2020 Cyber Threat Trends and 2021 Predictions

5 minute read

In a year of near constant change, the one realm in which we found consistency in 2020 was cyber threats. In our latest research report, the ZeroFox threat intelligence team analyzes the scale and scope of 2020 cyber threat trends looking ahead to 2021. And while the scale of threats has grown exponentially, the majority of the capabilities employed are not new. 2020 saw an acceleration of the trends we’ve come to know: targeted ransomware, phishing, and the expanded use of malware as a service. This blog is a sneak peek of what you’ll find in our Future of Digital Threats Report: the year that was, the trends we expected that didn’t play out as planned, and 2021 predictions for how digital threats will continue to evolve.

Technical attribution devolves

Specialization in the criminal underground, increased default anonymization, the continued expansion of fileless exploit techniques, and increasingly sophisticated open source malware and exploit frameworks makes differentiating one threat actor from another increasingly difficult. Gone are the days of neatly placing each threat actor into the diamond model and tracking as unique entities. This not only complicates defensive playbooks predicated on understanding the TTPs used in an intrusion, but also reduces the efficacy of certain risk models. Unfortunately, this is one cyber threat trend that will be a foundational pillar of the next generation of risk modeling, analysis, and intelligence programs. Adapting will be the key to success in 2021 and beyond.

Ransomware learns new tricks

The tactical battlefield shifted in 2020 in regards to big game hunting ransomware groups. Several major ransomware groups started encrypting and exfiltrating information as a way to increase the pressure on victims to pay. Likely as a result of the broad adoption of secure back ups, file recovery is no longer the only priority in ransomware attack response. While the financial data around this new threat vector is still unclear, the large adoption rate across ransomware groups makes this a cyber threat trend that is likely to continue into 2021 and beyond. 

Hackers are going to hack

The pandemic forced rapid adoption of cloud-based technology solutions across all sectors. While this technology was gaining traction pre-pandemic, 2020 rapidly accelerated this cyber threat trend. Looking across intrusions affecting this infrastructure, it becomes clear that hackers have not fundamentally altered their operations, but rather modified existing practices to fit the tech stack they encounter. The largest problem with cloud-based services is still human error and misconfigurations. Until IT teams become comfortable with this new technology, we expect hackers to continue to prey upon corporations’ lack of familiarity with, and ability to properly secure, this new technology stack. 

Where Did the 2020 Magic 8 Ball Break? 

Activists stay old school

With severe social restrictions in place due to the ongoing pandemic, many security practitioners were concerned that some of the larger social movements and direct action campaigns would shift to an online focus. This threat largely failed to materialize. Groups such as Extinction Rebellion and the Hong Kong protesters that had made names for themselves through effective organization and in-person disruption faded into the background as social gatherings were limited. Their inability to effectively leverage open-source hacking tools or social media platforms for disruption largely resulted in a return to in-person direct action. 

Workers went home, but the hackers still went to work

With the pandemic sending as many employees to work remotely as possible, there was a fear that hackers would leverage the plethora of vulnerabilities in consumer-grade networking hardware to piggyback into corporations. To date, no significant increase in home intrusions has been reported. This may be the result of underreporting, as corporate security teams have no visibility into home networks. It is far more likely, however, that corporate systems themselves continue to be easy targets for hackers, making a change in TTPs unnessaccary.

The vulnerability apocalypse is cancelled for another year

Despite a number of significant vulnerabilities disclosed in 2020, the exploitation rate, especially of CVSS 10s was comparatively low. The amount of attention these vulnerabilities received due to the CVE rating system was not supported by actual malicious activity. In 2021, we expect the critical vulnerabilities to still be underrepresented in immediate exploitation. Instead, we expect to see new sweet spots emerge from the criminal communities.

Orphaned technology creates new inroads to corporate networks

Just as the rush to leave the office left security teams scrambling to protect hastily  thrown together infrastructure, the return to the office will result in infrastructure that is rarely, if ever, used. As systems fall into disuse, they often lack appropriate security safeguards or patching, creating new, unmonitored, vulnerabilities in corporate networks. If 2021 brings a return to the office, it too will likely bring a host of issues around unmaintained technology that are the remnants of 2020’s chaos. 

Return of BIOS hacking

For the first time in several years, we saw threat actors experimenting with BIOS capabilities. While the two instances of BIOS hacking observed in 2020 share a common, old exploit, the new interest has the potential to cause a significant change in risk models in 2021. Previously the domain of nation states and those with physical access, BIOS and UEFI hacking has significant value for cyber criminals who have specialized in brokering intiatial access to systems. If they can maintain persistence, not through a RAT, but rather through a UEFI hack when a system gets re-imaged as a result of a detected intrusion, the initial access is maintained. This means initial access brokers can sell access to the same computer over and over again until the hardware itself is replaced.

As you plan for another year of uncertainty, download our full Future of Digital Threats: 2020 Insights, 2021 Predictions report to understand the public attack surface facing security teams in this new calendar year and how to prepare for the evolution and amplification of TTPs leveraged by bad actors. 

Not a reader? Check out our latest panel discussion with industry experts from Motorola Solutions and JAMF on the trends they expect to materialize in 2021.


Subscribe to our Blog

Best practices, the latest research, and breaking news, delivered right to your inbox.