Five 2021 Cyber-Threats: What represent the key element behind the digital strategy of your business in 2020? It was, in fact, COVID-19 for most organizations. One enterprise, then another further said 2019: “work-from-home is not an alternative for us” or “we’re not interested in switching infrastructure to the cloud.”
Everything overruled thereafter. A drastic change towards remote work was forced by the disease outbreak. This was not even a choice for many enterprises; it was a ‘do or die‘ situation.
About half of the American working population worked from home by April 2020. As companies and employees are quite comfortable with this, we do not anticipate anytime soon, if ever, an absolute return to the conventional in-office model. Work-from-home is the contemporary way of doing business, with employees accessing cloud services, collaborative tools and remote systems from home and public networks – and not always through the safety of a VPN.
This rapid shift brings a host of security challenges for companies, and we think five trends will dominate the cybersecurity landscape in 2021.
#1: Five 2021 Cyber-Threats: Yesterday’s Threats, Blossomed
Foremost, it seems comprehensible that ‘known’ cyber-threats such as phishing, ransomware, Trojans and botnets will remain prominent. Such attacks are increasingly automated and tailored with personal info, often mined from company websites and social networks. As the trends towards automation increase, these sorts of hazards will keep growing in number and frequency.
Current events can shape these threats as well. We experience a surge in phishing emails during the pandemic, taking advantage of victims’ unfamiliarity with remote work applications or purporting to contain details of much-needed stimulus checks.
As malware and social engineering campaigns are industrialized, cyber-criminals can assess and fine-tune their attacks based on the results achieved until they experience a truly dangerous threat with a considerable success rate.
#2: Five 2021 Cyber-Threats: Fileless Attacks
As the name suggests, fileless attacks – a subset of ‘Living off the Land’ (LotL) attacks, which exploit tools and features already present in the victim’s environment – don’t rely on file-based payloads, and generally don’t generate new files either. As a result, they have the potential to fly under the radar of much prevention and detection solutions.
A typical fileless attack might start with an emailed link to a malicious website. Social engineering tricks on that site can launch system tools, like PowerShell, which retrieve and execute additional payloads directly in system memory. Detecting malicious use of built-in system tools, as opposed to their many legitimate automation and scripting uses, is a real challenge for traditional defenses.
Fileless attacks aren’t new, exactly. The use of system tools as backdoors has been around for decades, but owing to the tactic’s considerable success rate – and the fact that leveraging existing system processes can shorten malware development cycles – they’re rapidly trending upward. Also, fileless attacks aren’t limited to individual organizations: we see attackers increasingly targeting service providers, abusing their infrastructure and management tools to compromise their clients.
#3: Cloud And Remote Service Attacks
The COVID-19 pandemic forced companies to quickly adopt new cloud services, remote access tools and collaboration apps. However, many organizations lacked IT experts with the relevant training to properly configure these solutions – not to mention lacking the time to properly vet convenient tools or the budget to work with proven vendors rather than gravitating towards free alternatives of questionable quality.
Server applications, containers and cloud storage aren’t always well-protected and are seen by cyber-criminals as prime targets with a large attack surface. Compromising one service may expose scores of organizations downstream – a variant of supply a chain attack, which sidesteps organizational security by infiltrating higher levels in the supply network and deploying payloads through the tools you rely on and trust. Misconfiguration only raises the risk, exposing more services to attackers. Such scenarios will inevitably lead to data breaches.
#4: Five 2021 Cyber-Threats: Business Process Compromises
Sometimes, cyber-criminals identify vulnerabilities not in applications, but in the process flow of business operations. We’re witnessing an increase in business process compromises, in which threat actors take advantage of systemic operational weaknesses for financial gain.
Attacks on business processes demand considerable knowledge of the victims’ systems and operations. They frequently begin with a compromised system on the target network, through which cyber-criminals can observe the organization’s processes and gradually identify tenuous links.
These attacks are often quite discrete, and impacted organizations may not detect them in a timely fashion – notably, if the compromised process continues working ‘as expected’ despite producing inconsistent results. As an example, attackers could siphon funds by compromising an automatic invoicing tool and changing the bank account number that’s populated into each future invoice.
#5: Five 2021 Cyber-Threats: Customized Payloads
As we’ve seen in the contrast between phishing and spear-phishing, targeted attacks, while requiring extra effort on the threat actors’ part, are considerably more effective at compromising systems and data. This approach is starting to get much more sophisticated.
Cyber-criminals can discover frequently about your network from company websites, social media and, of course, by compromising individual systems on the network. Pervasive, dual-use tools like PowerShell and WMI allow attackers to pursue more about the tools and services your company relies on without setting off red flags. Armed with knowledge of these tools and the vulnerabilities present in each, they can construct payloads specifically designed to bring down not just a network, but your network.
Cyber-Threat Approaches For 2021
As cyber-criminals continue to evolve their technologies and attack strategies, organizations must adjust their approach to cybersecurity and data protection. System-level anti-virus software isn’t enough to combat modern cyber-threats. Nor is a file backup alone enough to safeguard against digital disruption by malicious actors.
Businesses need to protect all their workloads, data and applications across multiple domains, and that requires integrated solutions that automate the system monitoring, vulnerability assessments and endpoint protection required to stop emerging threats.
Harsh reality that 2020 has been a challenging year for cybersecurity and IT pros. Most have effectively navigated the massive changes, but unless they start preparing for the subsequent wave of threats, 2021 may be just as rocky.