In a year of near constant change, the one realm in which we found consistency in 2020 was cyber threats. In our latest research report, the ZeroFox threat intelligence team analyzes the scale and scope of 2020 cyber threat trends looking ahead to 2021. And while the scale of threats has grown exponentially, the majority of the capabilities employed are not new. 2020 saw an acceleration of the trends we’ve come to know: targeted ransomware, phishing, and the expanded use of malware as a service. This blog is a sneak peek of what you’ll find in our Future of Digital Threats Report: the year that was, the trends we expected that didn’t play out as planned, and 2021 predictions for how digital threats will continue to evolve.
Looking Back: 2020 Impactful Cyber Threat Trends Heading Into 2021
Technical attribution devolves
Specialization in the criminal underground, increased default anonymization, the continued expansion of fileless exploit techniques, and increasingly sophisticated open source malware and exploit frameworks makes differentiating one threat actor from another increasingly difficult. Gone are the days of neatly placing each threat actor into the diamond model and tracking as unique entities. This not only complicates defensive playbooks predicated on understanding the TTPs used in an intrusion, but also reduces the efficacy of certain risk models. Unfortunately, this is one cyber threat trend that will be a foundational pillar of the next generation of risk modeling, analysis, and intelligence programs. Adapting will be the key to success in 2021 and beyond.
Ransomware learns new tricks
The tactical battlefield shifted in 2020 in regards to big game hunting ransomware groups. Several major ransomware groups started encrypting and exfiltrating information as a way to increase the pressure on victims to pay. Likely as a result of the broad adoption of secure back ups, file recovery is no longer the only priority in ransomware attack response. While the financial data around this new threat vector is still unclear, the large adoption rate across ransomware groups makes this a cyber threat trend that is likely to continue into 2021 and beyond.
Hackers are going to hack
The pandemic forced rapid adoption of cloud-based technology solutions across all sectors. While this technology was gaining traction pre-pandemic, 2020 rapidly accelerated this cyber threat trend. Looking across intrusions affecting this infrastructure, it becomes clear that hackers have not fundamentally altered their operations, but rather modified existing practices to fit the tech stack they encounter. The largest problem with cloud-based services is still human error and misconfigurations. Until IT teams become comfortable with this new technology, we expect hackers to continue to prey upon corporations’ lack of familiarity with, and ability to properly secure, this new technology stack.
Where Did the 2020 Magic 8 Ball Break?
Activists stay old school
With severe social restrictions in place due to the ongoing pandemic, many security practitioners were concerned that some of the larger social movements and direct action campaigns would shift to an online focus. This threat largely failed to materialize. Groups such as Extinction Rebellion and the Hong Kong protesters that had made names for themselves through effective organization and in-person disruption faded into the background as social gatherings were limited. Their inability to effectively leverage open-source hacking tools or social media platforms for disruption largely resulted in a return to in-person direct action.
Workers went home, but the hackers still went to work
With the pandemic sending as many employees to work remotely as possible, there was a fear that hackers would leverage the plethora of vulnerabilities in consumer-grade networking hardware to piggyback into corporations. To date, no significant increase in home intrusions has been reported. This may be the result of underreporting, as corporate security teams have no visibility into home networks. It is far more likely, however, that corporate systems themselves continue to be easy targets for hackers, making a change in TTPs unnessaccary.
The vulnerability apocalypse is cancelled for another year
Despite a number of significant vulnerabilities disclosed in 2020, the exploitation rate, especially of CVSS 10s was comparatively low. The amount of attention these vulnerabilities received due to the CVE rating system was not supported by actual malicious activity. In 2021, we expect the critical vulnerabilities to still be underrepresented in immediate exploitation. Instead, we expect to see new sweet spots emerge from the criminal communities.
New Cyber Threat Trends in 2021
Orphaned technology creates new inroads to corporate networks
Just as the rush to leave the office left security teams scrambling to protect hastily
Return of BIOS hacking
For the first time in several years, we saw threat actors experimenting with BIOS capabilities. While
Check out the Full Cyber Threat Trends Report
As you plan for another year of uncertainty, download our full Future of Digital Threats: 2020 Insights, 2021 Predictions report to understand the public attack surface facing security teams in this new calendar year and how to prepare for the evolution and amplification of TTPs leveraged by bad actors.
Not a reader? Check out our latest panel discussion with industry experts from Motorola Solutions and JAMF on the trends they expect to materialize in 2021.