7 Top Security Trends for 2021 | Total Security Software

At the beginning of the year, various IT security companies are making forecasts about developments in the cybersecurity environment. INTERNET WORLD has compiled the 7 most important trends.

With increasing online usage during the Corona crisis, the number of hacker attacks also increased. This negative trend will continue in 2021. INTERNET WORLD has scoured various cybersecurity predictions and identified the following top trends:

1. Extortion without End

As early as 2020, many companies had to deal with ransomware attacks. Cybercriminals no longer limit themselves to encrypting victims' data to demand a ransom for their decryption. Rather, the hackers have moved on to maximize their "profit".

Various IT security experts report that the cyber villains have gone over to sucking up the data before encrypting it to obtain sensitive and - in the private sphere too - embarrassing information. The victims are then threatened with the publication of the stolen files if they are not paid accordingly.

As the Schaffhausen-based IT security specialist Acronis calculates, data leaks occurred in more than 1,000 companies as a result of ransomware attacks as early as 2020. The Acronis augurs believe this trend will probably increase. Because the criminals would switch from pure data encryption to additional data theft as the primary tactic.

Protegent Security is also observing this trend. The IT security specialists from western Switzerland see the reason for the cyber criminals' tactical change in the fact that companies have implemented comprehensive backup strategies because of the ransomware plague. An attack with only the encryption of the data, therefore, comes to nothing for many companies, as they can quickly restore their systems themselves. As a result, ransomware groups are increasingly threatening to disclose sensitive information if companies do not want to pay a ransom after a successful attack, says Protegent.

2. Remote Workers in Sight

More and more employees are connecting to corporate IT from home. This trend, which literally exploded due to the corona pandemic in 2020, is likely to continue in 2021. As a result, attacks on the remote workforce will continue and increase, predict various security experts.

In 2020, such attacks had increased many times over the previous year. The experts at Kaspersky recorded a year-on-year increase of 242 percent in brute force attacks on remote desktop protocols (RDP). RDP is used to connect to Windows servers.

This attack and the attempt to compromise secure VPN and other remote connections will increase in 2021. Watchguard is even anticipating a doubling of attacks aimed at remote workers.

In this context, Watchguard also warns of unsecured end devices that employees use to access company IT resources. According to the experts, outdated software that is difficult to patch or update is still running on numerous computers. Since support for Microsoft Windows 7, for example, will also end in January 2021, Watchguard advises companies to be particularly careful here. According to the experts, at least one major new Windows 7 vulnerability will make headlines in the coming months.

3. Malware Becomes Volatile

One thing is certain: malware will continue to plague us in 2021. And the malware programs are likely to become even more varied.

This is forecast, for example, by Candid Wüest, head of the Cyber Protect research team at Acronis. During a virtual conference on the top cyber threats in 2021, he said that research by Acronis 2020 showed that the average lifespan of a single malware variant was just 3.4 days.

"This means that cybercriminals write malware variants for each individual target," he explains, pointing out that this can be done quite easily with today's tools. "In the future, cybercriminals will increasingly create a payload that is tailored to their needs," warns Wüest.

4. 5G Is Becoming a Cybersecurity Hotspot

Devices in the Internet of Things (IoT) are already popular targets for attackers. With increasing connectivity, for example, via the next-generation 5G cellular network, this trend will only increase.

Protegent Security, among others, warns of this. The reason, according to the IT security expert: "With 5G, network operators provide fast and reliable network access to millions or hundreds of millions of small devices that are often not well secured," Protegent wrote in a press release. The company warns that this will further increase the risk that these IoT systems will be used for volumetric DDoS attacks.

But that's not all: With the ongoing rollout of 5G, the attackers are increasingly focusing on the mobile networks themselves. According to Protegent, the IoT attacks will not only affect the intended targets but can also cause collateral damage in the operator's network. "This is a risk for companies because they are increasingly dependent on mobile networks and 5G, after all, many services are based on technology," warns the cybersecurity specialist from western Switzerland.

Related to the threat is also the trend that edge computing is becoming the focus of cybercriminals. At least the prognosis from RSA refers to this. In 2021 there will be a significant increase in edge computing infrastructures, it is said. "In parallel, threat actors will develop techniques specifically targeting edge gateways and other edge computing environments," warns RSA. This will be exacerbated by the increasing spread of IoT devices and 5G networks - with the result of attacks with far greater impact than before, RSA predicts.

5. Deepfake Threat

Attackers have always made use of social engineering to be able to penetrate company IT through bona fide employees. According to forecasts by Protegent Security, cybercriminals could increasingly use deep fakes to outsmart employees this year.

Deepfakes are fake video and audio recordings that are created with the help of artificial intelligence (AI). With them, it is possible to convincingly imitate a person's appearance and voice. Recordings of the respective person serve as a template for an AI algorithm. And more and more of these can be found on the web in the age of social avoidance.

According to Protegent, it is conceivable, for example, to imitate the voice of his superior during a conversation with an employee and to order a transfer. "As deepfakes are becoming more readily available, less complex, cheaper, and, above all, getting better and better, they can be expected to increase in the future," warn the French-speaking Swiss. Above all, audio deepfakes can hardly be exposed as such.

6. Attack on Multifactor Authentication

Cybersecurity specialists have long advised against simply protecting with a user name and password to access resources in company IT or on the web. For example, Watchguard. Given the billions of usernames and passwords that are freely accessible in the dark web, as well as against the background of the triumphant advance of automated authentication attacks, services with classic dial-up options are becoming increasingly risky. In fact, WatchGuard sees all applications that do not have the additional protective shield of multifactor authentication (MFA) at risk.

But even the MFA, in which a one-time password is transmitted via other channels, could be increasingly targeted by cybercriminals. Protegent Security warns of this. The attackers would try to trick employees into doing so, for example, by gaining access to the victims' accounts via unauthorized OAuth 2.0 grants. In 2020, Protegent noticed an increase in such attempts.

As a result, the experts assume that this is a trend that is expected to intensify in the coming months. "Such OAuth 2.0 grants are not automatically revoked if passwords are changed and they also do not require any additional MFA requests to be abused by attackers," says Protegent and also formulates a counter-strategy: "Companies should therefore restrict which ones Applications are eligible to claim OAuth 2.0 grants for employee accounts ". For example, Microsoft Azure Active Directory can be used to set up applications that first have to be approved before they can claim OAuth 2.0 grants, advises Protegent.

Another option for more cybersecurity is to restrict access rights via OAuth 2.0. So you can deny untrustworthy applications over OAuth 2.0 the possibility to read or write e-mails.

Protect your data from cyberattacks with Protegent total security software.

7. The Looming Economic Crisis Is Fueling Cyber Crime

The economic effects of this year's corona pandemic cannot yet be fully assessed. It can certainly be said today that there will be countries that will be hit harder in this regard, as they do not have anywhere near the financial reserves as Western European countries.

It, therefore, doesn't take much clairvoyance to predict that financially motivated cyber attacks will increase in 2021. In addition to the more sophisticated attacks with extortion software already mentioned and the expansion of the theft of credit card information, cybercriminals will focus on fraud with cryptocurrencies.

According to the forecast by Kaspersky, cybercriminals will increasingly use so-called "transitional cryptocurrencies" to cover up their tracks by changing currencies.

According to the Kaspersky experts, currencies with better data protection such as Monero will probably be used as the first transition currency before the sums are later exchanged for other cryptocurrencies such as Bitcoin.

Also, Kaspersky sees an increase in the theft of bitcoins, above all against the background that certain nations are becoming impoverished and their currencies could be devalued. The experts, therefore, predict that with the weakening of individual national currencies, Bitcoins will increasingly move into the center of attempts at fraud and theft.