Already at the beginning of 2021, we can see that malware creators and their clients will take good note of what they have learned to continue refining their routines and business model. This post summarizes some of the malware trends that different specialists in the sector agree on.
Ransomware has been one of the main players in 2020, taking advantage of other threats in the COVID-19 context, while evolving at the same time. The SOPHOS report published in November echoed this development, which is not only based on the technical part (e.g. looking for alternatives to disable backups or minimizing the time of the attack to the extent possible), but is also based on organizational improvements and variations in their business model.
Especially significant is the fact that ransomware groups are beginning to organize themselves and even cooperate. It’s common among malware authors to replicate code with something of interest depending on its purpose. The case of groups cooperating is different, especially among groups seeking to get rich.
Employing the same simile used by SOPHOS, the ransomware groups that used to be more independent are starting to behave more like cybercrime cartels. The theft of data followed by extortion for its publication is already a common practice, the families that use this practice include: Doppelpaymer, REvil, Clop, DarkSide, Netwalker, Ragnar Locker, and Conti. Acronis defined 2021 in its blog as “the year of extortion” and this definition doesn’t seem to be off the mark.
Another curious fact is that there have been several cases of ransomware attacks targeting the video game sector. Lockdown restrictions have allowed this market to increase its profits, and malware authors are seeing another avenue of attack on users of this market.
Kaspersky’s predictions for 2021 mention the increase in attacks on infrastructures and other non-PC devices. Some examples are the extension of the MATA framework by Lazarus, the development of Turla’s Penquin_x64 backdoor, or the attacks on European supercomputers.
We could also say that the natural tendency is to look for persistence mechanisms in firmware, as permitted by one of the TrickBot modules discovered at the end of the year (TrickBoot). These mechanisms, combined with the malware’s own way of operating and its modularization, would allow the malware to be molded to the final platform and make it more resistant to detection.
Along these lines, what also stands out is the use of legitimate Cloud services as part of the attacker’s infrastructure, or the use of red team tools such as CobaltStrike for communication with command and control servers.
Financial institutions remain a designated target of organized crime groups and some sources such as the Financial Review predict that cyber attacks are set to trigger the next crisis for banks. One of the reasons mentioned is the sophistication of the attacks. Kaspersky also warned: there were no high-profile attacks against payment systems during 2020, but banks continue to be in the spotlight. They will have to deal with both targeted attacks and other attacks that affect them tangentially and inevitably affect the economy.
As for vulnerabilities, the natural progression is for them to increase each year, and 2021 will be no different. 2020 came to an end with around 18,000 vulnerabilities collected by the National Vulnerability Database (NVD), and in January alone a group of critical vulnerabilities has already been registered. The problem is that these vulnerabilities help the malware to operate, and expose individuals and companies. In 2021 the trend will continue to rise, mainly due to the unstoppable development of new products and technologies. We don’t know yet how 5G technology will affect this increase.
Source: NVD. https://nvd.nist.gov/general/visualizations/vulnerability-visualizations/cvss-severity-distribution-over-time
Kaspersky’s report also echoes the possible problem of vulnerabilities that will come with 5G, but also the great (media) appeal that managing to effectively attack these networks or services may generate among attackers.
In 2021, nothing seems to indicate that the panorama regarding the escalation of malware cases will change, but rather it will increase. Ransomware will continue to evolve, refining its cross-platform side, and is likely to increasingly affect mobile devices.
Unfortunately, this isn’t something isolated that affects only one type of malware or attack, ATP groups in general will tend to exploit more and more platforms, and new environments such as 5G may be very tempting.
Vulnerability management will play a decisive role in preventing possible attacks, but not if it isn’t accompanied by proper monitoring and the relevant defense mechanisms.
If you want to know futher information about Malware and Online Fraud Trends in 2021 take a look our webinar: Top three online fraud trends 2021.
Submitted by buguroo
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
