Expected Threat Landscape Asia Pacific 2021
2020 was a revelatory year. Remote working insisted many companies instantly evolve their structures as well as their communication and network systems at a breakneck speed. And as many security systems rushed to keep up, cyber thieves took advantage of the gap caused by an ongoing pandemic and a transitioning workforce.
Three cyber threats to watch in 2021
In the first quarter of the year, the COVID-19 pandemic continues to dictate global behaviour. While many organisations continue on the long road towards financial stability, not to mention IT structures working to manage a new stay-at-home workforce, we can expect nefarious players to continue their exploitation of these weaknesses.
“Even as IT teams across the globe have evolved to defend against new methods of attacks, we can expect cyber threats and challenges to continue even in a post-pandemic situation too. Munich Re APAC has reviewed a number of online sources and agrees with the following 2021 predictions,” asserts Harprit Singh Narang, Cyber Risk Specialist at Munich Re APAC.
Based on the past trends and recent evolution, here are the top threats to watch out for in 2021:
- Ransomware will continue to grow and expand in scope
Ransomware attacks on networks, computers and mobile devices will remain the most prevalent cyber risk to the business this year. We have seen additional steps in ransomware gang’s tactics to download internal data before encryption to put additional pressure on victims to pay ransoms. Taking advantage of the remote work landscape, with a reliance on AI and automation as a key tactic to increase the frequency of attacks will be a prominent concern for security teams. “There will be a continued emphasis on double-extortion attacks that leak data online to extort victims, with further use of social media to amplify the pressure on victims. Other tactics could include increased use of distributed denial of service (DDoS) to attack victims and further pressure them to pay,” according to informationsecuritybuzz.com.
- Phishing and Social Engineering as primary threat vectors
Using trusted forms of communication, such as emails, to transport malware will persist in their prevalence. In particular, phishing emails embedded with ransomware, business email compromise (BEC) or other nefarious malware should be expected to continue to increase throughout 2021. Organisations must be diligent in their defence of these attacks, and even though there is no way to completely safeguard against phishing attacks, internal security testing and employee awareness can go a long way in spotting an attack before it begins.
- Business Email Compromise (BEC) remains as major source of loss
Business email compromise (BEC) is the defrauding of organisations by criminals placing themselves in the payment chain of companies through various methods, including social engineering, domain spoofing and account takeover. BEC tactics evolved through 2020, including the targeting of group inboxes with fraudulent instructions to change payment details for a client or vendor. And with the further exploitation of a company’s cloud accounts as well as businesses along their supply chain, BEC is expected to become an even bigger challenge to companies. In fact, threats to companies from BECs could become equivalent to ransomware this year.
How the threats will develop in 2021
There is no doubt that socially engineered attacks will grow in their complexity. The disruption to the working landscape in 2020 due to COVID-19 was a boon to hackers across the globe. As we see progress in regard to vaccines, there still remains high volatility in the logistics of distribution. This is already being exploited by nefarious players and we can expect further evolving methods and increasingly sophisticated approaches from attackers moving forward.
Experts agree that the prominence of social engineering as a cyber weapon-of-choice in 2020 will continue to heavily leverage different aspects of dealing with the pandemic, such as bogus free COVID-19 tests to dupe users into providing a mailing address, phone number and credit card number with the promise to verify their information and qualify for a free COVID-19 testing offer or by impostering a government agency.
In tandem, as one source puts it, “the ‘New Normal’ mode will also be under attack.” The expected transition back to offices could also lead to additional attacks as cyber thieves exploit this second year of a migrating workplace by targeting employees via social engineering methods as well as attempting to hack personal devices such as mobile phones and laptops. The additional vulnerability of employees in a home office environment can be used as a figurative ‘trojan horse’ to bring malware unsuspected into the workplace.