The year 2021 is finally here, bringing with it the promise of a brighter future — but a long road ahead. In this piece, we’ll dive into five cybersecurity trends that pose significant potential risk in 2021 and offer practical advice to help entities reduce overall risk.

The first quarter of 2021 represents a cybersecurity crossroads. Business owners may be shifting staff back into the office and managing the risks and rewards of remote work at the same time. For malicious actors, this opens a door. From common compromise vectors to new threats, attackers are always looking for ways to escape IT notice, evade defense measures and exploit emerging weaknesses.

Setting the Stage: Cybersecurity Trends in 2020

Some of the threats in 2020 weren’t new. According to data from IBM Security X-Force, for example, one in four attacks remediated as of September 2020 were linked to good old ransomware.

Working from home, meanwhile, offered another approach vector for threat actors and new information security threats emerged. From privileged credential compromise to the use of mixed personal and professional networks, attackers wasted no time in hopping over the lower bars for entry.

IT teams, meanwhile, worked hard to defend potential weak points and cut down on emerging risks by improving identity and access management (IAM), enhancing data encryption and switching to managed services.

Last year’s cybersecurity trends are important to 2021 because they set the stage. Both companies and cyber criminals know the ‘new normal’ of IT at a distance well. So what happens next?

Work-from-home Attacks

The first major cybersecurity trend of 2021 stems from 2020. While WFH isn’t a new threat this year, it’s only a matter of time before attackers compromise multiple, insecure home networks at the same time to manufacture a massive-scale breach of critical systems and services. It makes sense. With many staff using home broadband connections for both personal use and their jobs, the corporate attack surface has increased by a lot.

Solving this problem means doubling down on IAM with tools capable of intelligently analyzing user activity, resource requests and corporate connective habits to allow streamlined sign-in when it’s safe to do so — and require extra authentication if potential problems are detected.

Brute Force Frustrations

Brute-force efforts are also back in fashion. The attackers behind this and other cybersecurity trends recognize the potential of distributed denial-of-service (DDoS) in bringing down corporate networks. The second half of 2020 saw a 12% uptick in DDoS attack efforts, especially those using the simple services delivery protocol (SSDP) and the simple network management protocol (SNMP).

By using botnet swarms, attackers were able to amplify IP requests and overwhelm enterprise networks, in turn slowing response times or entirely sidelining services. SNMP exploits are even more worrisome since this protocol connects and manages common corporate devices, including modems, printers, switches, routers and servers. Compromise of SNMP services puts attackers largely beyond the reach of firewalls and exposes all enterprise services to risk.

To combat DDoS-driven threats in 2021, enterprises need agile, adaptable tools capable of detecting, isolating and remediating distributed attacks as they occur.

Fileless Frameworks

Fileless malware and ransomware attacks will continue to plague entities in 2021. These threats are designed to bypass familiar detection controls and infiltrate key systems by ‘living off the land’ — using approved platforms or software tools that already exist within corporate networks.

This approach allows attackers to get around common detection methods that scan for malicious file attachments or catalog the creation of new files. What’s more, the use of existing system tools means malicious actors don’t have to design their own attack framework. That decreases the time required for malware development. Attackers in 2021 are likely to use fileless malware to compromise service providers rather than specific groups. Afterward, they can use their existing infrastructure to attack downstream clients.

As with many of the other cybersecurity trends listed here, vigilance is key. Enterprises can defend against fileless threats with a Q1 cybersecurity hygiene housecleaning. This focuses on getting software and systems up to date, ensuring security tools are working as intended and deploying effective access controls — such as multifactor authentication (MFA) — to reduce potential risk.

Older Cybersecurity Trends Still Matter

Even as attackers develop new types of threats, old ones such as ransomware, Trojans and botnets are also still around. To face these familiar threats head-on — and emerge relatively unscathed — enterprises must ensure staff have the tools and training they need to spot these attacks ASAP. This starts with training around common compromise vectors such as malicious email attachments and links. It also includes ongoing efforts that help monitor email accounts, remind staff of security standards and notify them automatically if potential threats are detected.

Front Line Phishing

The biggest news story for 2021 is, of course, the COVID-19 vaccine. People are searching for vaccination information, from the current state of the disease to when and where the vaccine is given out to who has been approved to get it. That’s going to affect 2021’s cybersecurity trends. As a result, companies must be prepared for an uptick in related phishing campaigns. These are very dangerous because they interest readers right away.

Attacks taking advantage of this have already been detected. The United Kingdom’s National Health Service recently sent out warnings about fake vaccination appointment emails. IBM X-Force identified a supply-side attack looking to compromise the vaccine cold chain.

The reason for this uptick is simple. Despite how often people talk about them and the continued efforts of enterprise IT, phishing scams still work. They’re even more worrisome during WFH. Workers at home are getting a ton of emails even as pandemic pressures put increasing stress on their personal and work lives. The result isn’t surprising: people fall for phishing.

Combating this common compromise starts with improved identity management. By ensuring only the right people have the right access to the right resources at the right time, entities can lower the risk of getting hooked. It’s also critical to create a culture of second opinions around safety. If staff see something that looks suspicious, they need to say something — and need to be supported in this effort. Bottom line? When it comes to fighting phish, slow and steady wins the race.

Proven Tools for Today’s Cybersecurity Trends

As organizations take their first steps toward a new normal, malicious actors are ramping up their efforts. To combat today’s cybersecurity trends, both emerging compromise vectors and familiar threat frameworks, employers need a plan of attack that combines next year’s tools with tried-and-true best practices.

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today