The year 2021 is finally here, bringing with it the promise of a brighter future — but a long road ahead. In this piece, we’ll dive into five cybersecurity trends that pose significant potential risk in 2021 and offer practical advice to help entities reduce overall risk.

The first quarter of 2021 represents a cybersecurity crossroads. Business owners may be shifting staff back into the office and managing the risks and rewards of remote work at the same time. For malicious actors, this opens a door. From common compromise vectors to new threats, attackers are always looking for ways to escape IT notice, evade defense measures and exploit emerging weaknesses.

Setting the Stage: Cybersecurity Trends in 2020

Some of the threats in 2020 weren’t new. According to data from IBM Security X-Force, for example, one in four attacks remediated as of September 2020 were linked to good old ransomware.

Working from home, meanwhile, offered another approach vector for threat actors and new information security threats emerged. From privileged credential compromise to the use of mixed personal and professional networks, attackers wasted no time in hopping over the lower bars for entry.

IT teams, meanwhile, worked hard to defend potential weak points and cut down on emerging risks by improving identity and access management (IAM), enhancing data encryption and switching to managed services.

Last year’s cybersecurity trends are important to 2021 because they set the stage. Both companies and cyber criminals know the ‘new normal’ of IT at a distance well. So what happens next?

Work-from-home Attacks

The first major cybersecurity trend of 2021 stems from 2020. While WFH isn’t a new threat this year, it’s only a matter of time before attackers compromise multiple, insecure home networks at the same time to manufacture a massive-scale breach of critical systems and services. It makes sense. With many staff using home broadband connections for both personal use and their jobs, the corporate attack surface has increased by a lot.

Solving this problem means doubling down on IAM with tools capable of intelligently analyzing user activity, resource requests and corporate connective habits to allow streamlined sign-in when it’s safe to do so — and require extra authentication if potential problems are detected.

Brute Force Frustrations

Brute-force efforts are also back in fashion. The attackers behind this and other cybersecurity trends recognize the potential of distributed denial-of-service (DDoS) in bringing down corporate networks. The second half of 2020 saw a 12% uptick in DDoS attack efforts, especially those using the simple services delivery protocol (SSDP) and the simple network management protocol (SNMP).

By using botnet swarms, attackers were able to amplify IP requests and overwhelm enterprise networks, in turn slowing response times or entirely sidelining services. SNMP exploits are even more worrisome since this protocol connects and manages common corporate devices, including modems, printers, switches, routers and servers. Compromise of SNMP services puts attackers largely beyond the reach of firewalls and exposes all enterprise services to risk.

To combat DDoS-driven threats in 2021, enterprises need agile, adaptable tools capable of detecting, isolating and remediating distributed attacks as they occur.

Fileless Frameworks

Fileless malware and ransomware attacks will continue to plague entities in 2021. These threats are designed to bypass familiar detection controls and infiltrate key systems by ‘living off the land’ — using approved platforms or software tools that already exist within corporate networks.

This approach allows attackers to get around common detection methods that scan for malicious file attachments or catalog the creation of new files. What’s more, the use of existing system tools means malicious actors don’t have to design their own attack framework. That decreases the time required for malware development. Attackers in 2021 are likely to use fileless malware to compromise service providers rather than specific groups. Afterward, they can use their existing infrastructure to attack downstream clients.

As with many of the other cybersecurity trends listed here, vigilance is key. Enterprises can defend against fileless threats with a Q1 cybersecurity hygiene housecleaning. This focuses on getting software and systems up to date, ensuring security tools are working as intended and deploying effective access controls — such as multifactor authentication (MFA) — to reduce potential risk.

Older Cybersecurity Trends Still Matter

Even as attackers develop new types of threats, old ones such as ransomware, Trojans and botnets are also still around. To face these familiar threats head-on — and emerge relatively unscathed — enterprises must ensure staff have the tools and training they need to spot these attacks ASAP. This starts with training around common compromise vectors such as malicious email attachments and links. It also includes ongoing efforts that help monitor email accounts, remind staff of security standards and notify them automatically if potential threats are detected.

Front Line Phishing

The biggest news story for 2021 is, of course, the COVID-19 vaccine. People are searching for vaccination information, from the current state of the disease to when and where the vaccine is given out to who has been approved to get it. That’s going to affect 2021’s cybersecurity trends. As a result, companies must be prepared for an uptick in related phishing campaigns. These are very dangerous because they interest readers right away.

Attacks taking advantage of this have already been detected. The United Kingdom’s National Health Service recently sent out warnings about fake vaccination appointment emails. IBM X-Force identified a supply-side attack looking to compromise the vaccine cold chain.

The reason for this uptick is simple. Despite how often people talk about them and the continued efforts of enterprise IT, phishing scams still work. They’re even more worrisome during WFH. Workers at home are getting a ton of emails even as pandemic pressures put increasing stress on their personal and work lives. The result isn’t surprising: people fall for phishing.

Combating this common compromise starts with improved identity management. By ensuring only the right people have the right access to the right resources at the right time, entities can lower the risk of getting hooked. It’s also critical to create a culture of second opinions around safety. If staff see something that looks suspicious, they need to say something — and need to be supported in this effort. Bottom line? When it comes to fighting phish, slow and steady wins the race.

Proven Tools for Today’s Cybersecurity Trends

As organizations take their first steps toward a new normal, malicious actors are ramping up their efforts. To combat today’s cybersecurity trends, both emerging compromise vectors and familiar threat frameworks, employers need a plan of attack that combines next year’s tools with tried-and-true best practices.

More from Application Security

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…