2020 was a revolutionary year. Everything changed. The global pandemic brought the world to its knees, exposing sociopolitical, economic, racial and digital weaknesses. The pandemic, and the effects it has had on our daily lives, has changed the panorama, opening us up to new threats and exacerbating old ones.
Alongside global health and climate change, cybersecurity is one of this century’s greatest threats to the world economy.[1]
Here at CounterCraft, we keep our eyes on more than just the headline-making incidents of ransomware and high-profile phishing attacks. As Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, said in his Black Hat Europe address: “It’s the events, the near misses, the problems – all of that stuff happening underneath the surface is all the activity that will actually help you predict where your incidents are going to happen.” (Read more of his insights in this great piece).
CounterCraft founder David Barroso has his pulse on what’s going on underneath the surface. Read on as he predicts the top 7 cyber security threats that will make headlines in 2021.
1- Ransomware Continues to Rise
“Everyone will be talking in 2021 about ransomware. It is happening more than ever. It’s a real threat to any kind of company, small, medium or large. At the beginning of COVID-19, the criminals said they wouldn’t attack hospitals, but now they are attacking everyone. It happens every day. You can spend millions on security, but you always have open doors.”
Ransomware has been around for over a decade, but it’s only growing in popularity. Attackers try to find the weakest link, compromising an endpoint until they can escalate privileges. Once they become an admin, they are free to detonate the ransomware and encrypt the information. Small companies may get away with basic firewalls and backups, but medium to larger companies need to have further security. The threat is real for every single company. It’s easier than ever for criminals to strike, with popular attack toolsets like Cobalt Strike for sale on the deep web for as little as a few thousand dollars. The positive side is that, with the right detection in place, these programs leave distinct, easy-to-spot fingerprints and patterns.
CounterCraft’s Ransomware Threat Intelligence Service launched just a few months ago and is already employed by several clients, detecting and halting ransomware attacks daily.
2- A Remote Workforce Without Protection
“Many companies invested a lot of money in protecting their buildings and entire network. But the reality is, now, the employees are not in your network. They are at home, or at the coffee shop. We are seeing these threats more and more often.”
Remote services and cloud-based infrastructure are an easy target for threat actors. And it brings up a lot of questions as the onset of a global pandemic meant, suddenly, 88% of the world’s work force found themselves working from home.[2]
– How can you protect employees working from home?
– How can you protect the remote services you offer to them?
– How do you protect the information that is no longer on the internal network, but distributed across the globe?
Most experts agree that remote working is here to stay—some tech companies even sent their employees home indefinitely. That means these difficulties and questions aren’t going anywhere.
Tools like CounterCraft’s VPN Threat Intelligence Services work both on internal networks and on the cloud, detecting people who are trying to gather access to a remote worker or network.
3- Health Sector Becomes a Prime Target
“We will see many threats or attacks against pharma. Any companies that are related somehow to the COVID vaccine will suffer lots of attacks, based on the geopolitical aspect of the vaccine, coming from different nations. If you control the vaccine, you control everything.”
The stakes are high when the world stage is a global pandemic. That’s why threat actors have been quick to target all types of businesses within the health industry. Businesses in the health sector report seeing a rise during all of 2020 in cyber attacks. A ransomware attack in Germany even resulted in a fatality, when a patient was forced to be rerouted to another hospital, while a hack on the European Medicines Agency resulted in Pfizer/BioNTech vaccine-related documents being stolen. In October, the CISA issued an alert for an “increased and imminent threat” [3] on the US healthcare system.
4- Nation-State Hacking Increases
“Criminal gangs use old school tools and still succeed. But if we talk about nation-states, they are doing more advanced stuff. Many nations use false flag operations, trying to pretend to be another group or another state. That is something that is going to happen more and more often.”
Nation-state hacking is a trend that is only going up. As all nation-states heighten their defense, they also gain the tools and knowledge they need to go on the offense. The issue with nation-state hacking is the introduction of the political into the mix. These hacks can have higher stakes than mere breached consumer e-mails—a country’s top secrets can be at risk. The recent Solar Winds hack shows just how wide reaching the effects of hacking can be when backed by the resources of a government. Nations are taking action to fight back and protect themselves, however. CounterCraft has worked with NATO defending against nation-state-level red teams in preparations for these kinds of attacks.
5- Hardware Attacks Increase
“It doesn’t matter what you have in terms of security, attacks on hardware can break all your files. Attacks can happen on your phone or your computer, and you won’t know it’s there because it’s at hardware level. It’s something very advanced, only a few people can do it—those who spend and invest millions in research. We are starting to see more of this type of attack, and we will see in 2021.”
Hardware attacks of the most damaging type mostly affect high-profile targets, like the president of a corporation or a ministry of defense. Next year, we’ll see more and more. The potential harm and magnitude of a hardware attack is shocking—victims can be totally compromised. Prevention plans must be in place along every step of the manufacturing supply chain.
This type of attack necessitates access to a device, such as in an evil maid scenario.
There’s another type of attack as well,—when hardware is intercepted before you buy it. ENISA defines this one as “the inclusion of concealed hardware in the product by a vendor or supplier” and states it “may occur at an initial stage of the product implementation or during maintenance.” [4] This compromise happens in the device’s journey between the seller and the consumer. Most of these attacks are only discovered once there is a leak or a whistleblower.
6- IoT Remains a Weak Link
“There are more and more things that we have connected to the Internet—cars, webcams, doorbells, anything that we use nowadays. Alexa, Google at home, all of these conveniences open the door to new threats. We have seen a number of attacks over the last months on IoT, because usually they are unprotected.”
Many of the smart devices we use in our daily lives or in our workplaces are vulnerable to incoming IoT hacks. The number of IoT devices has more than doubled over the last two years, with 127 IoT devices added every second[5]. These devices may be sold with malware already installed.
IoT devices are a special risk in these times of working from home. Sensitive company information could be at risk when an employee is surrounded by IoT devices while working. The threat is greatest where adoption of IoT solutions has been widespread, such as with surveillance applications, transport management, and inventory apps used in retail and manufacturing.
Just this month, President Trump signed an IoT bill into law that mandated an increase in security on the IoT devices in homes and businesses that now rank in the double digit billions. The bill “calls for the creation of standards and guidelines to manage cybersecurity risks” and was lauded by government cybersecurity experts.[6]
7- 5G, The Telco Wild Card
Speaking of the IoT, many of these devices will run on new 5G networks, which brings us to the final cybersecurity issue we predict seeing in 2021.
“Now that telcos are starting to deploy 5G networks, everyone is talking about it. This safety issue is rooted in geopolitics. Many believe China has access to those 5G networks, which will be used to connect everything from your mobile phone to your toaster. It’s just a matter of time until threat actors figure out how to monetize attacks on 5G, making it a huge risk point for next year.”
Is 5G Technology dangerous? The wildcard for 2021 cybersecurity could very well be 5G networks.
Although 5G does have security measures, it leaves many with deep doubts about its robustness. This is a new network, with new weaknesses and new consequences. ENISA has identified seven different types of threats when it comes to 5G, ranging from Core Network threats, Physical Infrastructure threats, and Multi-Edge Computing Threats.
5G will be intimately linked to the IoT, creating an incredibly broad attack surface for threat actors. In an article in the Financial Times, experts say the sheer number of these devices, which connect directly to the mobile internet and hence have none of the protections of a more secure network, makes them an attractive target.
Protecting your organization against these and other cybersecurity risks is key. If you’re interested in finding out how deception can strengthen your cybersecurity posture, contact us today.
[1] https://www.cnbc.com/2019/07/09/cybersecurity-biggest-threat-to-world-economy-ceos-say.html
[2] https://www.eae.es/en/news/eae-news/due-covid-19-number-companies-staff-working-home-has-risen-88-compared-4-health-crisis
[3] https://us-cert.cisa.gov/ncas/alerts/aa20-302a
[4] www.enisa.europa.eu/publications/enisa-threat-landscape-for-5g-networks
[5] https://www.vxchnge.com/blog/iot-statistics
[6] https://www.techrepublic.com/article/cybersecurity-experts-hail-new-iot-law/