Connected World Means Many Challenges for Cybersecurity

By Guy Propper, team leader of the Threat Intelligence Team at Deep Instinct

With 2020 coming to an end (a wonderful thing) and the wholesale structural shift to work-from-home, everyone will need to keep their proverbial ‘finger on the pulse' to keep pace with the new risks, priorities and considerations that are emerging in cybersecurity.

1- Proliferation of Botnets and Access as a Service

Botnets have become one of the biggest cyber threats today. What makes botnets so dangerous is the size of their network - where the more infected online devices that a botnet has under its command, the wider its pool of malware delivery, and therefore the bigger its impact. And considering a hacker's ultimate goal is financial gain, malware infiltration or just disruption, the bigger the pool, the better. In 2021, we expect to see more malware creators sell access to their botnets, and thereby access into their network of millions of infected connected devices. Our researchers at Deep Instinct have coined the term ‘Access-as-a-Service" to refer to this exchange.

The implication of this is bad. Botnets like Emotet have market value in the dark web for their ability to break down the attack chain into several components, so that a smaller scale hacker can just focus their efforts on fewer components of the attack chain, and thereby become more skilled in just those limited components. For example, the botnet will provide the initial access, while the hacker will focus their effort on becoming better at information theft or the ransomware logic.

2- Organized Cybersecurity Cooperation Between Government and Private Enterprise

Combatting the growing complexity of attacks has necessitated collaboration between private companies and government security departments. This was observed in the lead up to the U.S. elections this past November where the U.S. Cyber Command branch of the Department of Defense collaborated with multiple security companies in an effort to take down Trickbot. The malicious botnet which is known to be one of the most active and dangerous, had many of its infected computers liberated, as the combined effort worked to put the brakes on the attempt to interfere with electoral systems.

We expect to see this collaboration continue and escalate as more nation-states engage in cyber warfare and support both the development and defense efforts of APTs (Advanced Persistent Threats), zero-day exploits, and machine learning-based adversarial attacks.

3- Onset of Adversarial Machine Learning Malware

In 2020, we saw the increased adoption of machine learning academic knowledge being used in adversarial attacks in private industry research. As this knowledge gradually makes the transition from academia to the wild, we expect to see malware campaigns attempting to evade products based on machine learning models, either by fooling the model, learning how to subvert it, or by forcing it to shut down. Since machine learning-based products are becoming dominant in the market, it makes sense that they represent the next target for well-resourced hackers. We expect that those perpetrating the attacks will be only a select few of very sophisticated and highly capable threat actor groups who most likely will be acting as part of a nation state sponsored campaign. The bar of entry to AI based attacks is still very high, and we therefore don't expect it to become "run-of-the-mill" malware next year.

4- Ransomware to Target Mission Critical Organizations

Increasingly, in 2020 we saw ransomware attacks coerce pay-outs by not only stealing a victim's sensitive data, but also threatening to expose it. The greater the stakes, the better likelihood of a payday for the attacker. For this reason, in 2021 we expect to see a move towards targeting mission critical organizations, especially those organizations with minimal risk tolerance to have their digital systems shut down or their data stolen and exposed.

Hospitals and educational institutions are good examples of this - with both sectors having already suffered from a wave of ransomware infections - since both schools and hospitals are under enormous pressure to keep their doors open. In the crosshairs between ransomware and data privacy regulations, private companies are also more susceptible to being breached, with the added risk of being hit with large fines if found to have exposed data.

5- Rising Cybersecurity Company Valuations

During the recent worldwide economic downturn, cybersecurity was one of the few industries to record growth. In 2021, we expect to see cybersecurity stock prices and company valuations continue this upward trajectory, with multiples expected to reach new heights. This development appears to reflect a changing market perception of cybersecurity products that are no longer seen as a discretionary item, but rather as a staple.

With the transition to remote work and the seemingly infinite attack surface this has created, it is far more complex for enterprises to provide the same level of security as working within the confines of an office. That, combined with growing sophistication of attacks means 2021 will be another challenging year for IT security teams who will require optimal processes and technology for a fighting chance of preventing attackers from succeeding.

##

About the Author

Guy Propper is the team leader of the Threat Intelligence Team at Deep Instinct, with a wealth of experience in the cyber security world. Guy has several years of cybersecurity experience in an elite technological operational unit in the Intelligence department of the Israeli Defense Forces.