Here are some tips for evading or mitigating these threats in the year ahead …
Last year, in one of thousands of surveys conducted on cybersecurity trends affected by the pandemic, 20% of companies cited that they had faced a security breach as a result of a remote worker, and 18% cent noted that cybersecurity was not a priority for their employees.
The survey, conducted by Malwarebytes Lab is just one of many that either support or refute the general observation cybersecurity was taken for granted due to more pressing concerns such as business survival and continuity.
Regardless, through a culmination of the entire year’s research, it is not unreasonable to conclude that 2021 will be defined by pandemic-linked operational concerns such as cybersecurity, digital transformation and pivoting for sustainability and resilience.
The five predictions by Malwarebytes for the Asia-Pacific region here can hopefully play a part in helping businesses hedge their risks against the other competing priorities. Heed them or play down the risks—the choice is yours to take, but remember, any consequences will also be yours to bear:
- Android stalkerware to surge in 2021
Throughout 2020, there was an uptick in stalkerware-type app detections for Android since lockdown orders were implemented from March onwards.
Stalkerware enables an abuser to intrude into a person’s private life and can be used as a tool for abuse in cases of domestic violence and stalking. By getting these applications installed on a person’s device, abusers can get access to their victim’s messages, photos, social media, geolocation, audio or camera recordings.
Such programs run hidden in the background, without a victim’s knowledge or consent. From January to October 2020, Malwarebytes recorded a 584% increase in stalker app detections, and a 1,044% increase in spyware detections. Overall, this represents more than 43,000 stalker app detections in the first 10 months of 2020.
In an effort to battle stalkerware, the Coalition Against Stalkerware (co-founded by Malwarebytes), aims at improving detection and mitigation of stalkerware, as well as educating individuals and victims on the technical aspects of the threat.
- A spike in e-commerce threats
Having gained richly from their exploits in 2020, threat actors see 2021 as the perfect time to conduct more cybercrimes via e-commerce platforms. Just recently, RedMart experienced a major cybersecurity compromise. With access to sensitive information (regardless of the data’s age), threat actors look to install malware and even ransomware on victims’ devices by baiting them to click on attractive links.
Here are some of the common symptoms of an infected system: new toolbars or buttons appear in your browser; a constant barrage of ad pop-ups; system is slow and crashes repeatedly; and e-mails that keep bouncing. With the increased traffic in e-commerce platforms, and even messaging apps that sport mobile commerce, it is likely that attackers such as Magecart are dovetailing new tactics as we read this article. E-commerce security is something that cybersecurity professionals and consumers alike have to pay close attention to.
- Increases in RDP attacks and major ransomware activity
Through social engineering or brute force attacks, threat actors are always trying to gain a hold of login credentials for a remote desktop, from which they will be able to deploy a ransomware and demand for payment from the victim.
Many organizations fail to secure their RDP services against unauthorized access, making it easy for threat actors to execute an RDP attack.
There are some things that you can do to make it harder for unauthorized users to access your network: place the RDP access behind a virtual private network (VPN); use an RDP Desktop Gateway Server that also gives you additional security like two-factor authentication; use strong passwords; limit users; and enable Network Level Authentication (NLA).
- Watch out for Emotet
It was reported in Oct 2020 that Emotet detections had increased 1,200%from July to September compared to the previous three months in which deployment of the malware appeared to decline.
Experts believe that the threat will continue well into 2021 and beyond. Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious links. Emotet emails may contain familiar branding designed to look like a legitimate email. They may try to persuade users to click on malicious attachments and files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies.
The top five sectors that Emotet had targeted include the manufacturing, financial services, media, aviation and healthcare sectors.
Individuals can mitigate the risk from Emotet: keep your computer/endpoints up-to-date with the latest security patches; put a priority on creating strong passwords with two-factor authentication; avoid clicking on suspicious or too-good-to-be-true links; and protecting your system with a robust cybersecurity watchdog.
- Advanced Persistent Threats are gearing up, expect more air-gap attacks
An Advanced Persistent Threat (APT) is a prolonged, targeted attack on a specific entity or entities with the intention of compromising their systems and gaining information from or about them. The target can be a person, an organization or a business.
When these threats were named APT, the main targets were governments and military organizations. However, that no longer implies that there is only one kind of malware involved, because an APT usually consists of several different attacks.
In 2021, APTs are expected to switch up by targeting the air-gap networks that governments and large organizations rely on for data protection. APT actors are also attempting to switch to a multi-platform malware that can threaten Linux and Mac operating systems.
Moreover, with the increase in online and mobile usage, mobile phones are no exception to APTs. Malicious documents are the main initial vector but threat actors are switching from excel Macros to Excel4 or Excel and Macro formats that are embedded in the formulas (and/or in ‘very hidden’ worksheets), making them tricky to contain.