2021 Cyber Threat Trends Outlook

2021 Cyber Threat Trends Outlook

The socially distanced society caused by COVID-19 and the acceleration of digital transformation has made businesses and organizations more vulnerable to newly developed threats and attacks every single day. There are prominent and well-known threats, however, ransomware is definitely the main threat to look out for in 2021. It is predicted that advanced and targeted ransomware attacks will continue to increase globally in 2021.

 

What is Ransomware and How Does it Work? 

Ransomware is a type of malicious software. The hacker uses the code to encrypt the system or network so that it cannot be accessed by owners, and takes advantage of the situation to request money in return. 

During the attack process, ransomware gains access via emails, links, web pages, and controls the system by downloading untrusted pages or programs, paralyzes the software, and delivers ransomware in the end. In the early days, it was mainly distributed in the form of document files or screen saver files, however, the methods have been diversified recently. Moreover, it became easier for ransomware to be downloaded from macros, JavaScript, and subtly disguised document files.

The ransomware attack was first carried out in earnest around 2005. However, with the rise of cryptocurrency in 2013, the name ransomware finally began to take off. In addition, hacking organizations have been demanding cryptocurrency instead, and this made things even more difficult to track back to the hacker group. 

Looking at the types of ransomware in recent years, unlike the previous method that attacked an unspecified number of people, many are now targeting specific companies or organizations. Ransomware attacks are expanding in all-around industries, including service, manufacturing, and healthcare.

As such, modern ransomware attacks targeting various fields take the form of intimidation by stealing important corporate information, customer personal information, and payment information. Many companies are suffering from tremendous damages due to advanced persistent threats (APTs) that distribute ransomware to corporate vulnerabilities and then finally leak stolen information or sell information on the dark web.

 

Cyber Attacks Today

Maze ransomware

Maze, one of the most notorious hacker groups took a double threat strategy in 2020 by exposing credentials as soon as the organization didn’t pay what they asked for. This hacker group was the first to use a strategy that raised the level of intimidation by creating a website called ‘Maze News’ to disclose hijacked data. This incident affected several large corporates such as Canon, Xerox, and Cognizant. Since then, many hacker groups have been conducting money-making ransomware attacks centered on the dark web by imitating Maze’s strategy.

 

Garmin

Garmin, a smartwatch brand in the United States that occupied the third-largest share of smartwatches globally (after Apple Watch and Samsung’s Galaxy Watch), suffered an accident in which the service was paralyzed by ‘wastedlocker’ ransomware attack in July last year. 

Garmin’s core function, Garmin Connect, which attracts sports enthusiasts as the main audience, was discontinued as well as customer support services and other sports-related services and caused great inconvenience for the users. The hackers demanded Garmin USD 10 million in return and Garmin had to pay the attacker millions of dollars of decryption costs to settle the situation.

 

Bakker Logistiek

On the 12th of this month, it was announced that Bakker Logistiek, the largest logistics service provider in the Netherlands, suffered from a ransomware attack that paralyzed the Dutch supermarket cheese supply system. Bakker Logistiek was attacked by ransomware that encrypted network devices, and it eventually disrupted food transport, fulfillment operations, the supply of certain foods and cheeses from Albert Heijn, the largest supermarket chain in the Netherlands. 

Although they couldn’t figure out who was behind this attack, it is presumed that they accessed the system by exploiting the vulnerability of MS Exchange Proxy Logon. Bakker Logistiek spokesperson, Toon Verhoeven, said the firm had worked hard to get systems back online over the past week and that stocks were finally being shipped.

These are only a few examples of attacks targeting large corporations with a large amount of data, unlike hacker groups targeting an unspecified majority in the past. Targeted attacks have been prevalent in recent years, and it can be expected that the trend will remain unchanged in 2021 and will likely be advanced in the future. 

 

How to Prevent Ransomware? 

It is difficult to respond to targeted attacks that are in various forms with only one specific solution. Rather than solving a problem by responding to each new attack, building a robust security system from scratch in a way that accumulates new methods in the existing response method may be a more suitable countermeasure for targeted ransomware attacks.

Businesses need to comprehensively strengthen multiple security points to avoid the dilemma of having their key assets held hostage and contemplating financial compensation. On the physical side, the direct intrusion of an attacker must be prevented by securing the endpoint, blocking network intrusion, and strengthening the security of the webserver.

If there is a security mechanism that can detect cryptographic behavior and prevent cryptographic attacks, it can be even more helpful in preventing targeted attacks. At the same time, it is also important to prevent exposure of key privileges due to mistakes made by employees through security training sessions.

Ransomware attacks may assume that solving the issue financially could be the only solution, but this cannot be the fundamental solution. It is expected that cyber threats aimed at rapidly increasing socially distanced activities such as telecommuting, distance education, and online consumption will increase throughout 2021. 

Businesses and individuals also need to continually update their security measures and minimize the likelihood of cyberattacks. In addition, as attacks aiming at the loopholes of corporate emails are unavoidable, therefore deploying basic security management such as paying attention to emails and URL links of the unknown must be thoroughly carried out. Finally, it is highly recommended to establish a regular backup system within the corporate. 

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security