Security Week 48: APT Perspectives for 2021

Last week, Kaspersky Lab published detailed statistics on the evolution of cyber threats for the third quarter. Together with it, forecasts for the development of targeted attacks for 2021 were presented. Traditional massive threats this year changed under the influence of the pandemic and the massive shift of office workers to remote work: in the second quarter, the number of DDoS attacks increased, and spam and phishing spammers responded to the changes in the environment. On the whole, business has become more vulnerable to cyber attacks: it has become more difficult to maintain the defense of the already fairly conventional “corporate perimeter”.

The organizers of targeted attacks have also responded to the pandemic. This year, attempts were made to penetrate the computer networks of research centers developing a vaccine against coronavirus, phishing attacks on employees of the World Health Organization, attempts to illegally obtain subsidies for business through attacks on government agencies in the United States. One of the obvious predictions for 2021 is the further development of attacks of this type – COVID-19 and its various consequences will affect our lives for some time to come.

Other predictions of Kaspersky Lab experts for 2021 published separate document… Let’s consider them in more detail.

Links to Q3 2020 Threat Evolution Reports:

The second “coronavirus” forecast: Kaspersky Lab experts expect an increase in the intensity of attacks on network devices, including VPN gateways. The more employees connect to corporate resources remotely, the more “interesting” attacks on the infrastructure that provide such a connection become. At the same time, it is predicted that organizers of targeted attacks will interact more closely with “ordinary” cybercriminals, in particular, to purchase data that provides primary penetration into the corporate network. For organizations, this means that even a routine incident of common malware infecting a work computer can lead to serious data breaches if not responded in time.

Just like last year, further development of cyber ransomware is predicted. If in 2020 it was predicted a simple transition from “large-scale” attacks using Trojans-encryptors to targeted ones, then in 2021 cyber groups will test new methods of obtaining ransom on victims. Examples are already encountered: repeated demand for ransom after decrypting the data (information is downloaded to the attackers’ servers, they ask for money for non-proliferation of data), attacks on patients of a medical clinic after identity theft from there.

Kaspersky Lab experts admit an increase in the number of destructive attacks on infrastructure, affecting a large number of people, when the disruption of computer systems leads to the inoperability of means of payment, mail, disables supermarkets, schools and hospitals, and public transport. The new expected trend of 2021 is the search for vulnerabilities in 5G. Even the less dangerous holes in the next generation networks will be loudly discussed in the media due to the increased attention to this topic, the abundance of conspiracy theories and the difficult political environment.

Finally, two predictions relate directly to the activities of government-sponsored cyber groups. More active disclosure of the methods of work of the attackers from the “opposite camp” is expected. This will not only have political implications, but also increase the cost of the cyberattacks themselves: already developed tools will more often become useless as a result of the release of technical data. Finally, large companies can actively fight the nominally legitimate zero-day exploit brokers. A relevant example is legal action Whatsapp to NSO Group: Presumably the tools of this cyber attack developer were used to hack the messenger and access the correspondence.

What else happened

Facebook closed vulnerability in the messenger of the social network, which allowed eavesdropping on subscribers’ conversations. In detail bugreport Google Project Zero expert Natalie Silvanovich describes the reason: an error in the implementation of the WebRTC protocol, which activates the microphone before the user answers the call.

In Firefox version 83 appeared function HTTPS-Only Mode, while enabled at will. When activated, an error will be displayed if you connect to websites via HTTP, without encrypting traffic.

In January 2021, Google will require Chrome extension developers to clearly state what user data is collected. It looks like new demand Apple to application developers is also recently introduced.

Serious a leak data from the religious service records of 10 million users were shared.

Scientific research shows (news, scientific Work, discussion on Habré), how the sensors of robotic vacuum cleaners can be used to spy on the owners.

Similar Posts

Leave a Reply