Kaspersky Lab experts shared their vision of how the Advanced Persistent Threats (APTs) landscape will change in 2021. One of the most dangerous trends is the purchasing of malware by APT groups for the primary penetration of a victim’s network.
In 2020, was recorded a large number of targeted ransomware attacks, which began with the fact that attackers were fixed in the system using ordinary, not highly specialized malware.
It has often been linked to clandestine online stores such as Genesis, which sell stolen credentials. Experts believe that attackers will continue to use such schemes for sophisticated targeted campaigns.
Also, experts noted a number of trends that, in their opinion, will prevail next year:
- Governments of different countries will more and more often declare the involvement of a particular group in a particular attack. The disclosure of information about cyber weapons through official channels of government organizations will make it possible more active combating of cyber espionage campaigns, since declassified tools are more difficult to use;
- Silicon Valley companies will follow the lead of WhatsApp, which filed a lawsuit in 2020 over compromised user accounts, and will increasingly prosecute zero-day exploit brokers;
- The number of targeted attacks on network devices will increase: as a result of the global trend for remote work, attackers will focus on exploiting the vulnerabilities of network devices, such as VPN gateways, and will collect user credentials using social engineering methods, such as wishing;
- Ransom threats: Random, targeted attacks in which attackers encrypt the data of a specific organization and demand a large ransom from it will replace accidental attacks with a wide range of potential victims. They will develop sophisticated, expensive tools for such operations;
- attacks will become more destructive: their scale is expanding, as our lives increasingly depend on technology and Internet connection;
- exploitation of vulnerabilities in 5G technology: the more popular it becomes, the more actively attackers will look for bugs in it;
- In addition, sophisticated cyber campaigns will continue to capitalize on the pandemic and use it to infiltrate target systems as COVID-19 will globally affect people’s lives next year.
“The world is changing very quickly and it is impossible to be sure of what will happen tomorrow. The amount and complexity of the changes we have witnessed that affect the threat landscape can lead to a variety of scenarios. We will continue to study the tactics and methods of attackers, share what we have learned, and assess the consequences of targeted attacks that are detected”, — say the experts.
As a result, organizations should pay increased attention to generic malware and perform basic incident response activities on each compromised computer to ensure that generic malware has not been used as a means of deploying more sophisticated threats.
Let me remind you that joint efforts of information security experts from different countries allowed to cope with one of the most serious threats of recent years: 94% of the TrickBot malware infrastructure is shut down, but it is still active.