End of year predictions, evaluations and recommendations are commonplace in our industry, though no one could predict this time last year just quite how 2020 would pan out, and the far-reaching ramifications it would have. The office as we once knew it is, for now, a thing of the past, and may never return to its previous state. Organizations the world over have, for better or worse, undergone an accelerated digital transformation in a bid to adapt to remote working. And, perhaps most predictably, cybercriminals and threat actors have been ready and waiting to capitalize on the chaos.
This article will look to reflect on security headlines from 2020, recommend how businesses can improve their practices today to avoid the same mistakes in 2021, and cast an eye to future threats and developments, and how to overcome them.
Ransomware will show no signs of slowing down
Ransomware attacks have dominated the news cycle in 2020; it became the most observed threat of 2020 while ransomware attacks multiplied exponentially since the start of 2020, ultimately accounting for a third of all recorded attacks throughout this period.
Just ask IT giant Cognizant who, in April of this year, revealed that its network was compromised by Maze ransomware which resulted in a staggering blow to the company – to the tune of up to $70million, with further costs expected as it works to restore its computer systems. Specifically, the attack encrypted and disabled the organization’s core systems and disrupted plans to enable remote working at the height of the pandemic by taking computer systems and virtual desktop infrastructures offline. Finally, in a bid to protect themselves, many Cognizant customers reportedly removed Cognizant’s access to their networks, ultimately leading to countless projects put on indefinite hold.
Blueliv’s Threat Context module is ideally suited to defending against such attacks due to its ability to pivot and correlate the initial threat before it leads to a full breach, thanks to our 200 million plus database of items that allow users to use the indicator of compromise (IOC) as a starting point from which they can identify associated malware, campaigns, exploited common vulnerabilities and exposures (CVE), and the actor’s tools and tactics that correlate to the IOC. Users can also prioritize their CVE and benefit from a score-based analysis of the ransomware, and correlate them with existing campaigns. Users can even hunt down malware, using our sandbox analysis, coupled with in-depth insights and analysis provided by the Blueliv Labs team.
Given its success in 2020, we expect ransomware attacks to continue to grow in frequency and effectiveness throughout 2021, and envision the ransomware-as-a-service trend to continue to gain attention among those looking to deploy ransomware, but lacking in the skills or malware proficiency to do so.
Attackers will go phishing for IP
This year saw a rise in breaches, particularly in the healthcare sector, where criminals target patient records and other health data due to its value on the black market – primarily through the use of phishing tactics. However, throughout the COVID pandemic there has been an uptake in actors targeting intellectual property, particularly as groups across the globe have raced to create a suitable vaccine.
Russia’s APT29 is one such example. So far the actor group has targeted research centres in the UK, US and Canada in a bid to steal insights and advancements relating to a potential vaccine and become the first country to put it on the market.
With this in mind, it is expected that individual criminals, actor groups, and even insiders will look to steal and monetize intellectual property in 2021 and beyond – a move that, given the importance of a vaccine, would result in rapid financial gain for any successful criminal.
To successfully execute a phishing campaign, the attacker in question relies on deceit, misdirection, impersonation and, most importantly, the ignorance of their victims. To combat future phishing attacks, IT decision makers must look to instill a company-wide security culture, ensuring staff at all levels receive a basic standard of security training and are regularly reminded and taught how to identify malicious threats lurking in their inbox.
Governments will finally take a stand
Given the universal ruin caused by threat actors over the course of the past 12 months, 2021 could be the year that the world’s governments look to crack down on such criminal activities, ranging from financial damage to private organizations to more alarming attacks, such as death among patients as a result of a hospital attack, or the nation-wide fallout the could ensure from a successful breach of an energy grid.
2020 already saw the beginning of such an attitude shift: The US’s OFAC announced it would begin to supervise all payments to ransomware groups in a bid to increase threat awareness, while the US Cyber Command momentarily removed Trickbot in the midst of this year’s election. Given the need to crack down on cybercrime, we can see nations begin to implement economic sanctions against groups or territories (such as Russia or China) that are unwilling to address cybercrime that originates from their country
If nation governments are serious about standing up to threat groups, and the countries harbouring them, they must ensure they have a complete understanding of these adversaries and their strategies, objectives, and reasons for being. Only by studying all of this can government bodies begin to build effective, robust defences. This alone is a monumental task but, using threat intelligence, can be accomplished, and can see these groups benefit from better security posture and improved security decision-making.
Bitcoin will become even more attractive
Bitcoin has long been sought after by criminals and actor groups alike but, considering the economic state of the world, it’s likely to only become more appealing in 2021. Many countries are facing economic ruin due to the ongoing COVID-19 pandemic which has resulted in sudden declines in local currencies. Considering then how weak the local currency may become, cybercriminals will undoubtedly seek ransom in the form of Bitcoin or other Ecoin currencies as a more reliable currency.
Just this month actor group DoppelPaymer launched a ransomware attack against Taiwanese electronics giant Foxconn, demanding over $34million in Bitcoin. The group breached the organization before stealing and encrypting files and deleting valuable data from servers at Foxconn’s Mexican facility. At the time of writing, DoppelPaymer is believed to have encrypted 1,200 servers, stolen 100GB of files, and deleted 20TB of backups, which it has already begun to leak on its website.
IOT concerns will remain
The Internet of Things has been a steady constant on end of year lists for the past decade, though in recent years this has been the case for the subpar security surrounding this technology – a trend we expect to continue into 2021.
IOT adoption has accelerated among consumers and organizations alike, but the security of it and the connected devices leaves much to be desired. Healthcare workers, for example, increasingly rely on mobile and IOT devices in their working day, whilst their patients increasingly interact with them through digital channels across these devices. Other organizations, on the other hand, have this year seen their workers shift to remote working and, while many may have successfully implemented the right tools and practices to enable the new remote workforce, many have overlooked the vulnerability of connected personal devices – such as Google Home, Amazon Alexa etc – that is now sitting on the same home network as their employees. We know by now that our security is only as strong as its weakest link, so it’s not difficult to imagine just how easily an attacker could access files stored on a home worker’s network through a connected speaker.
A recent Forrester study revealed that by mid 2020 58% of organizations worldwide had over half of their employees working remotely due to COVID-19; on average, each worker had 11 devices in their home, all connected to the internet. Using this information, attackers can breach home networks with weak or non-existent password protection and, once in, move between connected corporate and personal devices – which is exactly what happened. 2020 saw a sharp rise in IOT focused attacks as criminals capitalised on these new vulnerabilities, one example saw a financial services CFO targeted who, whilst working from home, saw attackers attempt to breach his MacBook. Unable to gain access to the built in microphone, they swiftly changed tactics and instead took control of a IOT-connected smart speaker in the CFO’s home, and were easily able to listen in on sensitive conversations regarding the CFO, his company, and its finances. At this time the fallout of this intrusion has not been revealed.
To combat this, organizations must evolve their cybersecurity strategies to ensure that employee’s home networks, and the data sitting on them, remains as protected as it would be in the office perimeter of yesteryear, whilst continuing to educate their staff on network vulnerabilities and best practice for keeping company data disconnected from civilian devices.