2020 was marked by so many momentous occurrences that even a historian would be daunted to frame it accurately and objectively. Yet everyone who’s partaken in 2020 can agree it’s been one for the books. Record-breaking wildfires, unprecedented political divide, countless departing celebrities and, of course, the ‘star’ of the year, COVID-19 – an elusive biological enemy the likes of which we’ve rarely seen. But the world in 2020 battled more than one invisible enemy. Cybercrime reached extraordinary heights, aided by gaps in remote work policies, fueled by fear, uncertainty and doubt surrounding COVID, and driven by fierce competition between cybercriminal gangs. 2021 is set to perpetuate this threat; and we have the research to back this hunch. Our data show three key menaces to look out for this year.
Insider threats
Confined at home to reduce the spread of the novel coronavirus, remote workers have inadvertently become lucrative ground for lurking cybercriminals. Phishing campaigns no longer carry telltale signs such as typos, grammar errors and cheap visuals, meaning the scams often pass for legit. New phishing attacks also exploit the way users engage with financial and delivery services in a work-from-home context. Additionally, the social engineering component has reached new levels of sophistication, with attackers focusing more on increasing the success rate of their campaigns than boosting the volume of spam sent. This increase in efficacy and sense of legitimacy in phishing campaigns makes it hard for the untrained eye to discern fake from real.
Scams purporting to sell COVID-19 vaccines are cropping up with allusions to shortages, all while remote workers intentionally sidestep corporate security measures to mask their personal online activities during work hours. Whether self-serving or malicious, remote employees who bypass security have become the definition of ‘insider threat.’ IT reps, meanwhile, are overburdened and under-resourced, leaving gaps for malicious actors to exploit.
Solutions like Bitdefender GravityZone eliminate IT security hurdles via an integrated endpoint protection, risk management and attack forensics platform, enhanced with Human Risk Analytics. IT reps benefit from integrated risk management and analytics to continuously assess, prioritize and address human-triggered errors.
Ransomware
Some threats are better off prevented than cured. Ransomware has become such a lucrative business that the scene is almost entirely dominated by professionals, leaving one-offs scrambling for affiliation. Sure enough, this is exactly what’s happening in today landscape, and our data indicates 2021 will be marked by fierce competition amongst ransomware-as-a-service (RaaS) operators.
Malware developers and cybercriminals will focus more on offering highly specialized, granular services. Obfuscation-as-a-Service and even APT-as-a-Service will reshape the threat landscape by introducing greater sophistication in dodging traditional security defenses during advanced attacks, all offered to the highest bidder. Even small organizations must now update their threat models to focus on identifying tactics and techniques usually associated with sophisticated threat actors. Unfortunately, most SMBs are ill-equipped to handle cyber-mercenaries.
As a reminder of the damage ransomware can inflict on a business, the October cyberattack on a large medical center in Vermont cost $1.5 million a day in increased expenses and lost revenue, according to its spokesperson . Forty-two days after the attack, the hospital tallied the costs at around $63 million, without including the cost of getting its systems back up and running, the spokesperson said.
Ransomware attacks will be increasingly successful in 2021 thanks to remote access trojans (RATs), downloaders and backdoors that give attackers the intelligence to identify vulnerable high-profile targets, willing to pay higher ransoms.
For ransomware, prevention is key. Managed Detection and Response (MDR) gives businesses outsourced cybersecurity operations 24/7. The service combines next-gen cyber-tech for endpoints and network traffic with the threat-hunting expertise of a security operation center (SOC) fully staffed by security analysts trained in the military or by top intelligence agencies.
Supply chain attacks
Bitdefender research shows that SMBs face record numbers of data breaches this year, as misconfigurations resulting from the rapid transition of employees to remote work create security blind spots that attackers will exploit.
Worse still, unpatched vulnerabilities and misconfigurations mean business clients stand to inherit those security lapses as well, opening the floodgates to what infosec types call a “supply chain attack.”
Motivated politically or economically, cyber actors are showing interest in critical industry verticals, like healthcare, education and municipal infrastructures. Threat actors will also increasingly target research, pharma and healthcare in 2021, our data shows.
Endpoint Risk Analytics is now considered an essential capability in modern endpoint protection, and will be the bare minimum requirement in fending off threats that climb the supply chain ladder to reach their target. Recently, Bitdefender developed the world’s first integrated endpoint risk analytics capability into its GravityZone endpoint protection platform making advanced risk assessment available to organizations of any size – truly a breakthrough.