After a year in which the COVID-19 pandemic upended the way we live, work and socialize, we are likely to see an increased threat from ransomware and fileless malware in 2021, according to the latest trends report from ESET. Cybersecurity Trends 2021: Staying secure in uncertain times explores the predictions of experts from the global cybersecurity firm, revealing the key challenges expected to impact consumers and businesses in 2021.
Trend #1: The future of work – embracing a new reality
The advent of the COVID-19 pandemic has ushered in mass implementation of remote working, which has seen a heavier reliance on technology than ever before. This shift away from the office has brought benefits for employees, but it has also left companies’ networks vulnerable to attack.
Ken Kimani, Channel Manager at ESET East Africa, remarked, “This year, we have learned that remote working is of huge benefit to organizations however, I don’t think that we will continue to work remotely five days a week. Organizations and employees around the world will naturally and effortlessly migrate to what works for them and their businesses. Cybersecurity will remain the lynchpin of business safety as more and more of our working and home lives become digitized. Cyberattacks are a persistent threat to organizations, and businesses must build resilient teams and IT systems to avoid the financial and reputational consequences of such an attack.”
Trend #2: Ransomware with a twist – pay up or your data gets leaked
With ransomware attackers seeking greater leverage to coerce victims into paying, as well as upping the ante in ransom demands, the stakes are increasing for victims. Exfiltration and extortion may not be new techniques, but they are certainly growing trends.
Tony Anscombe, ESET Chief Security Evangelist, commented, “Companies are becoming smarter, deploying technologies that thwart attacks and creating resilient backup and restore processes, so the bad actors need a ‘Plan B’ to be able to monetize their effort and build resilience into the attack, rather than being reliant on a single form of threat.
“Thwarted attacks or diligent backup and restore processes may no longer be enough to fend off a committed cybercriminal who’s demanding a ransom payment. The success in monetizing due to a change of technique offers cybercriminals an increased chance of a return on investment. This is a trend that, unfortunately, I am sure we will witness more of in 2021.”
Trend #3: Beyond prevention – keeping up with the shifting sands of cyberthreats
In recent years, cybercriminal groups have turned to using increasingly complex techniques to deploy highly targeted attacks. Some time ago, the security community began to talk about “fileless malware” attacks, which piggyback on the operating system’s own tools and processes and leverage them for malicious purposes. These techniques have gained more traction recently, having been employed in various cyberespionage campaigns and by various malicious actors, mainly to hit high-profile targets such as government entities.
Camilo Gutiérrez Amaya, ESET Senior Security Researcher, noted, “Fileless threats have been evolving rapidly, and it is expected that in 2021 these methods will be used in increasingly complex and larger-scale attacks. This situation highlights the need for security teams to develop processes leveraging tools and technologies that not only prevent malicious code from compromising computer systems, but that also have detection and response capabilities – even before these attacks fulfill their mission.”