Our partner Sophos has published the current Threat Report 2021. It provides a comprehensive overview of the current threat landscape for this year and provides assessments of the IT-security trends for 2021. It shows that ransomware and cyber criminals' rapidly changing behaviour will continue to be a threat in the future. Read the blog article to find out which three important cyber security trends the experts are predicting for the New Year.
Ransomware – the attacks are becoming broader and more specialized
Given the numerous high-profile ransomware attacks that have been launched this year, Sophos experts are expecting this trend to continue. Ransomware groups such as Ryuk and RagnarLocker will continue to fine-tune their strategies and tactics to target larger companies, demand millions in ransomware and maximise their profits. As the chart below shows, ransomware attacks have surged in recent quarters, and further spikes are to be expected in the coming year.
This year, it has been observed that cyber criminals have clearly distinguished themselves in terms of their capabilities and targets. However, a new trend is emerging, with ransomware groups increasingly joining forces and sharing best-of-breed tools. They are no longer operating as independent groups, but more like cyber-criminal cartels. On top of this, there is an increasing number of new arrivals who are working with ransomware for hire, such as Dharma, so they can attack a lot of targets with smaller ransom demands. Another trend is “secondary extortion” where not only do cyber criminals encrypt the data, but they also steal confidential and sensitive data, which they then make public if the demand is not met.
This year, experts reported that some ransomware families such as Maze even seemed to disappear. However, the same techniques and tools have resurfaced in the guise of a new ransomware, Egregor. No sooner does one threat disappear than another takes its place again, making it almost impossible to predict what ransomware attacks will look like in the future.
For IT-security teams, everyday threats like malware, botnets and opportunistic hackers trading acces data continue to be a major challenge. Attacks like these are designed to collect important data from their target and reuse it using command-and-control (C2) botnets. In addition, they scan compromised devices for any vulnerabilities, then sell this information to the highest bidders who can then use it to inflict even greater damage. This year, for example, Ryuk used the Buer Loader to plant ransomware.
In the New Year, protection against everyday malware should not be overlooked. The challenge is to draw the right conclusions from the multitude of alert messages and to detect major attacks in good time. This makes strong cyber resilience even more important. In our Cyber Security Guide 2.0, we show you 11 important ways of reinforcing your cyber resilience.
Disguised attacks via standard tools
By misusing commonly used, off-the-shelf programmes, cyber criminals can move around the network under the radar until they launch an attack. This poses a challenge to traditional security approaches, as the use of programmes like these does not automatically trigger an alert. This is why new approaches are needed, for instance proactive threat hunting, which can correctly identify even minute anomalies and traces of an attack – for example, if a standard programme is run at the wrong time or in the wrong place. With functions such as Endpoint Detection and Response (EDR) you benefit from valuable pointers that help to immediately track down potential intruders.
Other trends from the Sophos Threat Report 2021 include:
- COVID-19 has had major implications for IT-security. Working from home presents new challenges because the company’s security perimeter has to be distributed across many different home networks, all of which are based on highly variable levels of security.
- Applications that have traditionally been labelled as “potentially unwanted” (PUA) because they deliver a plethora of advertising (but which are not malicious) are becoming increasingly indistinguishable from overt malware.
- Server attacks: cyber criminals target server platforms running Windows and Linux, and then use these platforms to attack organisations from within.
- Standard services such as RDP and VPN remain a focus for attackers. In the process, RDP is also used to propagate more widely within the networks…
- …and of course, the challenges associated with the growing use of cloud services.
In the New Year, cyber security will continue to be one of the most important success factors in remaining competitive in the future! That is why you should take the appropriate measures today rather than tomorrow, and consult our cyber security experts.
You can download the complete Sophos Threat Report 2021 here. You can find out more about the trends and receive detailed assessments and background information.