Cybersecurity threats 2021

If you are not already familiar with the importance of cybersecurity, maybe some economic figures in the following info-graphic might create some awareness for that topic. With the concept of ransomware as a method of attack cyber-crime has definitely become an attractive business model.

Source: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016

Old friends

Ransomware / malware. Still being spread over mail, ransomware is – as mentioned before – one of the key elements in making cyber-crime meaningful. Especially spear phishing enjoyed great popularity among attackers.
Countermeasures: Awareness trainings, doing backups and testing them.

IoT / Botnets. Due to the fact that many people still buy devices for smart home, home automation and home surveillance it’s a natural law that all those devices will get older as time passes by. Unintentionally that leads to an increasing amount of unpatched insecure devices which are often directly accessible to the internet. Be aware that business environments are also affected since it’s fairly easy to hang a Raspberry PI into the network and to never touch it again so it will get outdated one day.
Countermeasures: Only use them if you know what you are doing. Remove them if you can’t ensure proper patching.

Data leakage. It doesn’t matter what year we look at – there are always new huge data breaches published. In 2020 we had for instance the following breaches:
– CAM4 (10.88 billion records)
– MGM Grand (10.6 million customers)
– easyJet (9 million customers)
– Marriott (5.2 million guests)
– Zoom (500k users)
– Magellan Health (365k patients)
– Nintendo (300k users)
– Mailfire (100k users)
… just to name some of them. Or better said: to name the known ones.
Countermeasures: Use separate login credentials for every service you use. One of them will get compromised for sure. It’s just a matter of time as we can observe new data leakages year by year.

New trend rising in 2021

Remote working. The COVID19-pandemic forced and still forces many companies to be more flexible by allowing employees to work from home in order to meet certain health regulations. Especially during the beginning phase new untested solutions have been rolled out to keep employees able to work. With this change in IT, new conditions have developed:
– potentially alternative notebooks and devices must be ordered
– the secure corporate network has to interact with the insecure private network
– need to use previously unauthorized unsecured devices such as printers
– extended use of conference software including classified information
– further use of file storage and/or cloud systems

What is still missing (and may be coming in 2021)

Artificial intelligence. It looks like the use of artificial intelligence is not yet on a level that allows attacks to take place fully automatically by computers.

Cloud breaches. No one of the big cloud providers like Amazon AWS, Microsoft Azure or Google Cloud has been hacked yet.

Big Data connection. When you consider data protection as a topic within cybersecurity then it’s remarkable that obviously nobody connected huge datasets illegally before. Finding correlations within huge datasets including highly personal information could lead to merged personal information about people becoming particularly sensitive.

Critical infrastructure. Not believing in the end of the world, it is somewhat surprising that critical infrastructures have not been the target of attacks so far.

Deep fake. The use of AI learning techniques has reached a considerable level of quality. Despite the social effect of disinformation this could be used in the context of cybersecurity for phishing purposes. Imagine you receive an email asking you to visit certain prepared links which lead you to websites which are looking like your company’s website. There is a risk that convincing videos from CxO’s or departments could encourage employees to act.

Sources