Our dependency on technology for different aspects of our everyday lives is one thing that’s likely to spill over into 2021 and beyond. Coronavirus has normalised the concept of social distancing and has continued to keep us bound to our homes as we have entered the new year. The reliance of technology to communicate with the outside world has continued to grow, and means that while many continue to operate in lockdown, we require technology to do so.
This involves the world of work, worryingly, when companies and their increasingly dispersed employees had to adapt overnight to full time remote working, this change helped generate a near-perfect storm of cyber security challenges. It is only normal that the potentially indelible mark that the pandemic has left not only on our working habits, but also on the myriad cyber risks posed by organisations and the effect off-site workers can have on your businesses cybersecurity and communications.
What COVID-19 taught us and continues to teach us
Not only did the pandemic teach us how to function from home, but also how businesses can build, create and implement measures within a matter of weeks. Relocating entire workforces would usually have taken months of preparation, endless meetings and then more planning before being signed off by multiple parties. But when faced with being told by the Government that you are no longer allowed into your workplaces (where possible), it was interesting how easily these reforms came into effect – and even hit the ground running when push came to shove.
Remote working in one way or another is here to stay for the long haul, but it needs close management and a continuous review of security at the centre to function effectively. Organisations need to ensure that management and security practices play an equal role in helping them operate smoothly with minimal disruption, which in turn protects their employees and the company.
In protecting workers, preparation can go a long way and when it is administered regularly and in small doses, it works best. This can be, for example, by fast reminders in products about the importance of safe communication and cybersecurity knowledge to keep people alert but without frustrating or trying to frighten them. Cyberattacks were already on the rise prior to COVID-19, and the pandemic and the subsequent lockout only intensified this danger. Cybercriminals have pounced on the inherent vulnerabilities of scattered employees and their IT structures, from phishing scams to COVID-19-related malware, in order to find certain cracks to exploit.
For several organisations, the overnight change in our culture of remote work has been crucial in showing that it works and it will continue to work. However, we must never become complacent.
Ransomware is predicted to increase
Today, ransomware is prominently associated with file and information encryption and locking access before a fee is paid and a method of decryption is provided – at least you hope that’s all it is.
A new technique may not be exfiltration combined with extortion, but it is definitely a growing trend. Attacks take the form of bad actors exfiltrating, then encrypting a copy of confidential data into their own system and then locking access to the data on the devices of the victims. When no ransom is paid, the confidential data is then put under threat of being released and sold or auctioned off. Usually, this approach is a long-play scenario on the part of the attacker, since they need to gain access to the network, locate the confidential data and then exfiltrate a copy into their own environment. Consider, for a moment, the cybercriminal incursion: businesses are becoming smarter, deploying technologies that thwart attacks, build resilient backup and restore systems, and display less relevance to handing over cash. Instead of relying on a single type of threat: infect and encrypt, the bad actors need a “Plan B” to be able to monetise their effort and create resilience in the attack.
It is important to finance the additional skill set and time required and this can be seen with the changing demands made by cybercriminals. A major incident that is worth mentioning happened in May of last year- Grubman, Shire, Meiselas & Sacks Law Firm came under attack in the form of ransomware. Page Six announced that the A-list law firm Grubman, Shire, Meiselas & Sacks was the focus of a hacker group that goes by the name REvil. The Sodinokibi ransomware was used by REvil to carry out their attack.
Initially, to avoid the disclosure of 756 GB of sensitive customer data, the attackers requested a payment of $21 million. However, with the law firm refusing to give up the sum, they doubled the demand to $42 million. Since then, they have published data on many celebrities, including Madonna and Lady Gaga, and continue to auction off more data. With many more ransomware attacks since then, this is a pattern that is likely to continue.
In order to fend off dedicated cybercriminals who request a ransom payment, thwarted attacks or vigilant backup and restore processes will no longer be enough. Despite being more resource-intensive and requiring patience, the progress in monetising due to a change in methodology provides cybercriminals with an improved chance of returning on investment (ROI).
Threat actors will become increasingly harder to detect
The security community started talking about “fileless malware” attacks some time ago, piggybacking on the operating system, exploiting them for malicious purposes. In other words, without the need to drop additional executables on the victim’s system, the incursions co-opt pre-installed applications.
The main part of an organisation’s approach to fending off fileless malware in 2021 involves improving internal processes and procedures that allow integrating technologies and people in order to track the entire lifecycle of a threat, from the moment an attacker seeks initial entry into a system all the way before achieving data exfiltration or some other form of nefarious action. As a result, multiple layers of technology need to be considered. Before, during and after an attack, they allow visibility.
Fileless threats have been rapidly developing and these approaches are expected to be used in more complex and larger-scale attacks in 2021. This situation illustrates the need for security teams to build processes using tools and technology that not only prevent malicious code from breaching computer systems, but also have capabilities for detection and response, long before their mission is accomplished by these attacks.
Since March 2020, the volume of phishing threats rose considerably, with businesses facing an average of 1,185 attacks per month. Security company KnowBe4 reported in its Q1 2020 Top-Clicked Phishing Study that COVID-19-related phishing email attacks rose in the first quarter of the year by 600%. According to the company, 45% of all phishing attacks asked users to either search or type malicious domains that spoofed legitimate ones with their passwords.
COVID-19-related themes were used in the second most common phishing attacks to generate urgency and anxiety among recipients worldwide. The remainder of the phishing attacks targeted social media users specifically and requested possible victims to check their emails for new login updates, resets of passwords and unauthorised access alerts.
Hackers are opportunists and will use any opportunity to take advantage of the elevated emotions of people in crisis situations such as this one by attempting to persuade them to click on a malicious connection or download an attachment laced with malware. It is no wonder we’re seeing an influx in coronavirus-related phishing attacks, because people are actively searching for more knowledge about it. For any email you receive relevant to COVID-19, end users should be extremely vigilant and report suspicious looking emails immediately as this will only continue.
Growing number of threats targeting user’s mobile devices
Mobile device security will be the fastest rising cyber security category, according to Analysys Mason’s forecasts for business networking, communications, IoT and security in 2021. The value of mobile security has been highlighted by COVID-19. Enterprises have been slow to protect mobile devices, but will pay more attention to this because during lockdown they had to rely on mobile devices, even with new security threats continuing to emerge. The spend of mobile security is forecasted to increase by 14.6% by 2027 to reach almost $103.45 billion.
Remote work has doubled in 2021, which gives cyber criminals even more of a chance to attack devices that aren’t secured and can be easily attacked. Mobile security hazards are overlooked by too many organisations who don’t take action until they are under attack. The average cost of a corporate data breach was $3.86 million in 2020. 2020 recorded more mobile app breaches and data leaks than all of 2019. This is just going to keep increasing in 2021 if your organisation doesn’t take action now to review your mobile security policies and pay greater attention to how organisations can secure their mobile devices and methods of communications.
Digital transformation in 2020 had been accelerated by pandemic-induced changes, but the coming year is ushering in new challenges for organisations that should continue to implement technologies that allow them to extend their visibility into anomalous activity, and control it. It is therefore important for organisations to be equipped with the necessary technological resources and a team of qualified individuals who help identify events early and respond to them. As we’ve seen in 2020, we can never know what will happen in the year ahead, but we can certainly plan now for the best ways to protect your organisation from cyber attack in 2021 and thereafter.
If you require further assistance feel free to reach out to our team for more information on this article. To sign up for a free trial of SaltDNA or to talk to a member of the SaltDNA team, please contact us on firstname.lastname@example.org.
SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more information visit SaltDNA.