The internet is a blessing and a curse for businesses. It allows them to save time and money, reduce labor expenditures, and provide better services—among many other benefits. But by the same token, it poses threats in the form of cyber-hacking, online attacks, and more. In fact, Norton Security estimates that in 2023, cybercriminals will be stealing records at a rate of 33 billion annually.
Given the scope of cyber-attacks—not to mention the fallout businesses can suffer as a result—it’s important to know what type of nefarious activities lie in store for 2021. Here’s a breakdown of the four key varieties of cybersecurity attacks and a look at how things will play out in the coming 12 months.
Cybersecurity attacks: the basics
The four “flavors” of cybersecurity attacks include:
- Malware: any malicious form of software designed to harm a computer system and open doors to stealing data
- Ransomware: used to lock victims’ computers or files and hold the information in them for ransom
- Social engineering: attacks involving human or social interaction—for example, through social media.
- Phishing: use of a false identity to trick someone into sharing sensitive information (such as a bank account number), downloading malware, or visiting a site containing malware
Top cybersecurity threats for 2021
1. Malware gets smarter
According to a report in Security magazine, attackers will harness breakthroughs in artificial intelligence (AI) to develop “smart” or artificially intelligent malware. This malware will have the capability to discover new vulnerabilities.
The report states that AI has the potential to make malware so sophisticated that it will be able to bypass modern antivirus and malware detection software, enabling it to listen for specific words, target a user’s voice, identify advanced images, and employ facial recognition. “Smart” malware may also be more difficult to detect given its self-destruct mechanism and capability to combine various attack techniques for maximum effectiveness.
2. Cyberattackers ‘hit the remote’
The COVID-19 pandemic led to an explosion in the number of remote workers—and many businesses will be operating in a removal fashion going forward. A report by BeyondTrust states: “In 2020, we learned that not even the era of social physical distancing can slow down social engineering threats.” Beyond Trust’s researchers anticipate that in 2021, “cybercriminals will continue to wage social engineering attacks and also try to exploit common home devices that can be used to compromise an individual and allow for lateral movement into a business.”
Social engineering attacks, the experts say, will primarily involve various forms of phishing—including by email, voice, text, instant messaging, and even third-party applications. Additionally, disgruntled insiders who feel “less ‘observed’” in their own homes—and therefore less likely to be caught engaging in cybercrime–may engage in social engineering attacks as well. One antidote to these problems, BeyondTrust experts note, will be efforts to secure company systems independently and “away from corporate connectivity.”
Moreover, network security firm Kaspersky foresees increased exploitation of companies’ network appliances—such as virtual private networks (VPNs)—through remote workers. Perpetrators will do so via “vishing” attempts to harvest the credentials needed to gain VPN access. “Vishing” is a form of phishing carried out by making phone calls or leaving voicemail messages purporting to be from reputable companies, again with the aim of persuading victims to provide sensitive personal information.
3. Changes in targeted ransomware attacks
Last year, according to Kaspersky, targeted ransomware attacks reached a new level through cybercriminals’ use of generic malware to gain an initial foothold into the networks they targeted. Connections between these attacks and well-established underground networks that typically trade in stolen credentials—for instance, Genesis—were observed.
In 2021, Kaspersky researchers believe, perpetrators that carry out advanced persistent threats—covert cyberattacks on computer networks, in which attackers gain and maintain unauthorized access to targeted networks and remain undetected for a prolonged period—will start using the same methods to compromise their targets. To combat such activity, they recommend that companies pay increased attention to generic malware, performing basic incident response activities on all of their compromised computers to ensure that such malware has not been used to deploy more sophisticated threats.
E-complish continues to keep an eye on all data security threats and uses a sophisticated cadre of technology tools to ensure that sensitive data handled by its customers remain safe. Click here to find out more.