As originally published in VMblog
How is the cybersecurity landscape shaping up for 2021? With the wholesale structural shift to WFH, we provide some cybersecurity predictions into how this rupture will continue to pan out in 2021. Cyber leaders will need to keep their proverbial ‘finger on the pulse’ to keep pace with the new risks, priorities, and considerations that are emerging in this rapidly evolving arena.
While all the Covid19 themed Mal-spam that we’ve seen will eventually die down, the new arrangement of Working From Home (WFH) is going to become the industry norm. The concern is that in the time that it takes companies to upscale their security to meet the changing location and form of the office network, we will see hackers taking advantage of this window of exposure. Previously, an organization’s network and all its data were sitting securely behind fortifications of the organizational security network. All of a sudden, the transition of moving to a wide and varied mess of different work environments makes it far more complex for defenders to keep protecting the enterprise at the same level. Naturally, the organization’s attack surface is amplified. While in the past only one attempt was all a hacker could get of successfully breaking in using a new variant of malware, now they have multiple attempts, all with equally good chances. And for an attack to cause damage, it only needs to succeed once.
An example of this was the Cognizant incident that hit the company early on in the work from home transition. The IT Service provider was attacked by ransomware that managed to bring business to a halt for a period of time and is alleged to have cost the company between $50 and $70 million.
Botnets have become one of the biggest cyber threats today and by that nature a major cause for concern to those charged with cybersecurity. What makes botnets so dangerous is the size of their network, where the more infected online devices that a botnet has under its command, the wider its pool of malware delivery, and therefore the bigger its impact. And considering, a hacker’s ultimate goal is financial gain, malware infiltration, or just disruption, the bigger the pool, the better. In 2021, we expect to see more malware creators sell access to their botnets, and thereby access into their network of millions of infected connected devices. In an exchange that researchers at Deep Instinct have coined ‘Access-as-a-Service”.
The implication of this is bad. These botnets have market value in the dark web for their ability to break down the attack chain into several components, so that a smaller scale hacker can just focus their efforts on fewer components of the attack chain, and thereby become more skilled in just those limited components. For example, the botnet will provide the initial access, while the hacker will focus their effort on becoming better at information theft or the ransomware logic.
Combatting the growing complexity of attacks has necessitated the collaboration between private companies and government security departments. This was particularly observed in the lead up to the US elections this past November where the U.S. Cyber Command branch of the Department of Defense collaborated with multiple security companies in an effort to take down Trickbot. The malicious botnet which is known to be one of the most active and dangerous, had many of its infected computers liberated, as the combined effort worked to put the brakes on the attempt to interfere with electoral systems.
Furthermore, Microsoft was able to clear a legal pathway to sabotage the botnet on the basis that the writers of Trickbot malware are infringing their terms of service. Instead of writing their own code from scratch, they’re abusing Microsoft code, an activity that almost every malware writer is bound to do.
We expect to see this collaboration continue and escalate as more nation-states engage in cyber warfare and support both the development and defense efforts of APTs, zero-day exploits, and machine learning-based adversarial attacks.
As knowledge on adversarial machine learning continues to grow, that knowledge is disseminating among both sides of the cyber battleground. 2020 saw the increased adoption of machine learning academic knowledge being used in adversarial attacks in private industry research. As this knowledge gradually makes the transition from academia to the wild, we expect to see malware campaigns attempting to evade products based on machine learning models, either by fooling the model, learning how to subvert it, or by forcing it to shut down. Since machine learning-based products are becoming the market-dominant solution, it makes sense that they represent the next target for well-resourced hackers. We expect that those perpetrating the attacks will be only a select few of very sophisticated and highly capable threat actor groups who most likely will be acting as part of a nation state-sponsored campaign. The bar of entry to AI based attacks is still very high, and we, therefore, don’t expect it to become “run-of-the-mill” malware next year.
2020 saw ransomware attacks increasingly amplify their leverage to coerce ransom pay-outs by not only stealing a victim’s sensitive data but also threatening to expose it. It appears that the lesson learned for hackers is that the test of a good ransomware attack is its method of extortion. The greater the stakes the better likelihood of a payday. For this reason, in 2021 we expect to see a move towards targeting mission-critical organizations, i.e. those organizations that have the minimal risk tolerance to having their digital systems shut down or their data stollen and exposed.
Hospitals and educational institutions are a good example of this, with both sectors having already suffered from a wave of ransomware infections, both schools and hospitals are under enormous pressure to keep their doors open. In the crossroads between ransomware and data privacy regulations, private companies are also more susceptible to being breached, with the added risk of being hit with large fines if found to have exposed data.
During the recent worldwide economic downturn, cybersecurity was one of the few industries to record growth. In 2021 we expect to see cybersecurity stock prices and company valuations continue this upward trajectory, with multiples expected to reach new heights. This development appears to reflect a changing market perception of cybersecurity products no longer seen as a discretionary item, but rather as a staple.
For more insights download Deep Instinct’s “2020 Cyber Threat Landscape Report” which includes an analysis of the latest malware trends and developments, insights on the past year’s cyber threat landscape, and predictions for this year, all based on empirical research findings. A full copy of the 31-page “2020 Cyber Threat Landscape Report” is available. In addition, anyone interested can join a live webinar “The Pandemic and its Manipulation by the Cyber Underworld” scheduled on Tuesday, February 23 at 1 pm Eastern. Featuring the Deep Instinct security intelligence researchers who contributed to the study, participants will also have an opportunity to ask questions on the report findings.