It seems that Cyber criminals are busy as they also “work from home”. Attacks are on the increase. Companies should prepare themselves for ever more sophisticated attacks in 2021.
Criminals are already using Malware-as-a-Service and polyglots to carry out complex attacks that are difficult for security solutions to counter
Andreas Lüning, co-founder and CEO of G DATA comments, “The coronavirus crisis has clearly shown us that a secure IT infrastructure is as existential as the supply of electricity or water. Unfortunately, cyber criminals are also taking advantage of the current push towards digitalization for their own ends and will increase their attack efforts in the future. In doing so, they are also starting to rely on automated attacks to infiltrate networks. Anyone who does not invest in IT security now is taking a gamble, with the benefits of digitalization at stake.
Criminal hackers are always looking for new tricks to hijack networks, PCs or mobile devices. They are increasingly using malware suites that combine different types of malware such as keyloggers, information stealers and ransomware. The attackers do not even have to develop the software themselves. They simply assemble the individual parts. They acquire the components for this as Malware-as-a-Service in underground forums. This process is the logical continuation of an existing trend. Users who become victims of such an attack lose their digital identity in one fell swoop. This is because the attackers either re-use the login data or sell it themselves in the dark net. And even if victims have paid a ransom to prevent the publication of their personal data, this is no guarantee that the data will not be published anyway.
Another trend is that cyber criminals are combining harmless files with malware to undermine security solutions. In so-called polyglot attacks, for example, the attackers link a harmless *.exe file with a malicious *.jar file. At the same time, malware is becoming smarter. Using simple mathematical methods, the malware determines the victim’s financial status and adjusts the ransom demands for encrypted data accordingly. The presence of Bitcoin wallets, or an extensive collection of PC games, for example, can serve as indicators that provide a possible clue to the victim’s financial strength.
Smartphones still remain an attractive target for cyber criminals. The danger is set to increase through so-called fleeceware apps. These apps offer short, free tests, leading to monthly subscriptions and in-app purchases that subsequently add up to hundreds of euros a year. The in-app purchases are indispensable for using certain app functions, optional extensions or extras. Especially perfidious is aggressive online advertising and fake five-star ratings to convince unsuspecting users to install the apps.
A rethink is needed in the area of mobile security. In the coming year, companies will experience attacks on employees’ smartphones as they are no longer used just for communication. Thanks to people working from home, the business mobile phone has gained in importance. Over and above it being a mere means of communication, it is part of the security architecture with two-factor authentication. However, many companies have not yet thought this strategy through to its conclusion. For example, many managers still have to work out what happens if employees lock themselves out of the two-factor procedure, for example if the device is stolen or lost. Basically, they have to find new ways for on- and off-boarding in times of coronavirus and beyond. This requires a shrewd mix of security and usability. Only then will modern security procedures bring added value for companies and employees.
The number of attacks on small and medium-sized enterprises is set to increase sharply. These are the companies that still believe their networks and websites are secure enough because they are not a worthwhile target for criminal hackers. But this is a misconception, because criminal hackers have realised that these companies also offer them an opportunity to make quick and easy money. Small and medium-sized enterprises especially should deal more intensively with the subject of IT security. Moreover, in increasingly interconnected supply chains, they provide a loophole in cyber defence to infiltrate larger companies. What many companies are not aware of is that attacks today are increasingly carried out fully automatically – for example when a new vulnerability is published. Therefore a company does not have to be particularly ‘interesting’ in order to become a target. Thanks to the increasing division of labour among criminal groups, some take care of the initial infection and then sell the access data to other groups. The latter then runs a ransomware attack, perhaps, to refinance the investment and to turn a profit.
Phishing is getting better and better and is reacting to current events within short periods of time. In the coming year, it can be expected that users will increasingly be offered vaccines instead of potency-enhancing drugs or face masks.
Phishing attacks are also relying more and more on well-known trust elements to make users believe that they are safe, such as HTTPS-encrypted connections to phishing sites. However, users should not be taken in by this. A green lock only means that communication with the website cannot be tapped – not that the content is legitimate.
There will hardly be time to relax or let your guard down, even if some sense of normalcy returns in 2021. But, with a mixture of the right security solution and critical attention to IT security issues, many IT security problems can be overcome – even in uncertain times.
“We expect that next year criminals will try to make users believe they have something like a “fast pass” to a coronavirus vaccination. If so, it is important to rely only on information from official authorities and to be critical of any shortcuts that are being offered” added Tim Berghoff,
Security Evangelist at G DATA.