Throughout 2020, the world has witnessed innumerable uncertainties in economies, people and livelihoods. Though cybersecurity hygiene is a common practice, the pandemic has brought in a new set of threats that are associated with employees working from home. With almost 90% of the employees working from home, there is a need for altering the common cybersecurity hygiene checklist amid new kind ransomware, phishing and malware incidents during the pandemic.
New Cyber security threats of 2021
The newer kind of threats that pandemic has brought-in will continue to evolve in 2021 as well. In this blog we will understand the predictable new threats that are going to be in action for the year 2021
Covid-19 related phishing scams will continue
Following are the potential cyber risks that have surfaced after the birth of COVID-19, and their preventive measures to be considered
- Phishing attacks/websites preventive measures
Cybercriminals are leveraging coronavirus to intrude into organizations' systems by sending phishing emails pretending to contain information about the virus. These emails may contain malicious content that drops malware on to the victim’s computer.
An organization must create awareness to their employees about such attacks and ask them to verify the email sender address, not to clink the links and to report any suspicious acts to the cybersecurity personals immediately
- Risk’s associated with employees working from home:
As a part of Corona preventive measure, most of the organizations are allowing their employees to work from home. Home networks are often the most easiest way for the intruders to corrupt the organizations network. All the employees must be asked to access organization data only through the VPN recommended by their security teams.
AI and ML are felicitating Attackers:
Today most of the cybercrimes reported across the world are carried out by bots and are automated, highly sophisticated, and more complex. So it is clear that the cybercriminals are weaponizing digital technology, abusing IoT devices to produce massive attacks at a scale which becomes difficult to tackle
AI and ML allow organizations with disruption detection models, defensive responses, this helps them in mitigating the threat even before it attacks. In response, the malware attackers are creating machine learning models for finding new vulnerabilities that can escape from any AI-based firewalls.
- Machine learning models for Phishing Attackers still use Phishing for distributing Ransomware, but now by using advanced machine learning models which can draft most convincing fake emails that pretend as human-composed mail. Hackers are developing these models with the right “training data” about the target, with this the hacker job is done. Now the bots take control, these bots can create thousands of malware loaded emails within no time. These bots also have the intelligence of finding the right message, tone, and subject and send emails much like a human. These types of AI-enabled emails can easily evade spam filters.
- Hidden attacks: With AI and ML models, hackers are being successful in evading an organization's security measures by creating destructive hacks that are less visible. Today IoT is everywhere and not every user of IoT is a security professional, thereby it is very much easier for the bots to high-jack IoT endpoints and manipulate data and infect the entire system and still remain undetected.
Distributed Denial of Service (DDoS) attack
In today’s modern business landscape the number of Denial of Service (DoS) attacks is exponentially growing – both in frequency and intensity and these kind of attacks may surge in 2021.
A Denial of Service (DoS) attack is something that a cyber-attacker intends to disrupt the legitimate users’ (i.e. employees, members, or account holders) access to a server or a website resource, by flooding it with malicious traffic or by sending data that triggers a crash.
In DoS attacks, an attacker uses a network of hijacked computers. This network is used to flood the target site with phony server requests, leaving no bandwidth for legitimate users.
Ransomware Attacks in 2020-2021
Top Ransomware attacks that threaten the organisations in 2020 and 2021
- REvil Ransomware: is the top most ransomware for the year 2020-21. It is a file encryption virus that infiltrates into the system and encrypts all the files and demands money from the victim and they are forced to pay the money via bitcoins. The attackers will double the ransom rate if the victim doesn’t stick to the timeline for clearing the payment.
- Sodinokibi Ransomware: also known as Sodin, is a type of REvil ransomware. It first spread in 2019, using a zero-day vulnerability in the servers of Oracle Weblogic. This vulnerability was later fixed, but the attackers made use of software installers to spread Sodin. Sodinokibi ransomware has a configurable structure, due to which it can process the following things, when activated:
- Making use of CVE-2018-8453 weakness to expand one’s authorization.
- Encrypting mobile or web drivers that have not yet been taken to the whitelist.
- Averting resource conflict by concluding blacklisted projects.
- Deleting files that are in the blacklist.
- Transferring the system data to the attacker that belongs to the target.
- Nemty Ransomware: is different from other ransomware, it acts like a ransomware service. It was a version of RaaS (Ransomware as a Service), here the clients where able to spread these versions in their preferred way. Phishing emails where widely used to spread this malware. When the victim is infected with Nemty, they had to pay 30% of the ransom to the Nemty developers and remaining to the clients
- Nephilim Ransomware: As per cybersecurity researchers, Nephilim Ransomware is just like Nemty, as they both have similar resource codes, design and attitude. They both threatened the victims to pay ransom, else they would publish the sensitive data. This type of ransomware was largely found in large scale industries, the attackers managed to encrypt victims’ data by using the vulnerability of a remote desktop network and VPN.
- NetWalker Ransomware: is one of the modern variations of the ransomware, also known as Mailto. NetWalker-using attackers, majorly targeted the remote working employees, Governmental agencies, corporations and healthcare organisations. In the list of 2020-2021 Ransomware attacks, NetWalker is one of the most destructive malicious software. NetWalker encrypts all Windows devices. It uses a configuration including ransom note and file names. Cybersecurity researchers, have identified that NetWalker follows two different ways to attack. One through Phishing mails about Coronavirus and the other through executable files that spread through networks.