The resurgence of ransomware, a barrage of phishing attacks, enterprise cyberattacks on the rise in novel sectors, and government organisations getting hacked. A flurry of security incidents has made 2020 the poster child for Cybercrime. And unfortunately, there are no signs of these trends receding in the near future. That said, every enterprise needs to be aware of the top threats to their security setup in 2021.
Who will Guard the Guards? : Massive Increase in Social Engineering Attacks:
Social Engineering Attacks typically rely on human interaction and manipulation to extract and exploit sensitive information. These multi-step attacks involve securing the victim’s trust by engaging them through false security narrative, and then proceeding to expand their foothold in the victim’s system, and siphon off data in the process. In the absence of supervised work environments, atleast in the near future, it is likely that workforces which are not cyber-literate may be unwitting victims of social engineering attacks
Social Engineering attacks are typically difficult to stop through technological intervention. The primary reason behind this is simple: You may stop a hacker from siphoning data through malware, but you can’t really stop your own employees from voluntarily sharing sensitive credentials with malicious actors.
The only plausible method to actually mitigate social enginerring attacks is through comprehensive cyber education within your organisation, wherein employees will be acquainted with atleast the basics of cyber hygiene
The not-so-remote risks of Remote Work
It is now taken for granted that remote work policies are not going to go away any time soon. A majority of organisations have made the shift to remote work, and it is only plausible to expect that the risks associated with remote work are here to stay as well. With the proliferation of multiple technologies for remote work enablement, the question arises, how safe are our conversations? How safe is the data we are sending across to our colleagues? How safe is the DevOps environment in which we plan our application development pipeline? Not so much, it seems.
Typically, companies use VPNs to secure remote access of their corporate applications and cloud applications for remote workforces. But VPNs today are faced with replete issues, and are considered all but obsolete. With the trend of BYOD policies and the resultant increase in unmanaged devices, secure access through VPNs becomes a distant possibility. And remote workforces are often more vulnerable to phishing attacks, which means that their systems need to be segmented and granted application access without network access, so that they don’t give hackers scope for lateral movement.
Thankfully, enterprises have become increasingly aware of the inadequacies of VPNs, and have shifted to more novel technologies and approaches like Zero Trust Application Access
Ransomware Refurbished:
2020 was dictated by some significant ransomware attacks. Ransomware attacks typically involve a threat to perpetually block highly sensitive data unless some form of ransom is paid by the victim. These extortion attacks took a new turn in 2020 with the Honda Ransomware attack, probably one of the first prominent ransomware attacks to target ICT systems.
Ransomware Attacks have become more advanced with time, especially with the increasing use of cryptoviral extortion. 2021 may see the rise of RansomHack, a form of Ranomware that not only encrypts the data for extortion, but also simultaneously exfiltrates the data, without the knowledge of the victim. If such attacks are propounded on a larger scale, they may cause significant losses.
Attack on the Supply Chain:
In the aftermath of the success of the SolarWinds attacks that affected government and private organisations worldwide, expecting large scale supply chain attacks in the next 12 months is prudent. IT managers can continue to expect a lot more attacks on their technology providers, MSPs, and contractors, given that they can serve as potential vulnerable points of entry into an organisation’s network.
A primary lesson to learn here is that no matter how secured you think your websites are, there is always a vulnerable spot for attackers to land their footholds. It is important to employ various security measures and technologies like Software Defined Perimeter and Microsegmentation to keep your eyes on every component of your supply chain.
CobaltStrike:
CobaltStrike is a penetration testing toolkit that is usually employed by security researchers, and is being simultaneously used by malicious actors for post-exploitation, covert communication, and other malicious acts. Cobalt Strike has come up in many conversations regarding major cyber breaches recently. In 2020, Cobalt Strike and Metasploit, another pen testing tool, accounted for hosting more than 25% of all malware Command and Control Servers that were deployed in 2020.
Given that the source code for Cobalt Strike was recently leaked on Github, it has given malicious actors the option to customise the source code to serve covert blackhat attacks. This serves as a major red flag for security experts, and we can expect to see the name Cobalt Strike come up every now and then, in relation to major cyber breaches in 2021
2020 was a year where some hitherto unimaginable things happened. The happenings in the cybersecurity are no different. With some of the world’s largest and presumably safest organisations getting breached, it has forced companies to have a re look at their security posture, and take cybersecurity seriously, for the next year, and the next decade