2021 will be about work from anywhere and is a moving target for security professionals as the adversary is moving into a new normal as well.
In 2020, Cybereason continued to see fewer strains of ransomware in total across networks, yet the existing strains raked in more gains. Hackers do this by better targeting and making more money from each target. In 2021, we can expect to see an increase in multistage ransomware embedded into hacking operations.
Hospitals, banks and critical infrastructure providers were at higher risk but many industries faced this threat. Only after hackers’ place ransomware on every computer in the network and then complete other stages of the attack, including data theft, user password stealing and propagation across the network, will they detonate the ransomware across all compromised endpoints.
The good news, however, is that defenders with a rapid detection and response process to detect the attack at its early stages, can respond effectively before ransomware is able to impact the environment.
To do this, first and foremost, enterprises need to minimise the amount of time it takes to respond to threats. This is best achieved by deploying threat hunting services around the clock.
In addition, resilience and security can no longer be an afterthought. It is very important for next-generation networks to be built with resiliency and security in mind. The design and ongoing operation of the system must take into consideration what security threats will become commonplace in the months and years ahead.
In addition, enterprises should partner with the experts that have vast knowledge of cyber threats with the public and private sectors working closely together to protect the networks of our banks, hospitals, oil and gas companies, aviation industry and other critical infrastructure.
And finally, test, test, test. Tabletop exercises that enable a red and blue team to role play different scenarios and the real time response to those scenarios is critical for enterprises when having to actually have to deal with a threat in real time. Never underestimate the value of tabletop exercises in shoring up weakened defenses and helping executives understand the importance of security.
We are in a new world where recent surveys estimate that in 2021 nearly half of employers intend to allow employees to remotely work from home on a permanent basis. This means employees need anywhere, anytime access while at the same time the quantity and complexity of the cyber-attacks we face have ramped up.
Does your enterprise deploy the technologies to stop correlated attacks across all users, devices and endpoints in your network? If you answered no, 2021 could be a rough and tumble year.
Cross-layered detection and response, XDR should allow organisations to be able to readily detect, correlate, and end sophisticated attacks wherever they start on the network. By fusing together endpoint telemetry with behavioral analytics for XDR, security teams can protect users and assets wherever they are in the world.
Finding the right XDR solution does not have to be a painful process if you understand what the solution should look like. First, security begins with knowing what to protect. An XDR solution should empower analysts of all skill levels to quickly dig into the details of an attack without the need to craft complicated queries.
XDR is intended to extend traditional detection and response capabilities from the endpoint out to critical SaaS services, email, and cloud infrastructure.
XDR solutions should also deliver superior visibility and enhanced correlations across both Indicators of Compromise IOCs and key Indicators of Behavior IOBs, the more subtle signs of network compromise. XDR detections also need to identify suspicious user access and insider threats.
And last but not least, XDR solutions should make it simple for analysts to understand the full attack story immediately, and remediation actions such as kill process, quarantine asset and remote shell should be automated or accomplished remotely with a simple click. A solution should also offer automation options for immediate remediation of threats and continuous threat hunting.
XDR is a promising approach that can reverse the attacker advantage and return the high ground to the defenders by extending detection and response capabilities across the broader IT ecosystem that makes up modern enterprise environments. This unified detection and response capability can automatically surface Malops across the entire IT stack including endpoint, network and cloud deployments.
We banned IoT from the Enterprise. Who knew that the Enterprise would come to IoT! The new Enterprise address space is consumer ISPs, and the bad guys know it.
2021 will contain a resurfacing of old exploits that target out of data printers and routers, repurposing of DLP techniques for the dark purpose of exploring the world around compromised endpoints and bots. Worst of all, the ubiquity of IoT, starting with poorly protected home automation will begin.
The dark side has not been idle and can use commodity voice-to-text capacity to compromise IP stacks in homes to mine for intelligence and spy with the very best cameras, microphones, storage and access. The time is now for someone to create a new business to bring IT-level support, maintenance, security and maybe even privacy services to the home.
If Enterprises will pay 10s of thousands for employees to sit in an office, will they perhaps subsidise and protect employee homes one day through outsource contracts at a fraction of the cost to keep us all safe and productive?
2021 will be about work from anywhere and it is very much a moving target for security and privacy professionals. We must understand the adversary is moving into a new normal as well. They may not yet have found ways to exploit all weaknesses or even any given weakness. They too are pursuing the lowest hanging fruit while investing in some longer-term R&D as they continue to develop new attacks specifically for the home environment.
Threat actors may be purchasing tools from cybercriminals, mining existing botnets to see what IP is on those already-compromised machines or targeting home automation, printers and routers after triangulating IP addresses and digital locations for targets. In the year ahead, targeting new dimensions of technical diversity and innovating to develop new attack vectors will be the name of the game for the bad guys.
Once upon a time, hackers fell in neat behavioral buckets that made their motivations and goals discernible. Or at least they appeared to do and for the most conformed cleanly. However, over time they have become less clear: nation states like North Korea hack for profit to deal with economic sanctions, cybercrime rent out their services to any and all takers, and ransomware has become a tool of the state too.
To further complicate matters, nation states publish tools to seed back doors in the criminal world and to provide healthy background noise, and government employees for offensive agencies from China to Russia moonlight or go private, without even taking into account the possibility of false flag operations.
While clear modus operandi is still possible to help guide investigations and make them more efficient, the net result is that neat categorisation schema generally and attribution specifically serve less and less use. This trend will continue, so it is important to prepare for all potential attackers and to some extent to avoid blind spots produced by a false sense of certainty in who the enemy is.