Security experts Sophos, Kaspersky evaluate shifts in global cyberattacks in this time of the pandemic
THE future of cybercrime and cyberattacks will be defined by the increased use of bots and even artificial intelligence, but ways to defeat them may be more real-world and legal, while detecting and thwarting them still very much technical and virtual.
Indications from Sophos’ Threat report looks are ransomware trends while Kaspersky’s comprehensive “Advanced Persistent Threats in 2021: new threat angles and attack strategy” both point to significant changes in the way cybercriminals will approach intrusions into systems and networks.
“The ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets. However, we’ve also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative ‘cartels,’” Chester Wisniewski, principal research scientist at Sophos said.
The pandemic both opened and shut doors for cybercriminals employing less sophisticated tactics like phishing. In a Kaspersky report, it was noted that though there was an increase in phishing attempts, users have also been mindful, with the help of scanners and monitors to stop these attempts at the beginning. This is why cybercriminals are revising approaches and looking for less obvious vulnerabilities.
“We live in a world that is so mercurial that it is likely that events and processes will happen in the future that we have not been able to grasp just yet. The amount and complexity of changes we have witnessed that have affected the cyberthreat environment could dictate many scenarios for what is to come ahead. Furthermore, there are no threat research teams in the world that have full visibility of the operations of APT threat actors,” says David Emm, principal security researcher at Kaspersky.
The Sophos 2021 Threat Report, for example, flags how ransomware and fast-changing attacker behaviors, from entry-level to more advanced missions, will shape the threat landscape and IT security in 2021. It said that analysis of Sophos’ threat hunters, rapid responders, as well as Cloud security and AI experts, provide a three-dimensional perspective on security threats and trends, from their inception to real-world impact.
The report spotted three key trends:
- The gap between ransomware operators will increase. At the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques, and procedures (TTPs) to become more evasive and nation-state-like in sophistication. At the other end, Sophos anticipates an increase in entry-level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma, that allows them to target high volumes of smaller prey.
- Everyday threats such as commodity malware, including loaders and botnets, or human-operated Initial Access Brokers, will demand serious security attention. Such threats are designed to secure a foothold in a target, gather essential, and share data back to a command-and-control network. If human operators are behind these types of threats, they’ll review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder.
- All ranks of adversaries will increasingly abuse legitimate tools, well-known utilities, and common network destinations to evade detection and security measures and thwart analysis and attribution. In 2020, Sophos reported on the wide range of standard attack tools now being used by adversaries.
“The pandemic both opened and shut doors for cybercriminals employing less sophisticated tactics like phishing…This is why they are revising approaches and looking for less obvious vulnerabilities.”
Kaspersky researchers said in their report “Advanced Persistent Threats (APTs) in 2021,” the landscape of targeted attacks is in constant change because of the structural and strategic changes imposed by the pandemic.
The forecast was developed based on the changes that Kaspersky’s Global Research and Analysis Team (GReAT) witnessed during 2020 and have been published to support the cybersecurity community with some guidelines and insights.
One of the key, and potentially most dangerous, trends that Kaspersky researchers anticipate is the change in threat actors’ approach to the execution of attacks. Last year targeted ransomware attacks reached a new level through the use of generic malware as a means to get an initial foothold in targeted networks. Connections between these and well-established underground networks such as Genesis, which typically trade in stolen credentials, were observed. Kaspersky researchers believe that APT actors will start using the same method to compromise their targets.
As a result, organizations should pay increased attention to generic malware and perform basic incident response activities on each compromised computer to ensure that generic malware has not been used as a means of deploying more sophisticated threats.
Other targeted threat predictions for 2021 include:
- More countries using legal indictments as part of their cyber-strategy. Kaspersky’s previous predictions of ‘naming and shaming’ of APT attacks carried out by hostile parties has come true, and more organizations will follow suit.
- More Silicon Valley companies will take action against zero-day brokers. Following the scandalous cases where zero-day vulnerabilities in popular apps were exploited for espionage on a variety of different targets, corporations are likely to take a stance against zero-day brokers in an effort to protect their customers and reputation.
- Increased targeting of network appliances will happen as remote work becomes the norm, organizational security a priority. Exploiting network appliances such as VPN gateways will emerge. Harvesting credentials to access corporate VPNs via ‘vishing’ remote workers may also appear.
- Changes in ransomware gangs’ strategy is leading to the consolidation of a still diverse but rather tight ransomware eco-system. Following the success of previous targeted attack strategies, more major ransomware players will start focusing their activities and obtaining APT-like capabilities – with the money the gangs have extorted they will be able to invest large funds into new advanced toolsets with budgets comparable to that of some of the state-sponsored APT groups.
- More disruptive attacks will result from a directed orchestrated attack designed to affect critical infrastructure or collateral damage—as our lives have become even more dependent on technology with a much wider attack surface than ever before.
- The emergence of 5G vulnerabilities. As adoption of this technology increases, and more devices become dependent on the connectivity it provides, attackers will have a greater incentive to look for vulnerabilities that they can exploit.
Attackers will continue to exploit the COVID-19 pandemic. While it did not prompt changes in tactics, techniques and procedures of the threat actors, the virus has become a persistent topic of interest. As the pandemic will continue into 2021, threat actors will not stop exploiting this topic to gain a foothold in target systems. – Raymond B. Tribdino