Navigating the “Next Normal”: 5 Cyberthreat Predictions for 2021

Candid Wüest, vice president of cyber threat research, Acronis
Author: Candid Wüest, VP of cyber protection research, Acronis

2020 has been a year of widespread digital strategy advancement and expansion. Unfortunately, for many companies, these changes weren’t the result of careful, deliberate planning by technology executives — they were driven out of necessity, primarily by COVID-19.

While 2020 began more or less like any other year, by April nearly half of the American workforce was working from home, relying on cloud services and remote tools for everyday business operations. As we all become more comfortable with this way of doing business, it’s unlikely that the traditional in-office model will be making a full return anytime soon — perhaps ever.

This cultural change comes with a slew of new security challenges that IT professionals must be prepared to address. Here are five trends that are likely to define the cybersecurity landscape in 2021.

1. Industrialized, personalized cyberthreats

While new cyberthreats are always emerging, we don’t expect traditional dangers like ransomware, botnets, and phishing to disappear anytime soon. On the contrary, these threats are increasing and evolving, driven in part by an explosion in data volumes and this year’s rapid, widespread transition towards work-from-anywhere business models.
As raw computing power and artificial intelligence becomes more widely available, cyberattacks are increasingly automated — cybercriminals can build and iterate new hazards with impressive speed. We’re seeing a greater degree of personalization in these threats as well, as targeted attacks are developed with information mined from social media and corporate websites.

Spear phishing campaigns have long since shown that when a cybercriminal is willing to put in the extra effort of individually tailoring attacks, they’re rewarded with a greatly-increased rate of success. The industrialization of malware and social engineering campaigns threatens to cause runaway damage to organizations worldwide if not properly addressed with comprehensive cyber protection solutions.

2. Purpose-built payloads

It’s clear that cyberattack personalization is becoming easier than ever. But it’s not only human recipients that must contend with this trend — your network is more exposed than you might realize.

There’s a lot that cybercriminals can glean about the systems and applications that make up your company’s network, just by mining social media and corporate websites. If they can manage to compromise an individual system on the network, it only speeds up the process — system tools like PowerShell and WMI may be used to reveal this information without setting off red flags.

Knowing not only the tools and services your company relies on, but also the active versions of each piece of software you’re running, allows cyberattackers to precisely identify exploitable vulnerabilities and construct an attack plan accordingly.

3. Fileless attacks will dominate

One prominent example of a less-traditional threat is fileless attacks. Though they aren’t brand-new, we’ve seen a sharp uptick in their use in the last couple of years — and this is one threat that traditional cybersecurity defenses aren’t designed to handle.

Fileless attacks are an example of “living off the land” tactics, in which cybercriminals exploit the features that already exist in their victim’s environment. Like the name suggests, fileless attacks don’t rely on file-based malware. They (usually) don’t generate new files when executing. Instead, they rely on system tools to retrieve and deploy payloads directly in memory.

Imagine this: a fileless attack begins with a malicious email containing a hyperlink. When the victim clicks this link, they’re taken to a website that prompts them to run a script — perhaps disguised as a program installer or video codec. The script quickly launches PowerShell, using it to retrieve malware from a remote server and execute it in memory — all without alerting the user’s cybersecurity solution that something is amiss.

Because system tools like PowerShell have many legitimate automation and scripting uses, detecting when they’re being abused is a serious challenge for most defenses. And this activity isn’t limited to individual systems — cybercriminals are increasingly going after service providers, hijacking their management tools to compromise scores of downstream clients in one fell swoop.

4. Attacks on business processes will increase

In the world of cybersecurity, the term “vulnerability” doesn’t always refer to exploitable software or hardware. Sometimes it’s the flow of business operations itself that’s susceptible to attack — and this attack surface is only increasing as more and more organizations shift towards a digital-first model.
We’ve seen an uptick in business process compromises, in which cybercriminals study an organization’s regular processes in order to find a weakness that they can exploit for financial gain. Malware may be involved, of course — if attackers can discreetly compromise a system on the target’s network, it provides an excellent window for this sort of observation.

One example might involve a business that relies on an automated tool for invoice generation. Once a cybercriminal identifies this process, they can specifically target the invoicing tool and force it to populate their own bank account number — rather than that of the business — into each future invoice. Done smoothly, such an act could easily go unnoticed by the organization for quite some time.

5. Expect more cloud service attacks as well

To say that the COVID-19 pandemic accelerated a shift towards remote work is an understatement. As companies rushed to adopt new technologies — including remote access tools, collaboration apps, and cloud services — many lacked the time to properly vet each available solution, as well as the budget to use proven vendors rather than free (often non-secure) alternatives. And if the organization lacks an IT expert with relevant training in their chosen solution, the odds of misconfiguration are high.

Cybercriminals naturally see cloud services as a juicy target — they aren’t always well-protected, and successfully attacking one service can effectively expose hundreds or even thousands of their client organizations. Client-side misconfiguration only increases the risk factor.

Once a cloud service is compromised, it’s fairly easy for an attacker to infect “official” patches with malware, or to lure unsuspecting victims into interacting with a phishing message — after all, end users trust their service providers. As businesses continue to rely on cloud services for essential operations, this prospect underscores the importance of budget prioritization and working with security-minded providers.

Staying safe in 2021

The dance is a familiar one: as cyberthreats evolve and criminals try new tactics, so too must modern businesses adjust their digital defense strategies. But one thing is increasingly clear this year — the old approaches to cybersecurity and data protection are no longer sufficient.

Cyberattackers are beginning to trend away from untargeted, file-based malware — and towards a world rife with fileless malware, supply-side attacks, and business process compromises. In doing so, they threaten to sidestep traditional defenses entirely.

At the same time, businesses are already struggling to effectively protect their entire workloads across multiple domains. Doing so requires robust solutions that integrate cybersecurity with data protection, as well as monitoring networks and endpoints for vulnerabilities and unconventional threats. It requires cyber protection.

2020 has been a tough year for businesses as well as for channel professionals. And while most have successfully navigated these rocky waters, it’s important not to let our guard down — 2021 will bring its own challenges.

Author Candid Wüest is the VP of cyber protection research at Acronis. Read more guest blogs from Acronis here.