2021 Cybersecurity Shifts

Russell Thomas, Enterprise Security Mag Europe | Friday, May 28, 2021

Hackers have converted many developed malware families into botnets to create compromised computers’ armies to launch attacks.

FREMONT, CA: COVID-19, an ultra-rare and high-impact case that has unraveled business as usual. It has pushed companies to put aside their current market and strategic plans and immediately set out to provide safe remote access to their employees on a large scale. Security departments were also faced with escalating challenges to their latest cloud deployments, as hackers tried to take advantage of the pandemic disruption.

That is, possibly, the most predictable thing about cybersecurity: threat actors will still attempt to take advantage of global incidents or improvements to their own benefit. Here are some significant shifts and happenings relevant to cybersecurity that one can expect in the cyber environment over the next 12 months.

Double Extortion Raises the Ransomware Stakes: The year 2020 saw a dramatic spike in double-extortion ransomware attacks: hackers first steal vast volumes of confidential data before encrypting the victim’s databases. Then, criminals threaten to leak this data before ransom demands are paid, placing more pressure on companies to satisfy hackers’ needs. Attacks have been so damaging that the FBI has relaxed its ransom stance: it now claims that, in some situations, companies will want to pay up to protect their owners, staff, and clients.

The Botnet Army Will Continue to Grow: Hackers have converted many developed malware families into botnets to create compromised computers’ armies to launch attacks. Emotet, the most widely used malware in 2020, originated as a banking Trojan but has developed into one of the most persistent and flexible botnets capable of launching various malicious exploits, from ransomware to data theft.

Privacy: For many users, their mobile devices now have a lot of personal information than they know due to applications that allow extensive access to people’s addresses, texts, and more.

Weaponizing Deep Fakes: Tools for false video or audio are now mature enough to be armed and used to generate targeted material to exploit opinions, asset markets, or worse. Earlier this year, a political party in Belgium released a deep-seated video of the Belgian Prime Minister’s speech relating COVID-19 to environmental damage and calling for climate change action. A lot of viewers felt the speech was genuine. At a simplistic level, audio could be faked for voice phishing so that the CEO’s address could be forged by providing orders to pass cash to account personnel or voice recognition apps.

Weekly Brief