An increase in ransomware sophistication, commodity malware and abuse of legitimate tools are predicted to be the main threats for the next year.
According to the Sophos 2021 Threat Report, there will be a gap between ransomware operators at different ends of the skills and resource spectrum, with big-game hunting ransomware families continuing to refine and change their tactics, techniques and procedures to become more evasive and nation state-like in sophistication.
Sophos claimed this will involve the targeting of larger organizations with multi-million dollar ransom demands, while an increase in the number of entry level, apprentice-type attackers looking for ransomware-for-rent will also increase.
Chester Wisniewski, principal research scientist at Sophos, said: “During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets. However, we’ve also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative cartels.
“The cyber-threat landscape abhors a vacuum: if one threat disappears another one will quickly take its place. In many ways, it is almost impossible to predict where ransomware will go next, but the attack trends discussed in our report this year are likely to continue into 2021.”
Speaking to Infosecurity, Darren Guccione, CEO of Keeper Security, said in that 2020, cyber-criminals have taken advantage of the business disruptions caused by the global health crisis, particularly the sudden and dramatic rise in remote work. He cited statistics from Coveware which claim that the average enterprise ransomware payment increased to more than $100,000 in the first quarter of 2020, a rise of 33% from the final quarter of 2019.
“This dramatic surge is due to cyber-criminals increasingly attacking large enterprises with deep pockets and leveraging legacy systems,” he explained. “Additionally, healthcare organizations saw a 350% year-on-year increase in ransomware attacks at the end of 2019 compared to the same timeframe in 2018.”
Also, commodity malware, such as loaders and botnets, which can seem like low-level malware noise but are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network, should be taken seriously.
“Commodity malware can seem like a sandstorm of low-level noise clogging up the security alert system,” said Wisniewski. “Defenders need to take these attacks seriously, because of where they might lead: they may not realize that the attack was likely against more than one machine and that seemingly common malware like Emotet and Buer Loader can lead to Ryuk, Netwalker and other advanced attacks, which IT may not notice until the ransomware deploys. Underestimating ‘minor’ infections could prove very costly.”
Guccione said the environment most businesses are operating in at the moment is extremely volatile, and now more than ever businesses should look to educate employees from the ground-up on the increasing cyber-risks and provide best practices for ensuring devices within their network are secure.
“It is the responsibility of business leaders to remind employees of the accountability they have as individuals for the safety and security of their own devices,” he said. “Only with the buy-in of all stakeholders do organizations have the best chance of securing their endpoints in the most efficient way possible.”
Wisniewski also said the abuse of everyday tools and techniques to disguise an active attack featured prominently in Sophos’ research, as this technique challenges traditional security approaches because the appearance of known tools doesn’t automatically trigger a red flag. “This is where the rapidly growing field of human-led threat hunting and managed threat response really comes into its own.”