Home office hardware and firmware are increasingly being targeted by cyber attackers. Ransomware is becoming big business with a competitive market. With increasingly professional methods, attacks become more complex. Statement from Liviu Arsene, Global Cybersecurity Researcher at Bitdefender
For the experts at Bitdefender Labs, the next year will be dominated by the following:
- The home office is becoming the focus of attacks on company information.
- Firmware attacks are attacked to the standard and micro-container more intensely.
- The competition among ransomware groups exacerbates the security situation for companies and private individuals.
- New industries are also coming under fire.
- Threats are becoming more complex and mature.
2020 is an eventful year that is drawing to a close, and IT security has also been subjected to new tests. But cyber security will also face major challenges in the coming year: Home office hardware and firmware are increasingly being targeted by cyber attackers. There is diversification in a competitive cybercrime economy. Ransomware is big business in a competitive market. As the degree of professionalism continues to rise rapidly, attack methods are also becoming more and more complex. At Bitdefender, we've rounded up five key areas that will see particular cybercriminal activity in 2021.
Corporate data target
Disclosing sensitive information will be the new normal in 2021 and the home office will be the gateway. Because here users make compromises in terms of cyber security for the sake of convenience and undermine the security efforts of companies. Inadequately protected private hardware or home routers are just as risk factors as the sending of information via unsecured channels that have not been approved or monitored by IT: messengers, private mail or cloud services for processing documents.
Small and medium-sized businesses in particular had to move quickly to home offices in 2020. Hackers will exploit the numerous security gaps that have emerged over the next 12 to 18 months.
The pressure on corporate IT and DevOps developers is also increasing. Incorrectly configured servers in the cloud help with unauthorized access. In addition, those responsible unintentionally reveal databases or hard-coded passwords.
Firmware and container in sight
Attacks on the firmware were previously considered too complex and difficult. They will become widespread in 2021 as competition among cyber criminals intensifies. Therefore, they want to dig deeper into the compromised systems. In the future, they will abuse tools such as RwEverything to attack firmware that is incorrectly configured by the manufacturer and that does not block unauthorized overwriting. With ransomware, they will try to lock devices and render systems unusable.
More and more malware is also attacking incorrectly configured or inattentive micro-containers. An increase in such cases could already be observed in 2020. The experts assume attacks on these IT resources, which are used for a wide variety of purposes - from crypto mining to pivoting in networks.
Ransomware groups are fighting for market leadership
Since 2014, the lucrative ransom extortion market has attracted many players and triggered competition that threatened the existence of criminal operators of attack structures. The result is more diversified and sophisticated malware that makes it difficult to decrypt the data. The ransomware plays its payload on time. The authors of Trickbot malware, who also designed the Ryuk ransomware, are currently testing a long-life attack technique based on a new Unified Extensible Firmware Interface (UEFI). With it, the malware defends itself against being removed.
At the same time, ransomware is becoming even more of a service offering. Malware-as-a-Service (MaaS) is a competitive market and new participants are added every day. The actors behind the Maze network became known in 2020 for first stealing data and then blackmailing the victims. After their announced withdrawal, the successors are ready: The group around MountLocker is apparently preparing new campaigns and is looking for partners.
Shifting the targets of attack
Hackers will attack new targets more intensely, such as private routers and computers. And here, too, a certain degree of commercialization is involved: specialists will rent out access to the hardware to command and control groups or offer it to infrastructure operators on a large scale as proxy nodes for malicious purposes.
MacOS and Android-supported devices will also be targeted by Advanced Persistent Threats (APT) in 2021. Malware families such as Joker, HiddenAds or bank trojans were only harbingers of this. A trend towards commercialization is shown by campaigns in which malware was distributed via the Google Play Store in 2020.
New high point in illegal crypto mining
In addition, experts expect a new high point in illegal crypto mining. People around the world are preparing for the financial aftershock after Corona. Therefore, the well-known crypto currencies have significantly increased in value and trustworthiness. Specialists will endeavor to infect crypto money or to covertly use private IT resources and data center infrastructures for mining.
The logistics industry is also coming under increasing fire. Attacks on transport companies that transport corona vaccines gave a foretaste. Politically motivated strikes against the supply chain in 2021 will increasingly affect industries that have so far hardly been affected, such as real estate and healthcare - to extort ransom or to engage in industrial espionage.
The new normal for attacks
As-a-service is becoming a successful business model for cyber criminals. That is why they continue to expand their portfolio. Disguising attacks or APT will be part of the range of services in the future. Small and medium-sized companies in particular are poorly positioned against such professional attackers and are not at eye level with the attackers.
Phishing is becoming more and more sophisticated. The pandemic-induced home office has accelerated this trend. The e-mails no longer reveal themselves through typing errors, incorrect terminology and obviously incorrect layouts. They also take up current issues. For example, spam and phishing attacks or fraudulent offers relating to corona vaccination can be expected in 2021 - via email, SMS or smartphone. Social engineering will further improve the efficiency of targeted campaigns. So exposed people will be lured with geopolitical content. These APTs arise in the context of penetration tests with which hackers try to extend hijacked privileges, to move in company networks, to spy out and exfiltrate passwords and information.
DLL sideloading (DLL hijacking) is on the rise in widespread applications. For example, attackers execute malicious code in the context of an inherently trustworthy process. In doing so, they circumvent firewalls, whitelisting and, under certain circumstances, even enterprise-grade security software. Such attacks will become the standard.
[starboxid=18]