I just wanted to wish everybody out there a very Merry Christmas (albeit a belated one)!!! It’s hard to believe that next weekend will be the start of 2021. Well, as we continue to wrap up the final weekend of 2020, we continue with what is expected to be some of the top Cyber threat variants coming into the New Year.
As I mentioned before, I did not just a general, laundry list of items, rather I tried to bring to you several of these potential attack vectors and go into them into more detail.
So what is next now, you may be wondering? Well, it is going to be about Email. Yes, this communication mechanism has been around with us for who knows long (maybe going back all the way to the days of APRANET)?
This is a tool that we take for granted day in and day out, and we don’t realize this until something happens to it. But then again, there are other means of communication that we have at our disposal as well.
Email has also been primarily the vehicle that has been used the most in order to deliver malicious payloads, going all the way from Phishing to Social Engineering attacks. So with all of this mind, here is what is predicted as to how Email will be used for nefarious purposes:
*External, third parties will be targeted:
2020 was the year in which the Cyberattacker launched their attacks onto the C-Suite and lower ranking employees on the totem pole. This all took place in the form of what are known as “Business Email Compromise” (or “BEC”) attacks. In this scenario, an administrative assistant would typically get an authentic looking Email from her boss (which would most typically be the CEO of the company), asking him or her to send out, or wire money in order to fulfill the terms of a contract. Of course, the Cyberattacker would use also other means as well, such as the tactics that are involved with Social Engineering. After the money was sent out, it would go to a phony, overseas bank account, never to be recovered again (well, at the least the chances of it would be low, if at best). But forget the CEO. It is now expected that the Cyberattacker will start to go after the external, third parties that other companies use in order to accomplish their business process tasks. Why is this the case? Well, it is these vendors that have access to all of the Personal Identifiable Information (PII) datasets that one could ever hope for, because the companies that hire them out often share this. Very often, these external, third parties are not up to snuff with security measures, so they make an easy and ripe target to be had. After all, why just go after a handful of names, when all you can do is target of these vendors, and get hundreds upon hundred of valuable PII datasets, right???
*The lifespan of a Phishing Attack will dramatically decrease:
To give you some time reference to this, back in 2018, the average Phishing attack just lasted about two days or so (to be exact, it was 2.1 days). In 2020, it only lasted about 12 hours. In 2021, it is expected that this will probably drop to just one hour. This is at least according to the research that was conducted by Darktrace. More information about this can be seen here at this link:
Believe it or not, the catalyst for this has been the COVID19 pandemic. When this started, Cyberattackers were buying domains all over the place in bulk. This was done in an attempt to cover their tracks as they put up phony COVID19 websites. Plus, there also has been a huge explosion in the sheer amount of new domain TLDs that have been coming out. So put these two together, and you have the perfect storm brewing for very short-lived Phishing attacks in 2021. So as you get one Phishing Email, it is quite possible that you may get a different one with a different domain from the same Cyberattacker in just a matter of a few minutes. This will make things only worse for the IT Security teams in trying to filter out the real threats from the false ones. Also, this will make it a lot easier for multiple Phishing attacks to happen, because a freshly minted domain will not have been blacklisted yet.
*False information will continue to mushroom:
As far as possible as I try to remain apolitical, I cannot here. We have seen this being inundated to the American public with the current Presidential Administration. It’s hard to tell what real news from the fake news is. So as it relates to Cybersecurity, you will see in 2021 just how misinformation will quickly spread. We are right now living through a period of time in which the levels and angst of the American people are at all time highs. Cyberattackers all over the world are fully aware of this and will play upon this level of fear in order to target their victims. In other words, attacks will become more like “one-offs”. Take the COVID19 vaccine for example. There are already phony websites and Phishing Emails telling people where they can buy their vaccine from. Of course we know, the rollout of this has just barely started here in the United States. But all a Cyberattacker has to do is take one heisted domain, send out a few hundred Phishing Emails in order to lure their victims into getting vaccinated. Once they have done that, they can then take this website down and put a new, phony one in just a matter of a few minutes in order to snare in a fresh batch of victims. To make matters even worse, there are both website and Phishing templates that are available on the Dark Web to serve just this very purpose, for just pennies on the dollar.
*Ransomware could decrease:
I have seen mixed predictions on this one. One group of pundits say that it will get worse and more targeted for the healthcare and educational sectors. But now, there is a group of them claiming that it will actually go down in 2021. Why is this, you may also be asking? Well, as the Remote Workforce starts to get a long term and permanent foothold here in Corporate America, there is now a massive migration to move On Premises Infrastructures to a Cloud based platform, such as that of the AWS or Microsoft Azure. So, rather than just locking up many devices all at once, why not go after the jugular and lock off the entire Cloud based infrastructure of a company? While these juggernaut Cloud Providers do provide a robust set of set security tools that can be implemented in just a matter of a short period of time, companies very often do not make use of them, and also, they configure the settings very poorly (a prime example of this are the AWS S3 buckets – these have been a source of Cyberattacks, primarily because of misconfigured settings). This gives a great entrance point to the Cyberattacker, and from there, they can move in a lateral fashion wherever it will take them.
My Thoughts On This:
The use of Email to launch and deploy Cyberattacks will always be a much-favored vehicle in order to deploy the malicious payload. It just all goes back to the same theme: The oldest of the threat variants are there and will continue to be for a very long time. It’s just that newer variants of it are coming out, as Cyberattackers are becoming much more sophisticated.
It’s like building a better mousetrap. So, how can you stay safe? I could rattle off a huge laundry list of items that you can do, but a simple Google search on this topic will serve the same purpose. Instead, my view has and always will be: Trust your gut.
If it does not feel right or is too good to be true, then it is probably is. So as it translates down to Email attacks, just delete, lie you would get a phony text message or Robocall. Only respond to it if you are expecting it, or you know the person. It if it is important enough, they will contact you again.
Stay safe out there, especially before and on New Year’s Day!!!