go back to basics to shore up defenses
"Doing
the basics right" has been a mantra of many cybersecurity standards bodies
for many years. Continuing a trend we saw in 2020, we expect an additional
emphasis on this in 2021 as organizations realize that implementation of
patching regimes and appropriate authentication controls are a pre-requisite
for good security - and those complex technical solutions are rarely the answer
in and of themselves. This has particular relevance for preventing ransomware
attacks, where board recognition of the threat and preparedness for the attack
- both in response and ensuring that backups are functioning and resilient to
attack - are vital. The transition to the cloud has been undoubtedly
accelerated by the COVID pandemic, further shifting monitoring away from the
enterprise for early warning. The Verizon DBIR 2020 highlighted the rise of
breaches due to cloud misconfigurations (pre-pandemic) - this is likely to
feature heavily next year, too but is a 'basic' that should receive increased
emphasis.
##
About the Author
James Muir leads on thematic and technology threat
research at BAE Systems Applied Intelligence. His current research interests
are in the ransomware threat, hackers-for-hire, and threats to operational
technology. Muir is a secondee with the UK government's National Cyber Security
Centre's Industry 100 scheme. Muir also holds a PhD in Neuroscience from
University College London.