Cryptographers, cybercartels, personal phishing and other threats
Home Workplace Attacks
At the "remote location", the information security of an employee depends only on himself. According to Positive Technologies, by the end of 2020, the number of attacks that exploit vulnerabilities in Internet services for work had tripled . A popular scenario is to steal credentials to connect to corporate systems and gain unauthorized access to work conferences. The number of such attacks is predicted to increase.
Cryptographers and blackmail tools
Throughout 2020, a growing number of ransomware attacks - malware that encrypts data, blocks work, and often requires a ransom. From the first to the third quarter, the number of such attacks doubled. Moreover, as a goal, their creators usually choose not an abstract set of users, but specific representatives of large companies who can pay a large ransom and for whom it is vitally important to continue working.
Blackmail with stolen private data has also become popular. Examples of blackmail software: Maze, Sodinokibi, DoppelPaymer, NetWalker, Ako, Nefilim, Clop. It turned into a full-fledged industry: attackers even created their own websites and auctions to sell stolen information.
Another variation of this activity is that cybercriminals steal compromising data on activity in an online store (for example, about purchases in a sex shop) and offer to pay so that the information is not sold to third parties.
According to some forecasts, ransomware will even be able to reach cloud repositories .
New cybercartels
As a result, many new hacker associations and platforms will soon appear on the shadow Internet. The motivation is simple - jointly attack an attractive target and make good money from it. They, as before, will be required to restore the system's performance and the safety of the stolen information. The threat of publishing sensitive data continues to be held in high esteem by attackers.
Vendors and industry as a favorite target of hackers
Today, service providers are in the area of special attention of hackers. In 2020, there were about 200 attacks on energy and industrial companies, compared to 125 in the previous year.
There is also a growing trend in attacks on suppliers. As large companies become an increasingly complex target, software and security developers, IT integrators, and IT contractors are at risk.
To protect against a well-planned attack, highly qualified information security specialists are needed, and not all of these companies can afford them. And this increases the likelihood of success for hackers. Stopping production is a desirable goal for attackers, because in this case the victim is highly motivated to pay money. For this reason, the ransom amounts also increased. In June, Honda and Enel Group fell victim to the new Snake ransomware, designed specifically to stop critical processes in industrial control systems.
One option to avoid this is to spend time and resources on a detailed study of the entire vendor's supply chain in order to understand the consequences in the event of a breach.
Logical vulnerabilities in banking applications
Large banks have done a good job on the security of their applications: they have increased fault tolerance by switching to a microservice architecture and have reduced the number of standard web vulnerabilities (XSS, SQLi, RCE).
However, the number of logical vulnerabilities has grown, which can ultimately lead to theft of money, the receipt of sensitive information by hackers and, as a result, denial of service from the bank. The goal of hackers today is not even a complete compromise of the banking application system, but the exploitation of logical vulnerabilities.
Personal phishing
Methods of social engineering will continue to be actively used - only now also in an actual context. For example, wherever there is a connection with the topic of coronavirus. Advertising phishing sites selling pseudo-drugs for the treatment of Covid-19, pseudo-vaccines, fake certificates, and so on can become a popular scheme.
Phishing can also become more localized, targeting a specific person through social networks and instant messengers.
Industry trends
The Russian information security market grew by a quarter at the end of last year. There are three main reasons for this.
- Information security, as one of the key business processes of the company, is becoming more and more relevant due to the growing number of threats and hackers.
- The need to spend on information security is becoming apparent to the leadership of an increasing number of organizations.
- Information security has evolved from a plan that will be implemented "someday" into a really used tool. This logically increases the amount of work and income of companies that develop and implement security measures.
The accelerated digitalization of business due to the pandemic and the subsequent emergence of new services will certainly become an important area of interest for hackers. One of the options for countering this is the creation of a kind of "cyber polygons" for testing services, technologies and IT infrastructure in a secure environment.
Experts from various think tanks predict the following trends, which should be prepared for both companies and ordinary users.
Some time ago, the focus shifted in information security - from building the boundaries for protecting the IT infrastructure to quickly detecting intruders inside the system. The understanding came that it is impossible to create absolutely reliable protection and the main task is to prevent a hacker from causing serious damage to the company's work. This point of view on the situation became the main one in 2020 and will remain so in the near future.
An example of one of the innovations: when creating an SOC in an SLA (Service Level Agreement, Service Level Agreement), one of the main indicators will be a guarantee of preventing damage to the organization when an attacker penetrates the network.
All this will have a beneficial effect on the information security industry, qualitatively changing it. In these conditions, only those technologies and solutions will survive that are truly capable of bringing a measurable result, that is, protecting against a possible attack.
Of course, in any area the real situation often differs from the predicted one. It is likely that attackers will invent schemes that none of the analysts has yet predicted.
Blog ITGLOBAL.COM - Managed IT, private clouds, IaaS, information security services for business: