After a volatile year where the cyber threat landscape evolved as the COVID-19 pandemic progressed, what lessons can we take from 2020, and how should we adapt to the trends we anticipate in 2021?
2020 was the year that everything changed. A shift to remote working led many organisations to evolve their systems, and as their cyber security postures lagged behind hackers were quick to exploit any weaknesses they could.
Where many saw a crisis in the COVID-19 pandemic, hackers saw an opportunity. Cyber-attacks increased at the beginning of UK lockdown in March, and the cybercriminal fraternity claimed several high-profile victims in 2020.
As we continue to adapt to the new normal in 2021, what are the lessons we can take from the high-profile cyber-attacks of 2020? And what trends do we expect to see gain prevalence in 2021?
The Hacks that Defined 2020
As many of us dusted off our laptops and set up what would become not-so-temporary home working arrangements in early-2020, high-profile cyber-attacks were already being launched by cybercriminals eager to take advantage of the disruption caused by the COVID-19 pandemic.
- Marriott International. In April 2020, a cyber-attack on Marriott International targeted the information of up to 5.2 million guests. The hackers may have used login data of two Marriott International employees, quite possibly gained through phishing emails that posed as legitimate communications while actually taking them to malicious domains that harvested their login credentials. Lesson learned: This attack highlights cybercriminals’ focus on obtaining login details to launch cyber-attacks and the importance of protecting these login details as much as possible.
- Hackney Council. In October 2020, cybercriminals launched a cyber-attack on Hackney Council in London. Details on how the attack was launched are a little thin on the ground. But many people believe hackers targeted Hackney Council with ransomware, a malicious form of malware that encrypts files – making them unusable. Lesson learned: This attack was part of a trend towards cybercriminals targeting organisations throughout the public and private sectors. These are often seen by attackers as softer targets, given their need to stretch funding and due to the critical services they deliver.
- SolarWinds. In late-2020, it was revealed that hackers thought to be sponsored by the Russian state compromised software developed and managed by SolarWinds, an IT monitoring and management software provider. It went big: according to reports, the hackers were able to deliver malware payloads that compromised multiple US government departments. Lesson learned: This cyber-attack highlighted the need for organisations to consider their supply chain security, and the potential risks introduced by third-party suppliers.
- COVID-19 and remote working-related hacks. Throughout 2020 and into 2021, cybercriminals have targeted remote workers with phishing campaigns designed to exploit fear, uncertainty and disorganisation. Lesson learned: Remote working increases cyber security risks. It’s important that organisations align their remote working security postures to their risk appetites to minimise the threats they face as their people continue to work away from the office.
Cyber Security Trends for 2021
In 2021, we anticipate that cybercriminals will continue to exploit vulnerabilities brought about by stretched resources and remote working. Below are three key threats that organisations should be aware of this year:
- Phishing. Malicious emails containing links or documents laden with malware continue to be a prominent threat. Criminals design them to evade both technical and human defences. Phishing emails will remain one of the primary threat vectors that hackers use to deliver both ransomware and business email compromise (BEC) attacks in 2021, and organisations need to know how to be better at defending against them.
- Ransomware. Ransomware will remain the most prominent cyber threat to all organisations in 2021. The tactics of ransomware operators will evolve to ensure they continue to evade defences and pressure victims to pay. There will be a continued increased emphasis on double-extortion attacks that leak data online to extort victims, with further use of social media to amplify the pressure on victims. Other tactics could include increased use of distributed denial of service (DDoS) to attack victims and further pressure them to pay.
- Business Email Compromise. Business email compromise (BEC) will become a more significant threat to all organisations in 2021. BEC is the defrauding of organisations by criminals placing themselves in the payment chain of companies through various methods, including social engineering, domain spoofing and account takeover. BEC tactics evolved through 2020, including the targeting of group inboxes with fraudulent instructions to change payment details for a client or vendor. In 2021, BEC may become an equal threat to ransomware for all organisations.
Adapting to Protect Your Organisation
So how can you adapt to protect your organisation in the 2021 threat landscape? Well, point solutions are all well and good but ‘defence in depth’ can only be achieved by understanding your security posture, aligning it to your risk appetite, and continually assessing it for suitability. The first step to achieve this is a cyber security assessment.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.