New cyber threat angles, attack strategies expected in 2021, Kaspersky says
The evolution of the cyber environment is predicted to bring about further challenges in the near future
Cybertech
| 29/11/2020
Photo: Bigstock
The cyber-related turmoil of 2020 will lead to many structural and strategic changes in targeted cyberattacks by advanced persistent threat actors next year, with new attack vectors, such as the targeting of network appliances and the search for 5G vulnerabilities, surfacing alongside multi-stage attacks, researchers from cybersecurity company Kaspersky said.
The forecast was said to be based on changes that Kaspersky’s Global Research and Analysis Team witnessed during 2020, and published to help the cybersecurity community prepare for the challenges that lie ahead.
One of the key, and potentially most dangerous, trends that Kaspersky researchers anticipated is the change in threat actors’ approach to the execution of attacks. Last year, targeted ransomware attacks reached a new level through the use of generic malware as a means to get an initial foothold in targeted networks. Connections between these attacks and well-established underground networks such as Genesis, which typically trade in stolen credentials, were observed. Kaspersky researchers believe that APT actors will start using the same method to compromise their targets, the company said.
As a result, organizations should pay increased attention to generic malware and perform basic incident response activities on each compromised computer to ensure that generic malware has not been used as a means of deploying more sophisticated threats.
According to Kaspersky, other targeted threat predictions for 2021 include:
More countries using legal indictments as part of their cyber strategy. Kaspersky’s previous predictions of “naming and shaming” of APT attacks carried out by hostile parties has come true, and more organizations will follow suit. Exposing toolsets of APT groups carried out at the governmental level will drive more states to do the same, thereby hurting actors’ activities and developments by burning the existing toolsets of their opponents in an effort to retaliate.
More Silicon Valley companies will take action against zero-day brokers. Following scandalous cases in which zero-day vulnerabilities in popular apps were exploited for espionage on a variety of different targets, more Silicon Valley corporations are likely to take a stance against zero-day brokers in an effort to protect their customers and reputation.
Increased targeting of network appliances. With remote work, organizational security has become a priority, and more interest in exploiting network appliances such as VPN gateways will emerge. Harvesting credentials to access corporate VPNs via “vishing” remote workers may also appear.
Demanding money with menace. Ransomware gangs have become more targeted in their attacks and have more often threatened to release stolen data. Following the success of these strategies, the groups will use the money they have extorted to invest significant funds into new advanced toolsets with budgets comparable to that of some state-sponsored APT groups. These changes in strategy may also lead to the consolidation of the ransomware ecosystem.
More disruption will result from direct, orchestrated attacks designed to affect critical infrastructure or cause collateral damage, as our lives have become even more dependent on technology with a much wider attack surface than ever before.
The emergence of 5G vulnerabilities. As adoption of this technology increases, and more devices become dependent on the connectivity it provides, attackers will have a greater incentive to look for vulnerabilities that they can exploit.
Attackers will continue to exploit the COVID-19 pandemic. While it did not prompt changes in tactics, techniques and procedures of the threat actors, the virus has become a persistent topic of interest. As the pandemic will continue into 2021, threat actors will not stop exploiting this topic to gain a foothold in target systems.
The evolution of the cyber environment is predicted to bring about further challenges in the near future
Photo: Bigstock
The cyber-related turmoil of 2020 will lead to many structural and strategic changes in targeted cyberattacks by advanced persistent threat actors next year, with new attack vectors, such as the targeting of network appliances and the search for 5G vulnerabilities, surfacing alongside multi-stage attacks, researchers from cybersecurity company Kaspersky said.
The forecast was said to be based on changes that Kaspersky’s Global Research and Analysis Team witnessed during 2020, and published to help the cybersecurity community prepare for the challenges that lie ahead.
One of the key, and potentially most dangerous, trends that Kaspersky researchers anticipated is the change in threat actors’ approach to the execution of attacks. Last year, targeted ransomware attacks reached a new level through the use of generic malware as a means to get an initial foothold in targeted networks. Connections between these attacks and well-established underground networks such as Genesis, which typically trade in stolen credentials, were observed. Kaspersky researchers believe that APT actors will start using the same method to compromise their targets, the company said.
As a result, organizations should pay increased attention to generic malware and perform basic incident response activities on each compromised computer to ensure that generic malware has not been used as a means of deploying more sophisticated threats.
According to Kaspersky, other targeted threat predictions for 2021 include:
More countries using legal indictments as part of their cyber strategy. Kaspersky’s previous predictions of “naming and shaming” of APT attacks carried out by hostile parties has come true, and more organizations will follow suit. Exposing toolsets of APT groups carried out at the governmental level will drive more states to do the same, thereby hurting actors’ activities and developments by burning the existing toolsets of their opponents in an effort to retaliate.
More Silicon Valley companies will take action against zero-day brokers. Following scandalous cases in which zero-day vulnerabilities in popular apps were exploited for espionage on a variety of different targets, more Silicon Valley corporations are likely to take a stance against zero-day brokers in an effort to protect their customers and reputation.
Increased targeting of network appliances. With remote work, organizational security has become a priority, and more interest in exploiting network appliances such as VPN gateways will emerge. Harvesting credentials to access corporate VPNs via “vishing” remote workers may also appear.
Demanding money with menace. Ransomware gangs have become more targeted in their attacks and have more often threatened to release stolen data. Following the success of these strategies, the groups will use the money they have extorted to invest significant funds into new advanced toolsets with budgets comparable to that of some state-sponsored APT groups. These changes in strategy may also lead to the consolidation of the ransomware ecosystem.
More disruption will result from direct, orchestrated attacks designed to affect critical infrastructure or cause collateral damage, as our lives have become even more dependent on technology with a much wider attack surface than ever before.
The emergence of 5G vulnerabilities. As adoption of this technology increases, and more devices become dependent on the connectivity it provides, attackers will have a greater incentive to look for vulnerabilities that they can exploit.
Attackers will continue to exploit the COVID-19 pandemic. While it did not prompt changes in tactics, techniques and procedures of the threat actors, the virus has become a persistent topic of interest. As the pandemic will continue into 2021, threat actors will not stop exploiting this topic to gain a foothold in target systems.
