Cyber landscape predictions
FireEye Mandiant has delivered its cyber landscape predictions for the coming year, including growing and affiliate-supported espionage, increased targeting of OT by ransomware, and continued targeting of healthcare.
Due to COVID-19 pandemic, the cyber activity has been dominated and will continue into future. The techniques learned and used through the recent times will expand beyond these pandemic days. Cyber espionage is a good example. There have been many recent stories about cyber espionage attacks evolving and increasing across the world.
Russia, China, Iran and North Korea are not going to basically change from their current flow. But we can expect more cyber espionage activity from China because of their development in threat apparatus with regard to espionage.
Some of the countries such as Vietnam and South Asia that are just now getting into the cyber espionage business will turn to third party intruder vendors for tools and capability enhancement.
Also they expects to see ransomware continue to evolve and expand. Ransomware is something that is a real strategic concern. There are affiliate models expand, where different threat actors combine leading to a huge amount of specialization within the overall process. Some of the actors develop the ransomware, but work with others that specialize in gaining the initial access, and post-compromise exfiltration; all leading to a broader criminal ecosystem.
The stolen data would be considered as an extra incentive for payment, or selling or exposing it if the victim still refuses to pay. There would be increasing pivot towards ransomware targeting operational technology which needs to be observed keenly because of the potential for real world harm. Paying a ransom could be considered contrary to the interests of national security.
But the pandemic and effects of the pandemic will continue to affect the cyber landscape through 2021. There were no directly COVID-related phishing has been reported in 2020.Over the initial days of pandemic and Coronavirus was only featuring in around 2% of phishing emails. The majority of phishing emails are still using traditional methods such as fake password resets and other lures that have been used for years.
The increase in phishing can’t be considered because of the pandemic, and that phishing can be continue to grow even after the pandemic eases. Spear-phishing will remain the most popular entry route for compromises. The cyber space needs to focus on intrusion techniques that don’t require victim interaction like web facing exploitation and password spraying.
One of the major issues through 2021 will be the organizations’ transition to a more expansive ecosystem due to increased remote working. As organizations starts working remotely, there is a push towards more niche areas for security, which is from virtual conferencing to productivity platforms.
There will be much more expansive ecosystem which overlaps with cloud security; a lot of these will be outsourced, working with third parties (with different providers for different services). These wider ecosystems were already evolving beyond the network perimeter. One thing with cloud that we will be watching is the issue around responsibility and the dynamic relationship between users and providers. Each of the organizations will need to make the decisions accordingly with the ownership of their data in the cloud, where unintentional exposure is a growing problem.
The security firms have been interested in adversary behaviour. Now-a-days user behaviour is a major problem likely to worsen with increased cloud usage. One of the issues that will play out in 2021 is whether adversaries can take advantage of this new ecosystem faster than security teams can learn how to defend it.
A lot of different departments are coming up in different directions like marketing, security and so on. You potentially have a marketing team experimenting with virtual conferencing platforms that may not automatically be perceived as part of the security team’s purview. But if someone in marketing sets up a new virtual conference platform or new social media manager, is that going through the right channels — because a lot of those areas have quite serious security issues. This might affect security teams have been involved with company-wide cloud system usage.
Any compromise in corporate social media account with hundreds of thousands of followers could lead to huge reputational damage. So, you have parts of the network that need to be secured, but are being run out of areas that are not usually seen as traditional security areas. Managing each and every areas the network in the remote world is very much important.