Top Cyber Threats of 2021
2020 was a unique year, forcing many organizations to rapidly adapt to meet new challenges. At the same time, cyber threat actors were refining their tactics and taking advantage of the shifts in how businesses operate. Going into 2021, many security trends are inspired by the business decisions of 2020.
Phishing Continues to Be a Problem
Phishing is one of the most common types of cyberattacks, mainly because it is often an effective technique for gaining access to an organization’s network and systems. It’s usually easier to trick an employee into handing over sensitive data (like login credentials) or running a piece of malware on a company computer than it is to accomplish these goals through other means.
As a result, phishing will continue to be a problem in 2021 and into the future as long as it remains effective. However, the changing nature of work in the wake of the COVID-19 pandemic has its impacts on phishing as well.
For example, the surge in remote work caused by the COVID-19 pandemic drove many organizations to adopt online collaboration such as Zoom, Slack, etc. The focus on email in phishing awareness training means that employees often do not consider it a threat on these platforms, and workers often believe that only legitimate users can access these platforms, which is not always true.
As a result, phishing attacks on these platforms are more likely to be effective than via email, where employees are more likely to be on their guard and companies may have anti-phishing solutions in place. Cybercriminals have noticed this, and the use of non-email collaboration platforms for phishing has become more common and is likely to continue to do so into 2021.
Exploitation of Remote Work
In 2020, the COVID-19 pandemic forced organizations to pivot suddenly to a mostly or wholly remote workforce. Within a matter of weeks, companies with no existing telework programs needed to adapt and update the infrastructure required to allow their employees to work from home.
With the end of the pandemic in sight, many organizations have no intention of returning to a fully on-site workforce. The benefits of remote work – to the company and its employees – have inspired many to allow at least part-time telework for many of their employees.
However, the rush to stand up remote work programs left security gaps that are actively exploited by cybercriminals. In 2021, companies will continue to face new security threats made possible by widespread telework, including:
- Exploitation of Remote Access Solutions: Employees working from home need access to the corporate network. As a result, the use of virtual private networks (VPNs) and the remote desktop protocol (RDP) has exploded during the pandemic. Cybercriminals have taken advantage of this, exploiting poor password security and VPN vulnerabilities to access corporate networks, steal data, and plant ransomware.
- Thread Hijacking Attacks: In a thread hijacking attack, an attacker with access to an employee’s email or other messaging account will respond to an existing conversation. These responses will contain malicious attachments or links to phishing sites and are designed to expand the attacker’s access within an enterprise network. With the rise of remote work, the frequency and success rate of these attacks has grown as employees increasingly communicate using alternative platforms and cybercriminals are more successful at gaining access to email accounts.
- Vulnerable and Compromised Endpoints: With remote work, employees are working from computers outside the corporate perimeter and the cyber defenses deployed there. Additionally, these devices are less likely to be up-to-date on patches and compliant with corporate policy. As a result, they are easy targets for exploitation by cybercriminals.
As long as insecure remote work remains common, these threats will continue to be a problem. With extended or permanent telework programs comes the need to design and implement effective solutions to secure the remote workforce.
Cloud Adoption Outpaces Security
Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions.
However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many organizations are still working to understand these differences, leaving their cloud deployments at risk.
For 75% of enterprises, the security of their public cloud infrastructure is a significant concern. Learning how to secure systems hosted on shared servers in vendor-specific environments is challenging, especially when most companies are using services provided by multiple different vendors. In 2021, the failure to implement effective cloud security will remain a major problem, and, according to Gartner, 99% of cloud security incidents through 2025 will be the customer’s fault.
The Rise of Double-Extortion Ransomware
Ransomware has been a growing threat in recent years. A number of high-profile attacks demonstrated to cybercriminals that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware. On average, ransomware claims a new victim every ten seconds worldwide, and ransomware costs businesses around $20 billion in 2020, a increase of 75% over the previous year.
The ransomware industry has also experienced numerous innovations in recent years. Ransomware as a Service (RaaS) operators develop and sell ransomware, expanding their reach and providing less sophisticated threat actors with access to high-quality malware.
Another recent trend is the “double extortion” ransomware campaign. Instead of simply encrypting files and demanding a ransom for their recovery, ransomware groups now steal sensitive and valuable data from their victims as well. If the target organization does not pay the ransom, this data is posted online or sold to the highest bidder.
In 2021, ransomware attacks continue to grow in popularity, and more groups are switching to the “double extortion” model. For example, the relatively new DarkSide group uses this technique and has carried off attacks like the one against Colonial Pipeline that was deemed a national emergency in the U.S.
An Epidemic of Healthcare Cyberattacks
During the COVID-19 crisis, the healthcare sector became more vital than ever. Hospitals and other healthcare providers around the world were overrun with patients as a result of the pandemic.
In many cases, the focus on patient care took away focus and resources from cybersecurity in these organizations. As a result, an industry that already struggled with cybersecurity was left even more vulnerable to cyberattacks.
In 2020, cybercriminals noticed and took advantage of this. In Q4 2020, Check Point Research reported that cyberattacks against hospitals had increased by 45% worldwide. While, in some areas, the emergence of COVID-19 vaccines has reduced COVID-related hospitalizations and the strain on these organizations, the exploitation of these organizations by cybercriminals and nation state attackers is likely to continue to be a major problem into 2021.
A New Focus on Mobile Devices
The popularity of corporate mobile devices and bring your own device (BYOD) policies has been steadily growing in recent years. Employees can be more productive when permitted to use the devices that they are most comfortable with.
With the growth of remote work, this trend is unlikely to reverse itself. Employees working from home or from anywhere are more likely to use mobile devices than those working from the office. With the increased use of mobile devices for business purposes comes new cybersecurity risks. Cybercriminals are increasingly targeting these devices in their attacks, and many businesses lack the same level of security on their mobile devices as they have on traditional computers.
Additionally, corporate cybersecurity awareness for mobile devices lags behind as well. For example, 46% of companies report that they have had at least one employee install a malicious mobile application. As these mobile devices are increasingly used to store corporate data and access business applications, mobile malware poses a growing threat to corporate cybersecurity.
A More Sophisticated Cyber Threat Landscape
Cyber security is a cat and mouse game between cyber attackers and defenders. As cyberattackers develop new tools and techniques, cyber defenders create solutions for identifying and blocking them. This inspires cybercriminals to innovate to bypass or overcome these defenses, and so on.
As cyber threat actors become more professional and organized, the sophistication of their attacks has increased as well. Today, companies face Generation V cyber threats, which include large-scale, multivector attacks across an entire organization or industry. These attacks are enabled by leaks of advanced hacking tools – such as the ShadowBrokers leak that enabled the creation of WannaCry or the theft of FireEye’s suite of penetration testing tools.
Many organizations have security architectures composed of many point security products designed to protect against earlier generations of cyber threats. These solutions are difficult to manage and lack the security unification and threat intelligence needed to protect against large-scale automated attacks.
Growing Numbers of Zero-Day Attacks
A zero day attack is one in which a vulnerability is exploited before a patch for it is available or widely deployed. These attacks can be especially damaging because traditional cyber defense strategies are ineffective at protecting against them. Many of these strategies rely on signature-based detection, which only works if a signature for the malware is publicly available.
Large-scale and highly damaging zero day attacks are becoming more common for a few different reasons. The number of publicly-reported vulnerabilities is growing rapidly with over 23,000 discovered each year. This far outstrips many organizations’ ability to apply updates and patches, meaning that more vulnerabilities are being left open for longer.
Additionally, cybercriminals can often develop an exploit for a vulnerability faster than a patch can be developed, published, and widely applied. Cybercriminals can typically develop an exploit within a week, but most companies take an average of 102 days to apply a patch.
2021 has already seen large-scale attacks exploiting zero-day vulnerabilities, like the DearCry and Hafnium malware variants taking advantage of vulnerabilities in Microsoft Exchange. This trend is likely to continue through 2021.
Managing the 2021 Cyber Threat Landscape
In 2021, companies face a number of major cyber security challenges. However, this year also presents opportunities for significant security growth. 2020 demonstrated how businesses need to adapt to the modern world, and 2021 provides an opportunity to design and build security for the future.
Taking advantage of Check Point’s security checkup is a good starting point towards identifying and filling the holes in your corporate cybersecurity strategy. You’re also welcome to check out the 2021 Cyber Security Report for strategies and recommendations on how to protect against the modern, Generation V cyber threat landscape.
Feedback