This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Flint Brenton, CEO, Centrify:
"Intellectual property will be hackers’ next golden ticket. In 2020, we saw a rise in healthcare breaches, likely because patient records often fetch up to $1,000 each. Compared to credit card data, which goes for just $12-20, and email addresses, which average around $100 in bulk, it makes complete financial sense. But during the COVID-19 pandemic, we began seeing an alarming trend of cyber adversaries targeting intellectual property such as vaccine research, including Russia’s APT29 going after research centers in the U.K., U.S., and Canada. With countries and companies around the world competing to be the first to announce a distributable vaccine, we believe hackers and possibly even insiders will begin releasing the fruits of their malicious efforts on the Dark Web in 2021 -- for a premium fee of tens, if not hundreds of thousands of dollars.
Messaging and video conferencing platforms will become the catalysts for the next wave of phishing attacks. Spear phishing attacks have steadily been on the rise as a result of COVID-19, increasing by as much as 600%, according to Barracuda. As organizations continue to work remotely and rely on video conferencing and messaging platforms for daily correspondence among team members, cybercriminals will creatively leverage the range of ways we connect in a remote world. From video conferencing platforms to messaging apps, these channels keep us virtually connected to our colleagues but leave substantial room for cyberattacks. As we grow accustomed to communicating in real time, we will see a rise in cybercriminals utilizing employee accounts to conduct phishing attacks, potentially even including spear phishing by video (e.g. using “deep fake” technology) and spear phishing on third-party messaging platforms (often through hackers weaponizing webhooks).
Prevention for this new, opportunistic wave of phishing goes beyond training. Organizations should plan ahead by requiring multi-factor authentication (MFA) wherever possible as well as ensuring they leave zero standing administrative privileges. MFA is designed to create more certainty that the person using the username and password is who they claim to be based on something they know (such as a password or PIN), something they have (such as a smartphone or hardware key), or something they are (such as biometrics including Face ID or a fingerprint scan). Eliminating standing privileges reduces the ability for the attacker to cause damage and move laterally throughout the network.
Ransomware incidents will triple -- and data exfiltration will overtake encryption as the attackers’ end game. Since the beginning of 2020, research has shown U.S. ransomware attacks are rapidly increasing. In Q3 2020 alone, the daily average number of attacks essentially doubled in frequency. While ransomware variants also continue to evolve into more sophisticated threats, perhaps the most troubling datapoint is that the U.S. has become the most targeted country, with attacks jumping as much as 98% in the same timeframe.
These statistics illustrate a persistent onslaught of threat actors that could indicate 2021 will be our most challenging year yet in combating ransomware in the enterprise. What's important to understand is that the attacks don't just attempt to execute a lockout or encryption of data anymore, but are increasingly aimed at extraction or stealing data from organizations. While some cybercriminals may sell the data on the Dark Web, others may threaten to leak the data for a higher payout on the ransom. We predict that this will become hackers’ ransomware end game -- though the risk of detection rises along with the potential payday. Granting ‘least privilege’ is essential in preventing unauthorized access to business-critical systems and sensitive data by both external actors and malicious insiders. Striving towards zero-standing privileges and only granting just-enough, just-in-time access to target systems and infrastructure can limit lateral movement that could lead to data exfiltration and additional damage."