By Tom Kellermann, Head of Cybersecurity Strategy, VMware Carbon Black
Everything is different, and yet the same. As we look ahead to the cybersecurity landscape in the next 12 months, it is from a position no one predicted this time last year. Business operations have changed beyond recognition with most employees working from home in a transition that happened almost overnight. Stretched security teams have been challenged to rapidly deploy robust remote working facilities to maintain productivity. Most were writing the ‘pandemic playbook’ as they went along.
Ironically, one of the few certainties of the situation was that cybercriminals would take advantage of disruption to escalate campaigns. In that sense, nothing changed, except that the opportunity was suddenly much greater. As a result, nine in ten security professionals surveyed by our Threat Analysis Unit said they were facing increased attack volumes, which they attributed to the new distributed working environment.
The effects of COVID-19 will continue to impact the cybersecurity sector for some time, but they are not the only considerations. This year we’ve seen cybercrime and cybercriminal groups continue along a path of technical and industry innovation that will see new strategies and tactics gain traction in 2021. We have also seen cyber defenses tested like never before and, for the most part, they have held firm; there is a reason for cybersecurity professionals to be optimistic.
With this in mind, the following are six trends we expect to see, and key areas cybersecurity professionals should keep their eyes on in 2021.
As business becomes more mobile than ever and remote working persists, mobile devices and operating systems will be increasingly targeted. As employees use personal devices to review and share sensitive corporate information, these become an excellent point of ingress for attackers. If hackers can get into your Android or iPhone, they will then be able to island hop into the corporate networks you access, whether by deactivating VPNs or breaking down firewalls.
We will also see hackers using malware such as Shlayer to access iOS, ultimately turning Siri into their personal listening device to eavesdrop on sensitive business communications.
Combating these risks requires a combination of new mobile device policies and infrastructure designed to facilitate continued remote working, as well as raising employee awareness of the persistent risks and the importance of digital distancing.
In terms of the direct impact of COVID-19 the healthcare sector, at the heart of crisis response, will see the adaptations it made to try and maintain patient services become a vulnerability. With the growing reliance on telemedicine for routine medical appointments lucrative personally identifiable information (PII) is being accessed from remote locations and as a result is more easily intercepted by hackers. At the same time, vaccine-related data pertaining to trials and formulae is some of the most sought-after intellectual property right now and the drive to get hold of it for financial or political gain is putting healthcare and biotech organizations under intense pressure from external threats and insider risk.
That said, the strain on healthcare cybersecurity is not going unheeded; we will see increased IT and security budgets in the sector to combat the growth in external threats.
As the new year dawns, we will see tried and tested tactics evolving to become more sophisticated and take advantage of changes in network architecture. Cloud-jacking through public clouds will become the island-hopping strategy of choice for cybercriminals as opportunity proliferates due to the overreliance on public clouds by the newly distributed workforce.
It won’t be only the virtual environment under threat. Increasing cyber-physical integration will tempt nation state-sponsored groups into bolder, more destructive attacks against industrial control system (ICS) environments. Critical National Infrastructure, energy, and manufacturing companies will be in the crosshairs as OT threats ramp up. Our analysts are seeing new ICS-specific malware changing hands on the dark web and we are likely to see it in action in the coming year.
Another familiar tactic taking on a new twist is ransomware. Ransomware groups have evolved their approach to neutralize the defensive effect of back-ups and disaster recovery by making sure they’ve exfiltrated all the data they need before the victim knows they’re under attack. Once the systems are locked attackers use the data in their possession to extort victims to pay to prevent the breach from becoming public. And if that fails, they can sell the data anyway, meaning the victim is doubly damaged.
Ransomware is such a big business that the leading groups are collaborating, sharing resources and infrastructure to develop more sophisticated and lucrative campaigns. Not all collaborations will be successful, however, and we’ll see groups disagreeing on the ethics of targeting vulnerable sectors such as healthcare.
Technology innovation is as relevant to attackers as it is to defenders and, while artificial intelligence and machine learning have significant benefits in cybersecurity, we can expect to see adversaries continue to advance in the way AI/ML principles are used for post-exploitation activities. They’ll leverage collected information to pivot to other systems, move laterally, and spread efficiently – all through automation.
The silver lining is that in 2021 defenders will begin to see significant AI/ML advancements and integrations into the security stack. Security automation will be simplified and integrated into the arsenal of more organizations – not just those with mature SOCs. As awareness of how attackers are using automation increases, we can expect defenders to fix the issue, maximizing automation to spot malicious activity faster than ever before.
To finish on a resoundingly positive note, this year we saw cyber defenses placed under inconceivable strain and they flexed in response. Yes, there were vulnerabilities due to the rapidity of the switch to fully remote working, but on the whole security tools and processes are working. Defender technology is doing the job is it designed to do and that is no small feat.
The mission-critical nature of cybersecurity has never been more apparent than in 2020 as teams have risen to the challenge of uniquely difficult circumstances. In recognition of this, we will see board-level support and a much healthier relationship between IT and security teams as they collaborate to simultaneously empower and safeguard users. 2020 has been the catalyst for change for which we were more than ready.