Actu
Security Predictions After 2020....Seriously?
December 2020 by Jonathan Couch, Senior Vice President of Strategy, ThreatQuotient
Year after year, I and many others attempt to make "predictions" about the coming year in the area of cyber security. Sometimes we are bold and we describe entirely new attacks that may arise; other times we play it close to the vest and talk about more of the same from what we’ve seen the current or prior year. I can definitively say that apart from Bill Gates in his 2015 TED talk, I don’t think anyone saw what was coming this year and how it would affect life and cyber security.
I’ve worked in security for a few decades now and I have learned one simple rule: the bad guys only do something new when what they’re using now isn’t working. It’s an arms race. We build better defenses and they evolve their tools and tactics. This has been proven out recently with the advancements in ransomware over the years. As organizations started to adapt by creating offline backups, attackers started to exfiltrate data out of the network in addition to encrypting it locally. They threatened to expose the data publicly if the ransom wasn’t paid.
Another rule (more like a trend) I’ve seen over the years is that attackers will also target both new tech and old. They leverage older vulnerabilities that a lot of big companies or lazy home users haven’t had time to patch, or haven’t prioritized patching. They also leverage new technologies that were developed for usability vs security. Mobile apps and social media are good examples here, like FaceApp or WhatsApp. When they were first launched and became massively popular a lot of focus was put on them to try and find vulnerabilities. It was an easy way to target millions of potential victims, enabled by fairly unproven technologies thrust into the public realm.
While 2020 definitely threw a wrench in most predictions, we did see attacks fall along the lines of the two golden rules. We saw more evolved ransomware attacks and we saw attacks against "new" technologies that were thrust into the public eye because of the pandemic. Ransomware evolved even more into the Ransomware as a Service (RaaS), taking the lead from the commercial industry in how to deploy infrastructure at low cost and then profit without having to actually find users/targets. Ransomware also started integrating and interacting more with other malware, such as remote access tools (RATs) to better spread through networks and users. The second rule also came into play as organizations were forced to adapt to a remote workforce and employed conferencing tools like Zoom, Cisco WebEx, Microsoft Teams, and Google Meet.
So where does that leave us for 2021? Well, I’m going to stick with my rules. In 2021, we will continue to see the evolution of ransomware and malware in general and we will see the targeting of new technologies that are released.
Malware itself is becoming more specialized and modular. BlackEnergy and Emotet are two great examples. Both started as banking malware and both have evolved into more modular malware where the code has one or two basic functions (usually initial infection and then propagation to other users/hosts). The malware can then be instructed to download other modules depending on the target and the end goals of the adversary. If you want to deploy ransomware, download that module; if you want to search for and exfiltrate data, download a different module. It is "plug and play hacking" at its best and it can be very difficult to defend against because it quickly spreads throughout the network versus focusing on only the hosts that are initially infected.
It is difficult to predict what new technologies will be released in 2021 that will be the amazing new breakout technology that captures millions of users. I do believe, however, that as commercial businesses, governments, and society overall adapts to the new norm (I’m convinced that everything won’t return to the way it was once vaccines are released) that new tools and technologies will be developed to support the remote work model. New conferencing and collaboration tools and remote access technologies will be developed and released. I think the biggest threat will be to new and unique cloud-based and SaaS tools that will hit the market in 2021. Many of these may rush to market due to the potential to grab market share and will not be ready for "prime time" in the security area.
Overall, I think it is important that security teams stay on top of standard security practices and user awareness to help protect against malware like ransomware in 2021. Additionally, keep an eye on new and emerging technologies that are released to the workforce to ensure they are secure. Think like the adversary: imagine ways you could use whatever information is stored or transferred when using those tools. Then think of what would happen if that information were to be acquired by someone and how they might get to it. Always keep a critical eye toward mega-popular apps and think it through to make sure users know the risks.
