The world is going to remember 2020 as a year of the curse due to the advent of COVID-19 in our lives. Not only did it disrupt the economy from both online and offline fronts, engendering serious losses – be it in the form of a slowdown in operations or loss of jobs – but it also gave threat actors a new way to innovate their attack strategies and target new vulnerabilities of businesses the world over.
Here are the top 5 cyber-attack trends that enterprises need to be cautious in 2021:
RansomHack
We all have heard about ransomware, where attackers encrypt sensitive data and ask for a ransom in return to decrypt the same. Well, RansomHack is like the 2.0 version of ransomware that not only encrypts the user files but also exfiltrates them.
It means, attackers now threaten to disclose the hijacked information to the public on denial of ransom, which can eventually result in severe GDPR implications. This leaves businesses with no option but to pay the ransom, in either case, to move ahead. Also known as double extortion, this trend is expected to continue this year as well.
Techniques similar to Operation SideCopy
Operation SideCopy is an advanced persistent threat (APT) that targeted the Indian Defence Forces in September 2020. These adversities are designed to mislead the security community into believing that the attack was executed by the Transparent Tribe. Similar to Operation SideCopy, which attempted to use techniques akin to other state-sponsored APTs, 2021 might see more such breaches across the security infrastructure of the country.
CobaltStrike
Cobalt Strike is a threat emulation toolkit that is often being used for post-exploitation, covert communication, and browser pivoting, among other malicious purposes. It can be repurposed to deploy any type of payload, be it ransomware or keylogger.
Ransomware attacks relying on this tool include Egregor, Ryuk, and Lockbit. We have also observed the involvement of ‘CobaltStrike’ beacons in the recent major backdoor and APT attacks. Recently, the source code of ‘CobaltStrike’ was leaked on GitHub. This will allow malware authors to make customized changes in the source code or tweak it to evade detections. So, the rise in the inclusion of ‘CobaltStrike’ beacons in major cyber-attacks will be observed in the coming future.
Remote work-related threats
With the Covid-19 pandemic, almost all organizations have switched to a remote working model, and introduced tools to facilitate employees to connect to office networks from home for seamless collaboration. Typically, VPNs are used to connect to such networks, whereas video conferencing or chat applications are used to communicate with colleagues — many SMBs have also rolled-out BYOD (Bring Your Own Device).
This new infrastructure must be managed and configured with great precision. IT administrators need to update and patch the software, OS, and Antivirus whenever required to defend against exploitation attempts made on this new attack surface. Any new vulnerabilities in such popular applications could be encashed by malware authors as soon as they are reported or discovered.
Coronavirus-themed attacks
We are already aware of pandemic-related attacks, but this year is going to be even worse. In 2020, we saw attacks such as fake mobile apps, and phishing sites that played on precautions in the form of COVID-19 symptoms, PPE kits, social distancing and much more. However, in 2021, we might witness a shift in attack strategies.
The big race among all the pharma companies has led to the creation of several vaccines which are at various stages of testing and approvals. The governments of different countries and states are gearing up for providing vaccines to all its citizens free of cost or at subsidized rates to prevent the virus from infecting and spreading. As a result, the threats are forecasted to start diverting to a prevention-based theme.
If renowned names like Haldiram’s, Bigbasket, Twitter, and Marriott International can become victims to data breaches, just imagine the situation of small and medium businesses, who even lack funds to invest in the right and robust security solutions to stay out of the trouble. And more than that, most such businesses, unfortunately, remain unaware when a breach takes place.
According to a recent report by Seqrite, Health care and pharma were the top two sectors that witnessed most ransomware attacks in 2022, primarily because of the sensitive and personal patient data that players in this space carry. As a result, unlike large corporations that have already built strong resilience to cyber threats, SMBs and startups must remain more vigilant to stay safe in this evolving threat landscape.
As the world adjusts to more new transitions without much security protocols in place, it will continue to remain vulnerable to cyberattacks. As malware operators innovate their attack strategies further, we might get to see more new revelations in the coming months of 2021. The biggest key takeaway from this listicle is to be aware and mindful of attacks and be prepared with proper security tools to tackle the unforeseen odds.