The Cyber Forecast: top nine security threats for 2021
The Cyber Forecast – Technology advancements and disruptive ideas have forced organizations to embrace digital transformation; COVID-19 has only accelerated the same.
Many organizations were not adequately prepared and this resulted in new challenges for the Cybersecurity industry during 2020.
Looking forward at the cyber threat landscape of 2021, CTM360 sheds light on the Top 9 threats expected to stand out during the year.
The most recent ‘SolarWinds’ breach, a large-scale supply chain attack, continues to be unchartered territory, where the full impact is still unknown. As in the past, empirical evidence from global cybersecurity incidents reveals a substantial increase in hacked and breached data. As the attack surface of organizations continues to grow with increased adoption of the cloud and third-party vendors, more complexity has been added with increased usage of mobile and IoT devices in the workplace and at home. A big contributing factor is also increasing work from home and greater employee independence.
Cybercrime spending includes, but is not limited to, damage and destruction of data, stolen money, stolen intellectual property and personal data, embezzlement, post-attack disruption, restoration and deletion of hacked data and systems, and reputational harm. Despite increasing investment in cybersecurity globally, cybersecurity losses continue to rise exponentially.
Spike in ransomware Attacks
In ransomware attacks, cybercriminals steal or encrypt an organization’s information and demand a ransom. If the organization refuses to pay, attackers threaten to publicly release or permanently delete the data, which forces the organization to choose between settling a large ransom or bearing the large scale reputational and financial loss.
Global research predicts that businesses will fall victim to ransomware attacks every 11 seconds in 2021 compared to every 14 seconds in 2019.
One of the leading causes of this surge is that businesses have less tolerance for downtime with remote work. The lack of cybersecurity governance over remote work motivates threat actors further.
It is increasingly common for breached organizations to pay ransom instead of the far more expensive post-attack remediation cost, to avoid prolonged downtime, regulatory oversight, and minimize reputational damage in the public eye. The success of ransomware attacks encourages cybercriminals to continue this practice.
Business Email Compromise
Business Email Compromise (BEC) is one of the most financially damaging online crimes. It exploits the fact that most organizations rely on email to conduct business. In a BEC scam, cyber-criminals send an email that appears to come from a legitimate source. After active reconnaissance on the victim’s mailbox, these emails are sent to make financial requests that are timed perfectly and appear legitimate. BEC can be carried out using numerous tactics and techniques. One of the most popular approaches is executive impersonation, also known as CXO Fraud.
In this scenario, the scammer assumes the personality of a high-ranking executive. This tactic gives the victim a sense of urgency and persuades them to make the requested funds transfer/data disclosure with less probability of questioning the matter. One of the increasing trends to counter BEC is the correct implementation of DMARC, especially in financially sensitive sectors. Increased staff awareness and training is a high-value investment to avoid BEC.
Cyber Forecast – The modern organization is evolving rapidly with increased cloud adoption and a greater digital presence. Accelerated by the pandemic, a majority of infrastructure and services have shifted online. Organizations are more focused on their online presence and are relying on it to conduct business. Brand abuse and brand impersonation will see a huge spike in the coming year as people rely more and more on online services.
These attacks include impersonation on social media, job scams, next of kin scams, investment scams, fake news, and even launching malware. With such a high variety of attack types, a new industry category dubbed Digital Risk Protection is rapidly evolving. Beyond the banking, finance, insurance and healthcare sectors, it is noted that online delivery services were highly targeted in 2020. Amazon and DHL were two of the most impersonated brands in 2020. It is expected that similar courier and delivery scams will increase in 2021. Brand oriented attack types also serve as launchpads for spear phishing and social engineering attacks.
Supply Chain Attack
Cyber Forecast – Supply chain attacks are cyber attacks that compromise a target organization by penetrating a third-party vendor of software package instead of the organization itself. This style of attack proves especially lucrative to attackers for several reasons; a breach on one vendor creates a ripple effect which can have a much higher impact on all organizations downstream. During 2020, there was an increased reliance on third parties to counter limited business and engineering resources. In addition, threats are often overlooked as organizations tend to trust the vendors they use in their day to day business.
The biggest supply chain attack of 2020 was the SolarWinds hack where attackers pushed malicious code as part of an update package of the Orion software. This affected 18000+ customers of SolarWinds including Microsoft, Cisco, Intel, and multiple US government agencies. In 2020, experts warned of a 430% increase in supply chain attacks targeting open-source tools used across industries. These figures are expected to increase further in 2021 as organizations are deploying more third-party services and tools to facilitate their operations.
Usually, IT vendors or small businesses are the perfect entry point for hackers since they lack security controls. Organizations should evaluate the cybersecurity posture of all their third-party vendors to eliminate the risk of supply chain attacks.
Attacks on RDP/VPN
With increasing remote activity, many organizations have been implementing Remote Desktop Protocol (RDP) & Virtual Private Networking (VPN) to allow access to corporate data and servers on-site.
Although RDP is already one of the most commonly attacked services online, the coming year is expected to see a further spike in exploitation of RDP, VPN, and other remote services.
Despite the additional security layer that VPN provides, cybercriminals view VPN as an open gateway into an organization’s entire network if access is achievable.
As data breaches increase, cybercriminals have an abundance of leaked credentials paired with exploits and brute force opportunities, thus almost doubling the attacks against RDP, VPN, and remote connection servers in 2021.
Data Breaches on Cloud-based Infrastructure and Services
Cloud adoption has its own challenges. Organizations are expected to implement their own cybersecurity infrastructure and configure them adequately to secure themselves. Infrastructure as a Service (IaaS) vendors typically have a shared security services model. Subsequently, misconfigurations may lead to data breaches and exposure of sensitive corporate information; this is a high risk.
This risk gives rise to 3 major challenges.
- Employees do not have adequate skills and knowledge in cloud security and hence it leaves an open door for hackers.
- The current security frameworks lack adequate mapping to implement security measures on cloud services and this increases the risk exponentially.
- Exposure of mission critical or corporate data left exposed on the internet for attackers to access.
The most common misconfiguration is over-privileged user accounts. When attackers gain access to an associated identity with broad privileged permissions, they can abuse those permissions maliciously.
Data Exposure on Code Repositories
Cyber Forecast – Developers routinely use code repositories such as GitHub to back up, share, and manage changes to code. It is a popular environment for collaborative development by the developer community; however, code repositories are also public by default, which means that anyone can find and access code that has been uploaded to such websites.
And all too often, developers forget to remove sensitive data from their code or make the repositories private before uploading them on GitHub. Malicious hackers actively scan and scrape GitHub for leaked passwords, client IDs, secret keys, and API tokens, to name a few, because they know programmers are prone to such oversights.
With the current rise in remote work, development teams are often scattered, working remotely and sharing code via online repositories. Data exposure risks will subsequently increase with limited security governance and lack of practical controls.
Targeted threats leveraging remote work
New security challenges are brought on by the rapid deployment of tools, technologies, and processes that enable people to work remotely. The shift in working practices, associated devices, and locations makes it far easier for these types of threats to go unnoticed. The rapid increase of mobile devices widens the organization’s potential attack surface. This threat is further amplified by the associated rise in cloud adoption and the short-term ‘Use Your Own
Device’ (UYOD) policies that many organizations adopted to overcome remote work challenges.
Employees working from home use devices that aren’t patched, managed, or secured by the corporate IT department. This gives hackers an entry point into the network that bypasses the perimeter security. Sensitive company data is being stored on these devices, further increasing the risk of data breaches.
Additionally, the majority of people do not manage the default settings of their home router which leaves an entry point for hackers to access the network and confidential data. Moreover, they may have many IoT devices within their home network with inadequate security controls which can also prove to be a threat.
Phishing, Vishing, and Smishing Attacks
Cyber Forecast – Since its outbreak in March 2020, COVID-19 has been the main headline of news and media outlets. Threat actors recognized this pandemic as the most apparent bait to make their schemes more effective. The use of the COVID-19 pandemic as a theme for phishing campaigns is expected to progress into 2021. Attacks will often coincide with significant events or news, such as a spike in new cases or the announcement of a new vaccine.
Smishing and Vishing attacks are also growing as cybercriminals turn to mediums that are trusted more than email. Smishing is a type of social engineering attack that utilizes SMS text messaging as its medium. Vishing, on the other hand, is conducted via phone calls. There is no current filter or technology where numbers are confirmed as trusted sources, making mobile phone users more vulnerable to these attacks.
There are different variations of these campaigns. For example, impersonating official healthcare entities like the WHO, hospitals, and insurance companies is a prevalent pattern. Another variation that scammers opt for is masking as relief funds and donation campaigns. Other than attacks directly connected to COVID-19, a rise in activity related to the after-effects of the pandemic is anticipated. These may include fictitious employment opportunities, investment propositions, threats to online collaboration activities, and various online shopping scams.
The Cyber Forecast: top nine security threats for 2021