Everything is different, and yet the same. As we look ahead to the cybersecurity landscape in the next 12 months, it is from a position no one predicted this time last year. Business operations have changed beyond recognition. Most employees now work from home in a transition that happened almost overnight. Stretched security teams have been challenged to rapidly deploy robust remote working facilities to maintain productivity. Most were writing the ‘pandemic playbook’ as they went along.
Ironically, one of the few certainties of the situation was that cybercriminals would take advantage of disruption to escalate campaigns. In that sense, nothing changed, except that the opportunity was suddenly much greater. As a result, nine in ten security professionals surveyed by our Threat Analysis Unit said they were facing increased attack volumes. These were attributed to the newly distributed working environment.
The effects of COVID-19 will continue to impact the cybersecurity sector for some time, but they are not the only considerations. This year we’ve seen cybercrime and cybercriminal groups continue along a path of technical and industry innovation. It will see new strategies and tactics gain traction in 2021. We have also seen cyber defences tested like never before and, for the most part, they have held firm. There is a good reason for cybersecurity professionals to be optimistic.
With this in mind, the following are six trends we expect to see, and key areas cybersecurity professionals should keep their eyes on in 2021.
1. Remote-working focuses attacker attention on mobile compromise
As business becomes more mobile than ever and remote working persists, mobile devices and operating systems will be increasingly targeted. Employees using personal devices to review and share sensitive corporate information, become an excellent point of ingress for attackers. If hackers can get into your Android or iPhone, they will then be able to island-hop into the corporate networks you access, whether by deactivating VPNs or breaking down firewalls.
We will also see hackers using malware such as Shlayer to access iOS. It turns Siri into their personal listening device to eavesdrop on sensitive business communications.
Combating these risks requires a combination of new mobile device policies and infrastructure designed to facilitate continued remote working. It also requires raising employee awareness of the persistent risks and the importance of digital distancing.
2. Continuing direct impacts on healthcare
COVID-19 means the healthcare sector is at the heart of crisis response. It will see the adaptations it made to try and maintain patient services become a vulnerability. There is a growing reliance on telemedicine for routine medical appointments. It means lucrative personally identifiable information (PII) is accessed from remote locations. As a result, it is more easily intercepted by hackers.
Simultaneously, vaccine-related data pertaining to trials and formulae is some of the most sought-after intellectual property. The drive to get hold of it for financial or political gain is putting healthcare and biotech organisations under intense pressure from external threats and insider risk.
Thankfully, the strain on healthcare cybersecurity is not going unheeded. We will see increased IT and security budgets in the sector to combat the growth in external threats.
3. Emerging tactical trends: cloud-jacking and destructive ICS attacks
As the new year dawns, we will see tried and tested tactics evolving to become more sophisticated. They will take advantage of changes in network architecture. Cloud-jacking through public clouds will become the island-hopping strategy of choice for cybercriminals as opportunity proliferates due to the overreliance on public clouds by the newly distributed workforce.
It won’t be only the virtual environment under threat. Increasing cyber-physical integration will tempt nation state-sponsored groups into bolder, more destructive attacks against industrial control system (ICS) environments. Critical National Infrastructure, energy and manufacturing companies will be in the crosshairs as OT threats ramp up. Our analysts are seeing new ICS-specific malware changing hands on the dark web, and we are likely to see it in action in the coming year.
4. The ransomware economy pivots to extortion and collaboration
Another familiar tactic taking on a new twist is ransomware. Ransomware groups have evolved their approach to neutralise the defensive effect of back-ups and disaster recovery. They make sure they’ve exfiltrated all the data they need before the victim knows they’re under attack. Once the systems are locked, attackers use the data in their possession to extort victims to pay to prevent the breach from becoming public. And if that fails, they can sell the data. It means the victim is doubly damaged.
Ransomware is such big business that the leading groups are collaborating. They share resources and infrastructure to develop more sophisticated and lucrative campaigns. Not all collaborations will be successful, however, and we’ll see groups disagreeing on the ethics of targeting vulnerable sectors such as healthcare.
5. AI utilised for defensive and offensive purposes
Technology innovation is as relevant to attackers as it is to defenders. Artificial intelligence and machine learning have significant benefits in cybersecurity. However, we can also expect to see adversaries continue to advance in how AI/ML principles are used for post-exploitation activities. They’ll leverage collected information to pivot to other systems, move laterally and spread efficiently – all through automation.
The silver lining is that in 2021 defenders will begin to see significant AI/ML advancements and integrations into the security stack. Security automation will be simplified and integrated into more organisations’ arsenal – not just those with mature SOCs. As awareness of how attackers use automation increases, we can expect defenders to fix the issue, maximising automation to spot malicious activity faster than ever before.
6. Defender confidence is justifiably on the rise
To finish on a resoundingly positive note, this year we saw cyber defences placed under inconceivable strain, and they flexed in response. Yes, there were vulnerabilities due to the rapidity of the switch to fully remote working, but on the whole security tools and processes are working. Defender technology is doing the job it is designed to do, which is no small feat.
Cybersecurity’s mission-critical nature has never been more apparent than we saw in 2020 and teams have risen to the challenge of uniquely difficult circumstances. In recognition of this, we will see board-level support and a much healthier relationship between IT and security teams as they collaborate to simultaneously empower and safeguard users. 2020 has been the catalyst for change for which we were more than ready.
This article was written by Tom Kellermann, Head of Cybersecurity Strategy, and Rick McElroy, Head of Security Strategy and Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black
VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.
More than 6,000 global customers, including approximately one-third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.