Cyber-attacks set to become more targeted in 2021, according to HP Inc

HP has released its 2021 predictions on how security threats – such as human-operated ransomware, thread hijacking, unintentional insider threats, business email compromise and whaling attacks – are set to increase in the next 12 months

“Organisations have had a tough 2020, and in Ireland specifically, the financial services and healthcare sectors have been particularly vulnerable to attacks. The shift to remote working has widened the attack surface and made life even more difficult for security teams, meaning the days of the hardened perimeter are behind us. Now, more than ever, organisations need to shift their focus to delivering protection where it is most needed: the endpoint. Over the course of 2020, we have seen hackers become increasingly targeted, while also using sophisticated lures to trick users into engaging in risky behaviours. Over the next 12 months we will see more of the same, with targeted and sophisticated attacks directed at users and endpoints,” comments Gary Tierney, Managing Director at HP Ireland. “Organisations cannot afford to close their eyes and hope for the best in 2021, which is why it’s critical that they adopt a protection-first approach to endpoint security to keep them a step ahead of cybercriminals.”

HP’s cybersecurity experts including – Julia Voo, Global Lead Cybersecurity and Tech Policy; Joanna Burkey, CISO; Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Labs; Dr Ian Pratt, Global Head of Security for Personal Systems; and Alex Holland, Senior Malware Analyst – and experts from HP’s Security Advisory Board – Justine Bone, CEO at MedSec; and Robert Masse, Partner at Deloitte – all gave their predictions for the year ahead.

Weakened organisational security will lead to more unintentional insider threats

The dramatic changes to how we work in 2020 and the shift to remote working will continue to create challenges, says Julia Voo: “COVID-19 has weakened organisational security. Remote access inefficiencies, VPN vulnerabilities and a shortage of staff that can help the business adapt means data is now less secure.” From a cybercriminal’s perspective, the attack surface is widening, creating more opportunities, as Joanna Burkey explains: “We can expect to see hackers identifying and taking advantage of any holes in processes that were created, and still exist after everyone left the office.”

Boris Balacheff points out that this also means that home devices will be under increased pressure: “We have to expect home infrastructure will be increasingly targeted. The scale at which we operate from home increases the incentive for attackers to go after consumer IoT devices and pivot to business devices on the same networks. And as we know, if attackers are successful with destructive attacks on home devices, remote workers won’t get the luxury of having someone from IT turning up at their door to help remediate the problem.”

Burkey also believes there will be more unintentional insider threats: “With employees working remotely, the lines between work and personal equipment are blurred, and innocent actions – such as reading personal email on a company machine – can have serious consequences.” Overall, the pandemic has increased the risk of employees making errors, as Robert Masse explains: “If you view the pandemic as a war experience, then organisations will be dealing with employee burnout. This can lead to an increased risk of errors in judgement.”

Human-operated ransomware attacks will remain an acute threat

Ransomware has become the cybercriminal’s tool of choice, and this is likely to continue in the year ahead, comments Burkey: “What we’ll see is a rise in ransomware-as-service attacks where the threat is no longer the ‘kidnapping’ of data – it’s the public release of the data.”

The rise of ransomware has fueled the growth of an ecosystem of criminal actors who specialise in different capabilities needed to pull off successful attacks. Malware delivered by email, such as Emotet, TrickBot and Dridex, is often a precursor to human-operated ransomware attacks. “To maximize the impact of an attack, threat actors use their access to compromised systems to deepen their foothold into victims’ networks. Many crews use offensive security tools to gain control of a victim’s domain controllers, which are often the best point in a network to deploy ransomware,” explains Dr Ian Pratt.

This trend is of particular concern to those in the public sector, as Alex Holland explains: “The rise of ‘double extortion’ ransomware, where victim data is exfiltrated before being encrypted, will particularly hurt public sector organisations, who process all manner of personally identifiable information. Even if a ransom is paid, there is no guarantee that a threat actor won’t later monetise the stolen data.”

Greater innovation in phishing will see thread hijacking and whaling attacks

In 2021, there will be more innovative phishing lures designed to trick users and make attacks harder to identify. “The most innovative mass phishing technique we see is email thread hijacking, which is used by the Emotet botnet. The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. This data is then used to reply to conversations with messages containing malware, making them appear very convincing,” explains Dr Ian Pratt. We can also expect to see more of these attacks targeting individuals working remotely, says Justine Bone: “Thanks to everything relying on strong authentication, as opposed to in-person presence, there is more opportunity for hackers to engage in social engineering to trick employees into divulging credentials.”

The prospect of continued social isolation has encouraged people to share more personal information online, which cybercriminals can weaponise. “Whaling, a form of highly targeted phishing attack aimed at senior executives, will become more prominent with cybercriminals able to take personal information shared online to build convincing lures leading to business email compromise fraud,” comments Masse. Many of these phishing emails will continue to exploit people through fear, according to Voo. “New fears will be used to drive people to open malicious emails – whether it’s COVID vaccines, financial concerns related to the lockdown and any political instability.”

Hackers will tailor attacks to target specific verticals – in particular, critical infrastructure, pharma and healthcare, Industrial IoT and education

One of the most at-risk verticals in 2021 will be healthcare. “Healthcare has been a perfect target – society depends on it and these organisations are typically under-resourced, change-averse and slow to innovate. Education also fits this criterion and could be another prime target,” says Bone. However, this threat extends beyond hospitals and doctor’s surgeries into more critical areas. “Due to the race to develop a new vaccine, pharmaceutical companies and research facilities will also continue to face adverse risk,” comments Masse.

But the next 12 months will also see other targets come into consideration for hackers. “Carmakers, particularly EV companies, will become bigger targets as they grow in prestige and profitability, and we can also expect to see critical infrastructure and the Industrial Internet of Things continue to be in hackers’ crosshairs,” explains Masse.

Zero trust is here to stay but needs to be implemented in a way that is transparent to the user

Zero trust as a concept isn’t new, but the increase in remote working means that it is now a reality that organizations need to accept. “The traditional ways of securing access to the corporate network, applications and data are no longer fit for purpose. The perimeter has become obsolete. Over the years the workforce has become more dispersed, and SaaS adoption has risen – this means critical data is being hosted outside the enterprise firewall. The time has come for organizations to start protecting against the unknown, which means utilizing zero trust, but in a way that is transparent to the user,” comments Pratt.

COVID-19 will be a key driver behind zero trust adoption and also means we’ll see greater innovation in this area. “Zero trust is the best defensive approach for enabling remote working, but for identity and access management to be seamless it needs to be easy to use. Quality authentication methods are a key enabler of zero trust, which is why technologies such as biometrics will be expected by end-users in the future,” comments Bone.

A new approach to security is needed 

“2020 demonstrated that is has become critical to manage highly distributed endpoint infrastructure,” comments Balacheff. “Organisations need to accept that the future is distributed. Everything from remote workers’ devices to industrial IoT devices has become the new frontlines of the cybersecurity battleground in our increasingly cyber-physical world. To meet this challenge, organisations need to re-think their security architectures and controls and embrace the necessary innovation in technology and processes to help them support this new environment. For example, modern hardware technology exists that can help not only protect but also recover employees remotely and securely in the face of a destructive attack like those we have seen in the last few years.”

“Organisations face a huge security challenge in the year ahead, with cybercriminals becoming savvier about how to extract the most value out of victims,” comments Ian Pratt. “Relying on detection alone will only result in an unsatisfactory outcome for the organisation, so a more architecturally robust approach to security is required; one that builds protection in from the hardware up. Hardware-enforced technologies like micro-virtualisation are transparent to the end-user – this means they can click on email attachments and download files as they normally would, but are safe in the knowledge that if anything is malicious, it is rendered harmless. This protection-first approach leaves hackers with nothing to steal and no way to persist, helping organizations to deal with the variety of threats 2021 and beyond will throw at them.”

More about Irish Tech News and Business Showcase here.
FYI the ROI for you is => Irish Tech News now gets over 1.5 million monthly views, and up to 900k monthly unique visitors, from over 160 countries. We have over 860,000 relevant followers on Twitter on our various accounts & were recently described as Ireland’s leading online tech news site and Ireland’s answer to TechCrunch, so we can offer you a good audience!

Since introducing desktop notifications a short time ago, which notify readers directly in their browser of new articles being published, over 50,000 people have now signed up to receive them ensuring they are instantly kept up to date on all our latest content. Desktop notifications offer a unique method of serving content directly to verified readers and bypass the issue of content getting lost in people’s crowded news feeds.

Drop us a line if you want to be featured, guest post, suggest a possible interview or just let us know what you would like to see more of in our future articles. We’re always open to new and interesting suggestions for informative and different articles.

Contact us, by email, twitter or whatever social media works for you and hopefully, we can share your story too and reach our global audience. We are agile, responsive, quick and talented, we look forward to working with you!

If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at Simon@IrishTechNews.ie or on Twitter: @SimonCocking