Last week, Kaspersky Lab published detailed statistics on the evolution of cyber threats for the third quarter. Together with it, forecasts for the development of targeted attacks for 2021 were presented. Traditional massive threats this year were changing under the influence of the pandemic and the massive shift of office workers to remote work: in the second quarter, the number of DDoS attacks increased, and spam and phishing spammers responded to the changes in the environment. On the whole, business has become more vulnerable to cyber attacks: it has become more difficult to maintain the defense of the already fairly conventional “corporate perimeter”.
The organizers of targeted attacks have also responded to the pandemic. This year, attempts were recorded to penetrate the computer networks of research centers developing a vaccine against coronavirus, phishing attacks on employees of the World Health Organization, attempts to illegally obtain subsidies for businesses through attacks on government agencies in the United States. One of the obvious predictions for 2021 is the further development of attacks of this type - COVID-19 and its various consequences will affect our lives for some time to come.
Other predictions by Kaspersky Lab experts for 2021 have been published as a separate document . Let's consider them in more detail.
Links to Q3 2020 Threat Evolution Reports:
The second "coronavirus" forecast: Kaspersky Lab experts expect an increase in the intensity of attacks on network devices, including VPN gateways. The more employees connect to corporate resources remotely, the more "interesting" attacks on the infrastructure that provide such a connection become. At the same time, it is predicted that organizers of targeted attacks will interact more closely with “ordinary” cybercriminals, in particular, to purchase data that provides primary penetration into the corporate network. For organizations, this means that even a routine incident of common malware infecting a work computer can lead to serious data breaches if not responded in time.
Just like last year, further development of cyber ransomware is predicted. If in 2020 it was predicted a simple transition from "large-scale" attacks using Trojans-encryptors to targeted ones, then in 2021 cyber groups will test new methods of obtaining ransom on victims. Examples are already encountered: repeated demand for ransom after decrypting data (information is downloaded to the attackers' servers, they ask for money for non-proliferation of data), attacks on patients of a medical clinic after identity theft from there.
Kaspersky Lab experts admit an increase in the number of destructive attacks on infrastructure, affecting a large number of people, when the disruption of computer systems leads to the inoperability of payment instruments, mail, disables supermarkets, schools and hospitals, and public transport. The new expected trend of 2021 is the search for vulnerabilities in 5G. Not even the most dangerous holes in the next generation networks will be loudly discussed in the media due to the increased attention to this topic, the abundance of conspiracy theories and the difficult political environment.
Finally, two predictions relate directly to the activities of government-sponsored cyber groups. More active disclosure of the methods of work of the attackers from the "opposite camp" is expected. This will not only have political implications, but also increase the cost of the cyberattacks themselves: already developed tools will more often become useless as a result of the release of technical data. Finally, large companies can actively pursue the fight against conditionally legitimate zero-day exploit brokers. A relevant example is the Whatsapp lawsuit against the NSO Group: allegedly, the tools of this cyber attack developer were used to hack the messenger and access correspondence.
What else happened
Facebook has closed a vulnerability in the social network messenger, which allowed eavesdropping on subscribers' conversations. A detailed bug report from Google Project Zero expert Natalie Silvanovich describes the reason: an error in the implementation of the WebRTC protocol, which activates the microphone before the user answers the call.
In the version of the Firefox 83 browser , the HTTPS-Only Mode function has appeared , so far it is enabled at will. When activated, an error will be displayed if you connect to websites via HTTP, without encrypting traffic.
In January 2021, Google will require Chrome extension developers to clearly state what user data is collected. It looks like a new requirementApple to application developers is also recently introduced.
Serious data leak of the religious service Pray.com: records of 10 million users got public.
Scientific research shows ( news , scientific work , discussion on Habré) how the sensors of robotic vacuum cleaners can be used to spy on the owners.