06 Oct 2021 What are the current cyber threat trends in 2021?
Many current cyber threat trends hinge on change and uncertainty caused by the COVID-19 pandemic. Whether it’s a panicked email recipient falling for a phishing scheme, innovations in ransomware, or simply remote workforces offering larger surfaces to attack, the goal of each is to find gaps in your company’s cyber security armour.
by Daan Jacobs
Here are the old, new, and evolving trends to keep an eye on, and steps you can take to mitigate your company’s risk factors.
1. Spear phishing
Phishing is, in general, the practice of sending fraudulent emails or text messages in the hopes that the unsuspecting recipient will share sensitive information. This type of messages attempt to mimic trusted people or companies, such as a family member, colleague, or frequently used businesses (like your bank or phone service provider).
It is often the stepping stone for malicious actors on their journey to install malware, ransomware, or simply steal data.
What’s the difference between phishing and spear phishing?
While phishing schemes hope to catch just about anyone in their net, spear phishing targets specific individuals, typically those who have high-level access to sensitive data at an organization. They tend to be executives, IT professionals, or members of the finance department. These roles are targeted because hacks to their accounts or machines can cause greater destruction. Whaling attacks, another type of phishing, exclusively targets executive leadership.
Spear phishing often targets a specific user’s ID and password information and, if successful, the hacker can gain access to the organization’s most sensitive information, deploy malware on impacted machines.
Both are forms of social engineering, a category of attacks that all involve manipulating users into giving up confidential information. Cybersecurity researchers have also identified increases in phishing outside of email, including SMS phishing, voice phishing, and SIM jacking.
Ransomware is today’s cyber weapon of choice, and it is a problem that only seems to be getting worse. Type of malware that encrypts an organization’s data and demands payment to unlock access, is also capable of erasing data entirely or encrypting it with an unencryptable algorithm. In 2020, ransomware attacks made up 23 percent of all reported incidents and resulted in 36 percent of all public data breaches.
3. Ransomware-as-a-Service (RaaS)
A disturbing new business model is RaaS, which allows ransomware developers to lease their tools in a subscription-based model like SaaS (Software-as-a-Service). This type of expanded access, which can include add-ons like 24/7 support access, user forums, and other benefits similar to legitimate SaaS software, is allowing more users than ever before to unleash ransomware attacks.
RaaS developers tend to be highly skilled, and they offer ransomware that has both a high chance of penetration success and a low chance of detection by targets’ cybersecurity systems.
The growth of RaaS may only exacerbate an already negative trend towards more ransomware attacks and higher pay-outs.
4. Cryptojacking attacks
Cryptojacking is the criminal version of cryptocurrency mining. This online threat involves hacking devices (both desktop and mobile) to embed cryptomining software, which then leeches processing power towards cryptomining. Often, the device owner is completely unaware of the illicit usage, since cryptojacking excels at remaining hidden from the victim.
There are two main ways that a device can be infected with cryptojacking software: the first is that, like phishing, cryptojackers can gain access to devices when users click on a malicious email link. The other main method is infecting a website or ad with code that auto-executes once the victim accesses the site.
5. Internal threats vs. external threats
While the risk from insider threats is, on the whole, decreasing, internal actors are still responsible for nearly 50 percent of all data loss. This is due to both intentional and accidental data breaches.
Most users (approximately 70 percent), have access to more data than they need for their role. Even if they don’t intentionally view or share sensitive data, if they fall subject to a phishing scheme, their access privileges could lead to a larger data breach than needed.
Humans are fallible and mistakes are inevitable, so it is not a question of if but when an employee’s account will be compromised. But you can take steps to mitigate any fallout before that happens by limiting access, among other steps.
6. Cyber-attack surface and remote work
For many organizations, digital transformation happened more quickly than expected due to COVID-19 and the need to move to remote work. The recent surges in remote work have increased the connections into many organizations’ networks, opening new doors for all types of attacks. Whether employees are deliberately opening connections with a secure work laptop or inadvertently with insecure connections and devices, make sure you know what traffic into and out of your network looks like.
Data breaches can intensify due to a remote workforce unless risks are addressed. For example, office-based workers benefit from on-site safeguards and defences put in place by IT. Remote workers typically do not have those same security measures. Basic tasks, such as file sharing, can take on more risk simply because data is moving between two separate networks.
7. Supply chain
Supply chains are among the most common avenues for attack, and hackers continue to exploit them. Hackers can infiltrate via trading partners, clients, or even providers linked to a small enterprise, especially within the financial services industry.
Hackers take advantage of supply chains via the connections between organizations, as well as unsecured data travelling between systems. File and data transfer can be fraught with risk. Data that isn’t properly encrypted, both in transit and at rest, is at risk of compromise.
How to mitigate current cyber threat trends?
Today’s current cyber threat trends look like a domino effect: each overlaps another, and most boil down to better cybersecurity practices.
Cyber threats were going to continue their upward trajectory through the 2020s regardless, and COVID-19 has offered novel opportunities for malicious actors and has forced security professionals to accelerate changes or adjust their tactics to mitigate cyber risks.
Luckily, none of these trends are wholly new, so there are tried-and-true methods available to avoid them. All you need is to take a step back and evaluate your greatest risk factors.
The number one mitigation tool is education. Most cyber threats, including ransomware and RaaS, start with phishing attempts.
Establishing and embracing education and training for your workforce is key to building a strong data security base. When your employees are consistently exercising the best security practices, you reduce risk factors within your organization and can focus the bulk of your energy on external threats.
2. Passwords and multi-factor authentication
While password best practices seem to change constantly, there one basic guidelines that everyone should follow: using strong, unique passwords for all sites and software.
If your username and password is the golden ticket that every hacker is hoping to find, make any potential “wins” smaller by reducing the number of tools and databases a hacker will gain access to if they happen to discover one password.
Multi-factor authentication adds another layer of security by verifying that it’s you who is accessing your account, and not someone who’s gained access to your username and password.
3. Cybersecurity software
Implementing the right software solutions can support cybersecurity efforts across all business areas.
For example, you may be checking systems manually that could be monitored automatically. Upgrades to manual processes can help mitigate human error. Software with role-based security and audit logging will ensure that you always know who accessed or changed what, and when they did it. Further, there’s always data security software that can help you discover gaps in your security systems.