With 2020 nearing its much-anticipated end, it’s the time for experts and pundits to prognosticate about the future of their industries in 2021. For better or worse, cybersecurity is no different.
So, with that in mind, what is the landscape for cybersecurity and the evolution of threats in 2021? I’ve put together a list of the 4 top cybersecurity trends that both industry insiders and average users should be aware of.
2020 is ending with an unprecedented surge of ransomware attacks that hit prominent organizations across the world, as well as the apparent commercialization of ransomware groups.
In 2021, most of the attacks will exploit known vulnerabilities in targeted systems in order to gain access to the target networks and manually deploy the ransomware. In response to the ongoing COVID-19 pandemic, a growing number of organizations will allow its employees to remotely access their resources, thus enlarging their surface of attacks. Unpatched systems and poorly protected access points will allow threat actors to compromise a large number of companies.
Most of the attacks will be targeted, while ransomware operators will carefully choose their victims in order to maximize their efforts.
Almost any ransomware group or cartel will adopt a double extortion model, this means that they will initially exfiltrate data from the victims to threaten them of leaking the stolen information in case the ransom will not be paid.
In 2021, the increased demand for internet-of-things (IoT) solutions will be also driven by the adoption of connected healthcare devices, smart offices, and remote asset monitoring. The COVID-19 pandemic and the implementation of 5G networks will be driving businesses to become ever more reliant on IoT technology.
The pandemic has radically changed the concept of the workspace. According to a report published by Forrester, at least 80% of firms will develop comprehensive on-premises return-to-work office strategies that include IoT applications to enhance employee safety and improve resource efficiency. This includes smart lighting, energy and environmental monitoring, and sensor-enabled space utilization solutions. A growing number of organizations will begin to connect more of their assets online to allow remote management.
Unfortunately, a large number of connected devices will not implement security by design. Moreover, most of them will be poorly configured, exposing the organizations and individuals to cyberattacks.
Threat actors will focus their efforts to target unprotected IoT systems with specifically designed malware. This will increase the number and scale of new IoT botnets, some of which will be based on well-known malware, such as the Mirai bot. The diffusion of IoT devices will attract ransomware gangs that could develop specific malware variants to target these systems.
Attacks on consumer and industrial IoT devices, including smart homes, smart meters, and connected cars are already taking place. Unlike a common ransomware attack, IoT ransomware attacks aim at gaining control of the connected system through the use of malicious code, forcing it to work incorrectly (i.e. manipulating the level of medicine in an insulin pump), and leaving the victim no choice but to pay the ransom in order to restore ordinary operations.
2021 will be the year of the first IoT ransomware attacks in the wild.
The Crimeware-as-a-Service (CaaS) model will continue to enable both technically inexperienced criminals and advanced threat actors to rapidly arrange sophisticated attacks.
The most profitable services and products that will be offered using the CaaS model in 2021 are ransomware, malware, DDoS-for-hire services, spam services, and RDP accesses.
Advanced threat actors will adopt these services to make attack attribution difficult and to rapidly arrange hit-and-run operations. In the next months, major botnet operations offered implementing this model, such as Emotet and Trickbot, will be the root cause of infections on a global scale.
The implementation of a modular structure for these malware programs enables reselling and renting sections of their malicious code to cybercriminals without compromising their key differentiators.
Customers of the malware operators will spread them by adopting their own tactics, techniques, and procedures and in some cases use them in highly targeted attacks.
This will increase the professionalization in the cybercrime threat landscape. Some criminal organizations will specifically focus on offering criminal services and products to other criminal gangs, instead of directly targeting users and organizations with their tools.
A growing number of attacks will benefit from the adoption of Artificial Intelligence to carry out malicious activity. In 2021, the introduction of AI-based platforms for attack purposes will allow threat actors to improve the efficiency of their operations by simulating the response of the targets and attempting to elude them in real-time.
The adoption of AI-based systems in misinformation campaigns carried out by nation-state hackers will become a scary reality, with deep fakes that will be spread via social networks and instant messaging apps to influence the sentiment of the population on specific topics fuelling civil disorders.
The good news is that AI is also used for defence purposes to accelerate the identification of sophisticated cyber threats and allow rapid response to block ongoing attacks at an early stage.
The introduction of AI is a game-changer for digital-twin solutions that will be even more popular in the cybersecurity industry.
Digital Twin is a computer model that reflects and simulates the operations of a real infrastructure and its interactions with its surrounding environment, including cybersecurity threats. This method is still in an early stage in cybersecurity and AI technologies will help its rapid diffusion.
AI will help create precise “digital twins” of infrastructure – to protect it and to emulate sophisticated attacks against – creating its digital representation based on the analysis of past campaigns. In this way, it is possible to rapidly identify vulnerabilities and attack patterns, as well as implement proper countermeasures before threat actors could exploit them in a real scenario.
The ongoing pandemic and escalating tensions mean that nation states will be increasingly active in cyberspace next year. In 2021, there will be a significant increase in cyber espionage campaigns carried out by state-sponsored hackers.
In the first half of the year, the industries that will suffer most of the attacks will be healthcare and the pharmaceutical sector, as well as universities and government contractors.
State-sponsored attackers aim at gathering intelligence on strategic Intellectual Property, which can give their governments a technological and economical advantage in the post COVID-19 world.
The ongoing pandemic is hindering the treatment and preventive screening of diseases such as cancer. After the pandemic, cancer cases will begin to increase rapidly. For this reason, new technologies and drugs will be needed to stem the emergency. Organizations and companies involved in the development of new treatments will be targeted by nation-state actors.
APT groups linked to Russia, China, Iran, and North Korea will carry out numerous operations against countries worldwide. Most of the operations will target organizations in the US, Europe, and Middle East. The level of sophistication of these campaigns will continue to increase, making attack attribution to specific threat actors impossible.
Nation-state actors will be also responsible for sabotage and disinformation campaigns. The latter will be aimed at destabilizing governments.
Both nation-state actors and cybercrime organizations will intensify their activity in cyberspace in 2021. The ongoing COVID-19 pandemic will offer them new opportunities to target businesses, government organizations, and citizens worldwide.
We are in the middle of a perfect storm. For this reason, a multi-layered approach to cybersecurity and the involvement of private and government stakeholders is necessary to prevent cyberattacks from having even more dramatic consequences next year.