In this the next of a multi-part report asking about the future of IT in 2021, we look at the specific topics of ransomware and their use of cryptocurrencies.
This is the question we posed: "Having endured the weirdest year any of us could have imagined, what will be different in 2021?"
Joanne Wong, VP International Marketing, LogRhythm isn't confident. "2021 will see malicious hackers carry on unabated. Ransomware became deadly in 2020 with the first patient death case reported in Germany. It is one of the fastest-growing threats in cybersecurity with damages predicted to cost $20 billion globally by 2021.
"Ransomware attacks will get even more aggressive and diversified than ever before with multiple attack vectors. There is an entire industry now dedicated to selling ransomware on the black market (ransomware as a service), which lowers the barrier for criminals to enter, and means more attackers are getting into this very profitable business.
"In addition, ransomware groups are teaming up with other threat actors, with the initial compromise performed by commodity malware and then providing access to a secondary threat actor operating ransomware as a service. Traditional cryptoransomware have simply locked up access to system. We'll also see ransomware attackers also threaten victims with data theft and doxxing."
"Cyber criminals will remain opportunistic, with government and healthcare data in demand," observes Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black. He paints an equally grim picture: "There was significant activity on cybercrime markets and forums in 2020, and we can only expect this trend to continue into the new year, with the increasing trends around initial access brokerage, Ransomware as a Service (RaaS), bulletproof hosting, and a myriad of privacy-centric cryptocurrencies, the underground economy is easier than ever to get involved in.
"This is especially critical now, as many traditional criminal enterprises have been forced to adapt their operations and move online, in much the same way as many legitimate businesses in 2020. As the world continues to battle COVID-19, we'll continue to see a load of private testing data available for sale, as well."
Tyler Reese, Product Manager for PAM at One Identity also points to the concept of Rise of Ransomware-as-a-Service. "Ransomware isn't going to slow down. Instead, we're going to see an increase in less technical criminals leveraging ransomware. 2020 saw a drastic increase in ransomware attacks and many cybercriminals began using new and more sophisticated strains of ransomware.
"For the past several years, social engineering has been the primary attack vector used to breach organizations," Thomas Richards, Principal Consultant at Synopsys suggests. "While we have seen organizations implement increasingly rigorous social engineering testing programs to increase awareness and lower the chances of a successful attack, humans will continue to be a popular target for cyber-criminals. Ransomware attacks will most likely continue to cause havoc for companies as the attackers get more sophisticated in their approach."
Reese adds, "However, even though this trend will continue, there will be a new surge in ransomware-as-a-service as less technical hackers realise the value of ransomware. This surge will be fuelled by the ongoing remote workforce as less secure networks and devices being used in the home allow ransomware to travel from personal devices onto the corporate networks.
Jim Cook, ANZ Regional Director, Attivo Networks observes that "Many organisations may think they have already taken the steps required to avoid such an attack but will still find their systems becoming infected. Attackers will take more sophisticated and aggressive paths to inject their ransomware code into systems and security teams will have to continue to guard against attacks. So-called ransomware 2.0, where attacks are guided by humans rather than automated code, will also continue to increase."
Reese adds, "As more companies get hit, companies will start secretly paying the ransomware to avoid having to publicly announce the attack. As a result, stricter and larger fines from regulatory groups will be enforced as a way to encourage companies to proactively fight ransomware."
Of course, on-prem systems aren't the only target. As the move to the Cloud continues unabated, new and interesting targets are appearing.
Ryan Kalember, EVP Cybersecurity Strategy and Andrew Rose, Resident CISO for EMEA. Proofpoint observe that "Ransomware will adapt to hit cloud repositories (not just OneDrive and SharePoint, but S3 and Azure too)."
They continue, "Ransomware remains the major thing keeping CISOs awake at night. As a proven moneymaker for cybercriminals, it was only a matter of time before the major ransomware crews developed new extortion methods, notably the threat of leaking stolen information.
"In 2021, following the rapid acceleration of cloud adoption (driven by the COVID-19 pandemic) we expect ransomware attacks will also drift toward the cloud. Many firms now house substantial portions of their sensitive data in external, cloud-based repositories and these data stores are often less visible to the security function —and often not as secured or backed up in a way that adversaries can't also encrypt. In 2021, security professionals can expect to see ransomware increasingly target cloud storage to maximize impact and increase leverage to boost profits."
But, it gets worse… Kalember and Rose also see that "We will see increased collaboration and interaction between cybercriminal groups, playing to their strengths.
"The three most utilized paths to profit used by cybercriminals are BEC, email account compromise (EAC), and ransomware. Many actors who specialize in BEC and EAC, however, do not tend to serve as initial access brokers for ransomware crews even though they have the necessary access. Similarly, threat actors focused on ransomware do not tend to utilize BEC and EAC attacks.
We expect this to change through 2021 as threat actors increasingly collaborate to create more effective attacks and reap higher profits. For example, we could see firms exploited by EAC attacks, and that access is then subsequently 'sold on' to a different group to deliver ransomware; alternatively that EAC group upskills and starts to leverage commercially available ransomware tools. Watch for more advanced BEC and EAC attacks as well."
Garrett O'Hara Principal Technical Consultant at Mimecast ANZ offers a glimpse of a solution. "What will be different is the attention governments will start to pay to the "cyber problem" and in particular the ransomware problem. Ransomware is no longer just a nuisance. It is no longer a matter of individual citizens not being able to access their holiday photos on their home PC. It is no longer SMBs or retailers going offline for a few days. Now it is critical services and infrastructure. The stories are now about hospitals, energy companies, transport and communications. It is now about whether people live or die, with a large economic impact. Attackers are now state-based, with national interests, often overlapping with attackers purely looking for monetary gain."
O'Hara continues, "Fake domains were used to impersonate not just the attacked org but third-party legal outfits involved in complex M&A. The untamed bucking bronco of ransomware will be matched by the stealthy and calculating lions of hyper-targeted cyber financial attacks - BEC being the obvious go-to but what about stock price manipulation. Are we going to have attacks happen that we don't even realise have happened?"
Of course, the impact of 'work from home' and the constraints it causes offer a new line of attack, as Andrew Slavkovic, Solutions Engineering Manager - ANZ for CyberArk notes. "We also expect to see the emergence of personal ransomware attacks as the blurring of lines between the corporate and personal devices continues at a pace."
Widening the attack surface even further, Jacqueline Jayne, Security Awareness Advocate APAC, KnowBe4 adds, "Ransomware -- "Mobile attacks" - Consumers will see an increase in WhatsApp and SMS fraud. Not only will the number of scams increase, but cybercriminals will become bolder by asking for higher amounts of money and using more forceful and devious techniques to manipulate people into paying."
Foss adds, "Prepare for stronger, more sophisticated ransomware attacks: In 2021, ransomware will increase in terms of escalation as well as the punitive nature of the groups behind these attacks. We will continue to see more nation-state adversaries leveraging ransomware for purely destructive purposes, especially as a means to inflict kinetic damage in the real world.
"The new year will also witness an increase in refactored ransomware, leveraging for denial of service and pure wiping capabilities. For organizations, this means that even if the ransom is paid, they will not be able to decrypt the stolen assets. We'll also see these malicious groups increase double extortion ransomware, where a ransom will need to be paid to not only unlock systems but to also avoid leaking any stolen, sensitive data.
"Additionally, ransomware groups will begin to combine forces (as Kalember and Rose noted earlier). In order to attempt to outsmart security measures, notorious ransomware groups will team together to share resources, data and infrastructure, sharing code and thus further muddying the attribution waters. We'll also see conflicts arise between groups as they differ in 'morals' -- some will continue to go after vulnerable industries like healthcare, where others have promised to stay away due to the nature of the global pandemic."
O'Hara attempts to wrap it all together. "2021 will be different as we see a move from conversation to action. What levers does any government have? Sanctioning countries and cyber gangs and making it illegal to pay a ransom is one option. But play that out in the real world: do we want businesses' doors to close? And how does that work if lives are at risk because a hospital or critical infrastructure has been hit?
"Perhaps governments will look at cryptocurrencies and chop the legs off that monster. But bitcoin is hitting new highs. PayPal and Square's acceptance of Bitcoin payments signals a new respect for cryptocurrencies that goes beyond technophiles and hipster coffee shops. That makes for bad timing to outlaw or regulate cryptocurrencies which would make it harder for tumbled Bitcoins to be the payment of choice for ransomware crews."
Perhaps dismally, O'Hara observes that "There are no easy answers."