Is it enough to just have a security transformation strategy, continuous security training for employees, and good cyber hygiene?
As everyone in cybersecurity knows, while you cannot cover absolutely every possibility in predicting cyber-threats, it is critical to be proactive and adequately prepared against the most-likely attack vectors.
The following predictions for 2021 are based on what CrowdStrike’s intelligence and threat hunting teams are observing from continuously tracking more than 150 major adversary groups around the world, including nation-states, cybercriminals and hacktivists.
- Ransomware pivoting to double extortion
In 2021, we expect more ransomware attackers to evolve toward the use of a double extortion model where the threat actors will encrypt the target’s data and not only demand a ransom for its return, but leverage additional payment layers to apply pressure on the victim to pay the ransom. Some will use a targeted approach and threaten to publicly release and/or auction the data unless the victim pays up.
In May 2020, the Ako ransomware portal added a link to their dedicated leak site (DLS) indicating that the threat actors were likely practicing double extortion. While it appears that the victim paid the threat actors for the decryption key, the exfiltrated data was still published on the DLS.
In June 2020, cybercriminal group PINCHY SPIDER introduced a new auction feature to their REvil DLS. This feature allows users to bid for leaked data or purchase the data immediately for a specified ‘Blitz Price’. This indicated that double extortion schemes are catching on.
It is essential for organizations in the Asia Pacific region (APAC) to be aware of these evolving practices, as it has been hit the hardest (as compared to the US and EMEA), with affected organizations paying out an average ransom of US$1.18m.
Cybercriminals will continue to refine these approaches and experiment with different business models, including affiliate schemes designed to recruit more people to initiate attacks for a share of the profit.
- Complex geopolitical situations will have cybersecurity implications
Over the last couple of years, we have seen significant damage done to relations between Western nations and China & Russia. To prepare for the worst-case scenario this year, the West will be making stronger decisions on where critical or widespread technology is imported from.
In 2021, we will likely see these decisions extend even further from technology used by governments and enterprises to everyday consumer technology. Public-facing applications and services are increasingly at risk, as adversaries are eager to leverage any exterior gaps and weaknesses as initial footholds.
At this point, it is worth noting that the world has evolved beyond the point where blocking any specific vendor or country can stop an adversary from infiltrating the supply chain. The sheer number of players operating in our current digital infrastructure makes it difficult to block not only state-sponsored attacks somewhere along the chain, but any would-be adversary that wants to implant unwanted technologies.
- Detection response and compliance issues
According to Crowdstrike’s own data, it would take at least 117 hours to detect a cybersecurity incursion in 2020, compared to 120 hours in 2019, which demonstrates a lack of any real progress made in this area. The complexity due to growing remote-working arrangements will continue through 2021 and so we could see this number significantly increase.
Due to the larger breachable surface of remote-working environments, the longer an organization takes to find a breach and nullify, the higher the risk of violating the data breach laws and getting fined heavily.
Across the APAC region, bills have been passed for mandatory data breach reporting to authorities and/or increased penalties for violations, such as in Japan, Malaysia, New Zealand and Singapore. In 2021, organizations must heavily consider the risks of non-compliance versus the agility needed for rapid expansion to a work-from-anywhere model.
As businesses struggle to keep up, 2021 will bring an uptick in compliance violations against regulations.
- State-sponsored adversaries will leave smaller footprints
Despite the proliferation of cybercrime, Crowdstrike’s data shows that 79% of surveyed entities in APAC believe that state-sponsored cyberattacks will pose the single biggest threat to organizations like theirs in 2021.
Growing international tensions are a cause for concern and will result in more attacks against organizations to acquire intellectual property or other avenues of financial gain.
In 2021, the smaller footprint of state-sponsored attackers will put organizations at risk of silent failure. While all eyes are on the rise in cybercrime, organizations will need to remain vigilant in defending against politically-funded and sophisticated attacks to avoid potentially devastating consequences.
- Accelerated DX will increase business security risks
As employees shifted to flexible work arrangements in 2020 and relied on multimedia communications to maintain and continue business operations, adversaries had started taking advantage with voice phishing (vishing) and robocall scams, as well as tech support scams via phone calls, pop-up warnings or redirects.
In 2021, the management of all of these attack surfaces is no longer a straightforward problem: everything on both sides of the ‘firewall,’ including employees’ less secure home Wi-Fi networks and the use of any unsanctioned applications for work, will be the business’ responsibility.
As a result, cyberattacks will put tremendous stress on the availability of services this year, in everything from rerouted healthcare services impacting patient care to digital banking and finance platforms.
The right formula for protection
Whether organizations are dealing with nation-state attackers, independent actors or hacktivists, ultimately, the best defence alongside a security transformation strategy, continuous security training for employees and good cyber hygiene, is this: bring together endpoint detection and response, managed threat hunting, next-gen antivirus solutions with behavioral analytics and machine learning, and automated threat intelligence.
Alongside the right people and processes, these technologies are key for gaining the visibility and context needed to meet critical, outcome-driven metrics, and overcoming the most sophisticated adversaries.