Coronavirus is the most hated word of 2020. In 2021, a different type of virus will threaten to take over the world. Cybercriminals are building an arsenal of ammunition that can change the natural order of things as we know it.
On a global scale, the pandemic has fueled cyberattacks and we have seen an overall increase by about six times compared with the year before. COVID-19-themed phishing campaigns and other social engineering tactics have seen the highest spike with 1100% increase. And Ransomware is the second most-used attack method with 300% increase.
To counter cyber adversaries, you need to go to their lair
In 2021, you will find threat actors affiliated to nation states collaborating, colluding, and sharing resources to target a common enemy. You will also find new and emerging nations fortifying their cyberwarfare capabilities and more cyberattacks campaigns originating from these countries. Sophisticated state-sponsored cybercriminals will hire other nation cybercriminals to execute their agenda. This will make it exceedingly difficult to distinguish between state and non-state threat actors.
The weapons used by cyber adversaries are getting increasingly sophisticated. Cyber defenders will be tested in their abilities to tell what’s real from fake. Deep fake deception techniques or ‘Digital puppets’ will be created to fool people into giving up sensitive information or shift mindsets and behaviors. In 2021, deep fake technology will be more widely used to cause misinformation and corporate espionage.
With many companies accelerating their adoption of digital platforms and cloud services, cybercriminals will switch their attack methods to include impersonating IT systems, environments, and ecosystems. Cyber adversaries will study new environments and use virtualization and orchestration techniques to create replicas or deceptive environments. For example, hackers will be able to create a lookalike ERP within an intranet to fool unsuspecting users into divulging confidential information or to collect data for future malicious activities.
Changing malware behaviour will also be hard to rein in. Cyber adversaries are working hard to develop ‘multi-morphic’ malware which can evade detection. ‘Multi-morphic’ malware can switch seamlessly across stages of a cyberattack such as reconnaissance, exploit, and exfiltration.
Deciphering the actual behavioural path of such malware will be difficult as it utilizes complex obfuscation techniques based on selected inputs derived from the target’s unique characteristics. ‘Multi-morphic’ malware does not carry any historical behaviour and thus almost impossible to track.
Cyber adversaries feed on fear and greed
In 2021, cyber adversaries would be eyeing intellectual property, trade secrets and research data. State-sponsored cybercriminals will accelerate corporate espionage in support of their national agenda to create competitive advantages for local businesses.
The number of phishing attacks, malware and online scams will continue to rise as we will see even more hackers seeking to profit from people's fear and anxiety. Phishing attacks will increase in intensity against individuals, small and medium businesses, and governments agencies.
Victims will be increasingly lured with Covid-19 themes and related hooks like healthcare payments, government-sponsored relief loans, or vaccine dissemination. Hackers will continue to pilfer intellectual property and public health data by deploying social engineering tactics on people working on Covid-19 related research.
Along the lines of Covid-19 themes, temperature measurements, facial recognition, contact tracing, and location-tracking data will also attract hackers’ attention as they constitute behavioural data that can be used to influence and manipulate communities.
Be it pandemic vaccine or patient data, state-sponsored threat actors and cybercriminals will continue to target hospitals and healthcare providers, particularly with ransomware attacks to exfiltrate Protected Health Information (PHI), research data, or disrupt operations which could lead to loss of human life.
Businesses that do not fully understand their digital risk and remain ill-prepared for cyberattacks will suffer the ramifications beyond financial loss and privacy breach.
When cyber adversaries smell weaknesses in your perimeter defence, or worse, human flaws such as lax cybersecurity practices, your crown jewels run the risk of being compromised. Ransomware attacks are expected to cause more damages in 2021 with perpetrators holding your data hostage and leaving hidden backdoor tracker so they can enter your network at will. Ransomware-as-a-Service (RaaS) will provide ransomware to low-skilled attackers causing an increase in these types of attacks.
Threat actors are also eyeing start-ups and young companies as they make easy targets. Many of these nascent companies have not placed cybersecurity considerations at the early stage of product development and in 2021, will be subjecting themselves to digital risk and attacks.
To counter cyber adversaries, defenders need eyes on all potential attack surfaces. This will shed light on vulnerabilities and weaknesses which hackers can compromise. Map the digital risk profile to see if there have been any unauthorized exposures in dark web, surface web, and social media platforms. Deploy cyber-intelligence as it is your eyes and ears in the hackers’ trenches.
While cyberattacks will accelerate as cybercriminals increase the use of artificial intelligence and machine-learning technologies to exact greater impact as well as to maximize their financial gain, defenders would need to exercise basic cyber hygiene. This includes a holistic take on people, process, technology, and governance.
The most important being ‘people’ where employees and individuals must be educated on cyberthreats and risks. This is particularly vital given the prevalence of phishing attacks and social engineering hacking campaigns.
From the technology perspective, you should incorporate layered defences with data and endpoint security, gateway-based security, automating scanning, monitoring and malware removal. When it comes to processes, consider performing threat profiling, creation of threat segmentation, zoning and risk containerization. Keeping core content encrypted would be both prudent and necessary.
The basic process of daily data backup would be a good policy to adopt too. When it comes to governance, organizations should incorporate a good cyber threat visibility and intelligence program to complete their cybersecurity strategy.
Another key area would be to impose mandatory risk and vulnerability assessment, at least biannually. This will help identify threats early and remediations can take place to close any cybersecurity gaps. Also, mandate attack vector assessments at least once a year – these assessments will uncover new attack surfaces which you can act quickly before cyber adversaries find their way in.
Kumar Ritesh is the founder and CEO, CYFIRMA. Views in this article are his own.