In terms of general trends
1. Cloud and hybrid SOC versus on-premise
The time when it was just fashionable to have a SOC is over. The demand for commercial SOC services is growing in direct proportion to the increasing cybersecurity maturity of Russian businesses. As a result, the number of service providers providing services for connecting and maintaining the Monitoring and Incident Response Centers is increasing. However, based on statistics on projects of the current year, users are increasingly choosing a cloud service or a “hybrid” scheme based on the customer’s existing SIEM solution. The trend of transition to cloud SOC services continues to gain momentum from year to year.
2. Increase in the share of services provided according to the MSSP model
More and more large and medium-sized organizations are discovering managed services from service providers to provide information security services on a commercial basis.
In Russia, the MSSP model is just beginning to gain momentum, although, of course, it is still far from world indicators. More and more customers are beginning to trust service providers, outsource key IT and information security processes.
3.187 FZ will receive a new round in development
Over the past few years, the legislation of the Russian Federation in the field of information security has noticeably tightened. The introduction of information protection means in state organizations is regulated by orders of the FSTEC No. 17 “On approval of the Requirements for the protection of information that does not constitute a state secret contained in state information systems” and No. 21 “On approval of the composition and content of organizational and technical measures to ensure the security of personal data when their processing in personal data information systems ”.
This regulatory framework will need to be updated: both documents contain a specific list of solutions recommended for implementation, but some of them are already technologically outdated and unable to properly protect information systems from modern external threats. It turns out that institutions formally fulfill all the requirements for ensuring information security, but in reality their infrastructure remains vulnerable.
4. Increased cybersecurity spending focused on compliance
More organizations are expected to increase investment in their cybersecurity and data protection to avoid regulatory sanctions coupled with costly class and individual lawsuits from clients whose data has been stolen or compromised. Significant increases in cybersecurity spending, mainly to avoid unpredictable but potentially large legal and reputational losses, are likely to be the hallmark of many 2021 budgets.
5. Personnel hunger
More and more young specialists immediately after graduation want “everything at once” without having any significant experience in their luggage. They are not interested in going through a long and difficult path of training and development, gaining experience and competence. Qualified specialists, in turn, have been successfully employed for a long time. This problem is especially acute for regions with traditionally lower wages.
From the point of view of the attackers
1. Sophisticated ransomware attacks are on the rise
Ransomware as a service (RaaS) will become readily available to anyone capable of buying bitcoin or other digital currencies. Unlike a huge number of unprofitable startups, today’s cybercrime scene is characterized by maturity, high productivity and profitability: some groups develop sophisticated malware, others prepare large-scale attacks or provide multilingual phone support to victims to facilitate payment of bitcoin ransom.
2. Obsolete open source software to reduce cyber resilience
A lot of undocumented open source software (OSS) is a ticking time bomb poised to explode suddenly in many small, medium and large businesses. During the pandemic, most hard-hit businesses favored low-cost software development offers on all other criteria. As a result, they got consistent code quality and security in their software, including with the introduction of undocumented OSS components and frameworks to save coding time. Preoccupied with the WFH phenomenon, cybersecurity teams do not have enough time to test newly developed software that is ultimately deployed in a production environment amid chaos.
3. Bug Bounties to Continue Conversion to Penetration Testing
The pioneer of commercial platforms bug bounty continues to reinvent itself, offering next-generation penetration testing, red teaming and other services, either by subscription or one-off. It is noteworthy that in doing so, they usually pay their “bug hunters” for success. The global market for mass security testing and vulnerability disclosures has also been disrupted by countless community-driven startups and freebies like the Open Bug Bounty, with over 1,000 bug bounty programs to date.
4. Variants of password reuse attacks targeting third parties for Snowball
Despite the fact that 2020 was a record year for the number of stolen data and credentials, most of the hacked logins and passwords can be easily bought or found on the Dark Web and other hacker resources. Modern cybercriminals are shrewd and pragmatic: they prefer safe and inexpensive operations over sophisticated hacking campaigns with the attendant risk of being detected and prosecuted.
We have seen an impressive number of highly successful password reuse attacks targeting third parties this year, and we expect the number to grow even higher in 2021.
5. Increased external attack surface to simplify and accelerate cyberattacks.
Working from home has led to a record number of open IT and cloud resources, from open RDP and VPN servers to IoT devices and security device administration consoles such as secure email gateways or web application firewalls. Countless organizations have rushed to randomly digitize their critical business processes without taking any measures to ensure cybersecurity and data protection. In moving to public cloud providers and taking advantage of the wide range of benefits associated with new technologies, including Docker and Kubernetes, most organizations have not invested in the necessary security training for their IT staff.
In 2021, attackers are expected to begin their APT campaigns by looking for such unpretentious fruits, before exploiting costly zero days and carrying out time-consuming targeted phishing attacks.
6. Work from home to thwart and slow down DevSecOps adoption
DevSecOps has grown in popularity over the past few years. The combined efforts of software developers, IT people and cybersecurity teams undeniably bring agility, cost effectiveness, and will also dramatically reduce the number of these violations and incidents in the field of information security. The chaos and severe devastation of the COVID-19 pandemic has wiped out much of the effort, with people now working in isolation from home and having more tasks, reducing collaboration and communication with other teams. Homeland security training also doesn’t always work well.
7. Cybercriminals are increasingly using machine learning and artificial intelligence to develop more effective attacks
For several years now, cybercriminals have been using machine learning to automate and optimize all sorts of tasks and processes, from profiling victims to finding outdated systems more quickly. However, the hostile use of AI today is exaggerated: we are still very far from strong AI in 2020, and fundamentally new hacking methods are not taken into account with existing systems of machine learning and artificial intelligence.
Practical use of ML / AI will simply accelerate, amplify and diversify the vectors of exploitation and increase the efficiency of the exploit payload, which will ultimately affect more victims in a shorter period of time. The growing availability of machine learning frameworks and dedicated hardware capabilities available for hourly or monthly rentals will further drive the malicious use of AI by cybercriminals. In 2021, attackers are likely to become even more effective, faster and more organized thanks to adversarial ML / AI.