Depending on who you talk to, ransomware seemed to be the popular topic of discussion among security vendors. Emsisoft estimates that ransomware attackers collectively took in US$25 billion in 2019. The company says this comes from 452,151 reported cases. FutureCIO suspects the number is way bigger than this.
A Barracuda Networks report in 2020 indicated that 51% of organisations in Asia Pacific have already had at least one data breach or cybersecurity incident since shifting to a remote working model.
FutureCIO spoke to Chester Wisniewski, principal research scientist at Sophos for his take on the cybersecurity landscape.
Trending in 2020 (and beyond)
He started the podchat with an acknowledgement of two types of skills among cybercriminals. Those who use their knowledge of the dark web to purchase toolkits that they can use to attack unsuspecting users. The more skilled professionals perform sophisticated attacks that net them millions.
Asked about the escalating nature of the cybersecurity warfare, he commented that some internal security and IT professionals may be getting complacent increasingly dependent on tools. Some attacks are now the mere precursor to even bigger, more sophisticated attacks that will come later.
“There's been a really big shift in needing to consider those kinds of commodity malware infections as just the beginning of an incident – where you start to hunt the attacker that's on your network as opposed to considering that as the end of the incident because you think it's been blocked,” he elaborated.
Perhaps a more dangerous trend he cited is the use of the same legitimate tools used by security teams now being used by cybercriminals against the enterprise. He akin this to a kitchen knife – it can be used for chopping vegetables in the preparation of meals, or to harm someone.
“Using legitimate tools like PowerShell can be abused. If you deploy patches using Microsoft System Center Configuration Manager (SCCM), for example, and somehow the cybercriminal have gained access to your network, they can use the same SCCM tool to deploy malware when they get onto the network,” he explained.
Biggest learning in 2020
He acknowledged being impressed by the ability of IT teams to respond to the COVID-19 pandemic. While he conceded that there were failings, he also noted the successes.
Based in Canada, he relayed comments from customers the Sophos team in Asia-Pacific interacted with – about being forced to re-evaluate budgets and where resources are being directed.
“Many use the work from home situation as an opportunity to launch themselves in new directions that are more secure. Many took the money earmarked for VPN and invested these toward moving the organisation to zero trust,” he commented.
Predictions for 2021
He worries about a recurring trend where cybercriminals are becoming specialists. There will be specialists who focus on sending malicious emails, others gaining initial access to a victim, or someone specialising on deploying malware, and even someone whose speciality is negotiating ransoms demands.
He sees the beginnings of the creation of an assembly line for cybercrime.
“We are seeing the same attack chain being built up now, particularly around ransomware, and that could make the ransomware operators much more efficient in 2021 and dramatically increase the number of victims because right now there's a lot of manual work involved in these high dollar ransoms which means each ransomware group may only be able to attack 10 victims in a week.
“If they get this process down, working with each other and specializing, that could allow a single ransomware operator to double or triple the number of attacks they can conduct in the same period of time,” he concluded.
Click on the podcast player above to listen to Wisniewski provide a detailed perspective of the cybersecurity landscape in 2020 and 2021.
- Starting with the Sophos 2021 Threat Report, can you summarize perhaps the top three findings of the report?
- Top 3 security predictions (change to expectation) in 2020 that didn’t happen?
- Top 3 security expectations in 2020 that really did happen and how they went?
- What is the biggest (just one) learning of 2020?
- From a security angle, what can we expect in 2021?
