For many organizations, the key to survival amid COVID-19 has called for an accelerated shift to distributed workforces and migrating to private and public clouds. However, this transformation
comes with security challenges. As employees continue to work remotely, organizations are vulnerable to new and evolving cyberthreats. The corporate perimeter has expanded into employee homes,
creating the opportunity for cybercriminals to exploit home routers and networks through island hopping and cloud jacking attacks.
There’s no question that we are experiencing a pivotal moment in cybersecurity. Cyber intrusions are escalating as organized cybercrime groups gain popularity and work together to exploit the security vulnerabilities of the new normal. Our recent Global Incident Response Threat Report found 54% of incident response (IR) professionals encountered destructive cyberattacks and 82% experienced counter-incident response. As attacks become increasingly sophisticated, it’s time for organizations to start reevaluating the effectiveness of tools and best practices and IT and security budgets. A proactive approach to security postures can help organizations ensure they are properly safeguarding critical data while staying one step ahead of attackers.
As we look ahead to 2021, VMware Carbon Black Howlers, Tom Kellermann, head of cybersecurity strategy, Rick McElroy, principal cybersecurity strategist and Greg Foss, senior cybersecurity strategist shared the following predictions.
Cloud jacking goes mainstream
If 2020 was the year of island hopping, where cybercriminals infiltrate large company networks by targeting third parties using lower levels of protection, then we can expect cloud jacking to go mainstream in 2021. Cloud jacking through public clouds will become the island hopping strategy of choice for increasingly sophisticated cybercriminals, particularly with the mass shift to public clouds to support distributed workforces.
All eyes on ICS destruction
As geopolitical tensions rise, we can expect an explosion of destructive cyberattacks against industrial control system (ICS) environments, with energy, oil, gas and manufacturing companies becoming renewed top targets for cybercriminals and spies. New, destructive malware specific to ICS infrastructure will be a hot commodity on the dark web, with new versions of the Triton malware already in development.
iOS attacks on the rise
In 2021, we’ll continue to see nefarious, opportunistic cybercriminals leverage macOS as a means to conduct cyberattacks. They’ll leverage custom malware, such as Shlayer, to gain access into iOS, ultimately turning Siri into their personal listening device. For those conducting private business dealings at home, it will be critical to monitor security settings on all mobile and connected devices, and practice digital distancing
Defender confidence is on the rise
In 2020, COVID-19 put security postures to the test and exposed areas of weakness, which can be attributed to the overnight digital transformation many organizations had to implement. But while much of the focus has been on cybersecurity challenges of 2020, there hasn’t been enough emphasis on the security tools and processes that are working. Defender technology, whether geared towards endpoint, network or the application layer, is doing the job it is designed to do, and that’s no small feat.Next year, we’ll continue to see security teams being empowered and working closely with leaders in the organization. As IT and security continue to work together to enable business continuity, we’ll see the narrative around the two teams working poorly together quickly fade. More tools geared towards end-users will come to light, also contributing to less friction between security and IT departments.
Mobile devices will be highly targeted
Cybercriminals for the last few years generally worked to infiltrate an organization’s network. This is because once they were able to gain access inside, they could easily execute a ransomware attack that affected the entire network, causing downtime and eventually a surrender and ransomware payout. With that said, the art of penetrating into these secure networks takes time, resources and expertise, which hackers continue to prove they have. But, with a remote workforce comes new challenges as employees use personal devices to review sensitive information and work. At no fault of their own, employees that are working remotely create new vulnerabilities as mobile devices are much easier for attackers to exploit.In 2021, we will see cybercriminals become more sophisticated in how they attack our mobile devices, ultimately executing island-hopping scenarios. If hackers can get into your Android or iPhone, they’ll then be able to enter your work network whether it’s deactivating VPNs or breaking down firewalls. We will see companies roll out new mobile device policies and infrastructure to allow employees to continue working remotely but with greater awareness of the risks these devices pose and how to protect themselves and the organization at large. Additionally, a critical part of these policies will center around software updates and patches, ensuring that all personal devices are up to date in order to fend off attackers who have already figured out how to hack into previous software versions.
Healthcare security will change drastically
It’s no secret that healthcare is one of the industries that was immensely disrupted as a result of COVID-19. Routine appointments and all other non-emergency services were converted into telehealth appointments, bringing patient data outside of the hospital’s four walls. Many healthcare providers are now accessing patient personally identifiable information (PII) data in remote settings, presenting a number of privacy and security issues since home and public networks are much more vulnerable to malicious actors than corporate networks.
Prepare for stronger, more sophisticated ransomware attacks
In 2021, ransomware will increase in terms of escalation as well as the punitive nature of the groups behind these attacks. We will continue to see nation-state adversaries leveraging ransomware for purely destructive purposes, especially as a means to inflict kinetic damage in the real world. The new year will also witness an increase in refactored ransomware, leveraging for denial of service and pure wiping capabilities. For organizations, this means that even if the ransom is paid, they will not be able to decrypt the stolen assets. We’ll also see these malicious groups increase double extortion ransomware, where a ransom will need to be paid to not only unlock systems but to also avoid leaking any stolen, sensitive data.Additionally, ransomware groups will begin to combine forces. In order to attempt to outsmart security measures, notorious ransomware groups will team together to share resources, data and infrastructure, sharing code and thus further muddying the attribution waters. We’ll also see conflicts arise between groups as they differ in ‘morals’ — some will continue to go after vulnerable industries like healthcare, where others have promised to stay away due to the nature of the global pandemic.
AI & ML will be a top tool for cyber offense and defense
Artificial intelligence (AI) and machine learning (ML) have significant benefits in cybersecurity — but in 2021, expect for the technologies to be increasingly leveraged offensively, as well. From an adversarial perspective, we’ll see malware continue to advance in the ways it utilizes AI/ML principals for post-exploitation activities, leveraging collected information to then pivot to other systems and potentially even partner organizations. This will allow malicious actors to move laterally and spread widely, quickly, and efficiently, all through automation.The silver lining is that in 2021, defenders will begin to see significant AI/ML advancements and integrations into the security stack. In 2020, security automation was often over-engineered and too complicated to be realistically implemented within organizations’ cyber defense arsenal, aside from more mature operations. As awareness of this pain point increases, we can expect defenders to fix the issue, maximizing automation to spot malicious activity faster than ever before.
Cybercriminals will remain opportunistic, with government and healthcare data in demand
There was significant activity on cybercrime markets and forums in 2020, and we can only expect this trend to continue into the new year, with the increasing trends around initial access brokerage, Ransomware as a Service (RaaS), bulletproof hosting, and a myriad of privacy-centric cryptocurrencies, the underground economy is easier than ever to get involved in. This is especially critical now, as many traditional criminal enterprises have been forced to adapt their operations and move online, in much the same way as many legitimate businesses in 2020. As the world continues to battle COVID-19, we’ll continue to see a load of private testing data available for sale, as well.
Author: Samantha Mayowa, Head of Global Communications at VMware Carbon Black