After a year in which COVID-19 upended the way we live, work and socialize, we are likely to see an increased threat from ransomware and fileless malware in 2021, according to ESET.
Trend 1: The future of work – embracing a new reality
The advent of the pandemic has ushered in mass implementation of remote working, which has seen a heavier reliance on technology than ever before. This shift away from the office has brought benefits for employees, but it has also left companies’ networks vulnerable to attack.
Jake Moore, ESET Security Specialist, commented, “We have all learned that working remotely can benefit organizations; however, I don’t think that we will continue to work remotely five days a week. More employees around the world will naturally and effortlessly migrate to what works for them and their businesses. As more and more of our working and home lives become digitized, cybersecurity will remain the lynchpin of business safety. Cyberattacks are a persistent threat to organizations, and businesses must build resilient teams and IT systems to avoid the financial and reputational consequences of such an attack.”
Trend 2: Ransomware with a twist – pay up or your data gets leaked
With ransomware attackers seeking greater leverage to coerce victims into paying, as well as upping the ante in ransom demands, the stakes are increasing for victims. Exfiltration and extortion may not be new techniques, but they are certainly growing trends.
Tony Anscombe, Chief Security Evangelist, ESET, commented, “Companies are becoming smarter, deploying technologies that thwart attacks and creating resilient backup and restore processes, so the bad actors need a ‘Plan B’ to be able to monetize their effort and build resilience into the attack, rather than being reliant on a single form of threat.
“Thwarted attacks or diligent backup and restore processes may no longer be enough to fend off a committed cybercriminal who’s demanding a ransom payment. The success in monetizing due to a change of technique offers cybercriminals an increased chance of a return on investment. This is a trend that, unfortunately, I am sure we will witness more of in 2021.”
Trend 3: Beyond prevention – keeping up with the shifting sands of cyberthreats
In recent years, cybercriminal groups have turned to using increasingly complex techniques to deploy highly targeted attacks. Some time ago, the security community began to talk about fileless malware attacks, which piggyback on the operating system’s own tools and processes and leverage them for malicious purposes.
These techniques have gained more traction recently, having been employed in various cyberespionage campaigns and by various malicious actors, mainly to hit high-profile targets such as government entities.
“Fileless threats have been evolving rapidly, and it is expected that in 2021 these methods will be used in increasingly complex and larger-scale attacks. This situation highlights the need for security teams to develop processes leveraging tools and technologies that not only prevent malicious code from compromising computer systems, but that also have detection and response capabilities – even before these attacks fulfill their mission, said Camilo Gutiérrez Amaya, Senior Security Researcher, ESET.
Trend 4: Bad vibes – security flaws in smart sex toys
With new models of smart toys for adults entering the market all the time, research has shown that we are a long way from being able to use smart sex toys without exposing ourselves to the risk of a cyberattack. Now these findings are more relevant than ever, as we are seeing a rapid rise in sex toy sales as a reflection of a global health crisis and the social distancing measures related to COVID-19.
Cecilia Pastorino, ESET Security Researcher, commented, “The era of smart sex toys is just beginning. The latest advances in the industry include models with VR capabilities and AI-powered sex robots that include cameras, microphones and voice analysis capabilities based on artificial intelligence techniques. As has been proven time and time again, secure development and public awareness will be key to ensuring the protection of sensitive data, while we empower users to become smart consumers who are able to demand better practices from vendors in order to maintain control of their digital intimacy in the years to come.”