Cloud computing, remote work, extortion campaigns, and carpet-bombing attacks will create even more cyber security challenges in 2021, says Marc Wilczek, COO at Link11 GmbH
There have been many cyberattacks over the past year, especially since the start of the COVID-19 pandemic. Cyber-gangs operating as Fancy Bear and the Armada Collective engaged in aggressive DDoS extortion. Municipalities, utilities, and other organizations managing critical infrastructure were particularly targeted. But what can we expect next year? Link11, the European leader in cyber resilience, has five predictions for cybersecurity in 2021:
1. Cloud services will create even more security challenges
Although companies have been using the cloud for years, the growth of business-critical data and services in the cloud is a relatively recent phenomenon. Because of COVID-19, cloud use has further increased, and the trend will continue in 2021. This means that more companies are deploying cloud-native applications that often communicate via APIs. Unfortunately, the interfaces through which personal data, payment data, or measurement data is exchanged are particularly vulnerable to DDoS and bot attacks. The growing number of cloud-based applications and APIs will create even more security challenges for IT teams in 2021 and require a consistent level of security.
2. Remote work is here to stay and so do the security risks
Many organizations have learned about the benefits of remote work due to COVID-19. In 2021, most firms will continue to offer this option to employees. However, while organizations have adjusted their attitude towards remote work, IT teams sometimes can’t cope with the required adjustments, expansion of the IT infrastructure, and related IT security measures. In most companies, the security architecture wasn’t designed to handle a comprehensive remote-work strategy. IT teams will have much to do in the coming months, and IT security itself must also be rethought in the context of remote work arrangements. Defending against attacks using manual intervention is not an option, or only a very time-consuming one for IT employees that work remotely. In the event of an attack, few companies can afford to have that employee drive from home to the office while the attack continues. Security based on automatic attack detection and suppression will likely prove to be much more secure and efficient.
3. Extortion campaigns will increase
As organizations become increasingly dependent on IT, cybercriminals will continue to run blackmail campaigns such as the ones launched last summer by Armada Collective and Fancy Bear. Particularly vulnerable sectors such as hosting, finance, and e-commerce are particularly vulnerable to ransomware and DDoS attacks.
According to new research, between 2015 and 2020, more than 660 million Euros in total losses caused by “external attacks” were reported to the insurance company Allianz Global Corporate & Specialty. Two types of attack stood out: ransomware attacks using malicious encryption of data and networks, and Denial of Service attacks (DDoS).
In 2021, European governments are likely to debate whether cyberattack victims should pay ransom to their attackers. In the United States, this discussion has been ongoing for some time and the government is now imposing fines on companies that transfer ransom money to ransomware attackers or countries on sanctions lists, including Iran, Russian-occupied Crimea, North Korea, and Syria.
4. DDoS attacks will continue to grow in scale
The threat level of DDoS attacks will continue to rise because of digitization and the expansion of corporate networks due to remote work. In particular, the 5G rollout will ensure continual expansion of internet infrastructure. More and more devices will be connected to a faster mobile internet. IoT networks are generally vulnerable and easily hacked. (Think of hacking cars, traffic lights, machines, and cameras, etc.) As IoT growth continues, organizations and individuals will need to implement security measures. Cyber criminals will benefit from poorly secured connected devices and use more bandwidth to carry out large-scale DDoS attacks.
5. There will be more carpet bombing attacks
In 2021, we will see an increase in more sophisticated attacks in the form of carpet bombing. Such attacks don’t attack a single IP address, but the entire network infrastructure across the whole IP range. Hosting providers and ISPs are particularly exposed to these attacks, as we saw during the above-mentioned extortion campaigns.
Carpet bombing involves a large number of individual attacks that simultaneously target an entire subnet or CIDR block with thousands of hosts. As a result, the manipulated data traffic is spread across many attacks and IPs. The data volume of each attack is so small that it remains under the radar of most security solutions and is therefore goes unfiltered. Standard security solutions that monitor only the data volume of individually targeted IPs are insufficient for this type of attack scenario. To identify and filter a carpet-bombing attack, the cumulated data traffic of a network must be monitored.
COVID-19 has caused organizations to evolve the way they work and expand their IT infrastructures. These changes have made organizations more vulnerable. Cybercriminals are taking advantage of this, and I don’t expect it to change in 2021. In light of these developments, all organizations, regardless of size, need to implement sophisticated IT security and comprehensive data protection solutions based on automation, AI, and machine learning. Using this AI- and machine-learning approach to cybersecurity, companies will meet the attackers at the same level or even stay one step ahead them.