When it comes to cybersecurity, Kaspersky’s Global Research and Analysis Team (GReAT) are both a shining spear tip and vibranium shield, keeping organisations safe from malicious cyber attacks. On top of researching and countering threats, the GReAT team also prepare threat reports of advanced persistent threats to share the lay of the land and who, where and what the proverbial bad guys will be doing in the coming year to the cybersecurity community.
“We live in the world that is so mercurial that it is likely that events and processes will happen in the future that we have not been able to grasp just yet. The amount and complexity of changes we have witnessed that have affected the cyberthreat environment could dictate many scenarios for what is to come ahead.” says David Emm, principal security researcher at Kaspersky.
“Furthermore, there are no threat research teams in the world that have full visibility of the operations of APT threat actors. Yes, the world is a chaotic place, but our previous experience shows that we have been able to anticipate many APT developments before, and hence prepare for them better. We will continue to follow this path, understanding the tactics and methods behind APT campaigns and activities, sharing the insights we learn and evaluating the impact these targeted campaigns have. What matters here is to follow the situation closely and always be ready to react, and we are confident in doing so,” adds David.
Here’s the Kaspersky Advanced Persistent Threat (APT) round-up for 2021 where they share a bird’s eye view of industry and technology threat predictions for the coming year. Here’s this year’s predictions which were made in the tail-end of 2019.
Kaspersky Advanced Persistent Threat Predictions for 2021
The threat predictions for 2021 in no particular order are:
Advanced Persistent Threat actors will buy initial network access from cybercriminals According to Kaspersky, threat actors will start leveraging on their connections and take advantage of stolen credentials to execute cyber attacks. Organisations should pay attention to generic malware and perform basic incident response activities on each compromised device to ensure that it isn’t the harbinger of a more sophisticated threat.
More countries using legal indictments as part of their cyber-strategy. Kaspersky’s previous predictions of ‘naming and shaming’ of APT attacks carried out by hostile parties has come true, and more organizations will follow suit. Exposing toolsets of APT groups carried out at the governmental level will drive more states to do the same, thereby hurting actors’ activities and developments by burning the existing toolsets of their opponents in an effort to retaliate.
More Silicon Valley companies will take action against zero-day brokers. Following the scandalous cases where zero-day vulnerabilities in popular apps were exploited for espionage on a variety of different targets, more Silicon Valley corporations are likely to take a stance against zero-day brokers in an effort to protect their customers and reputation.
Increased targeting of network appliances. With remote work, organisational security has become an increased priority, and more interest towards exploiting network appliances such as VPN gateways will emerge. Harvesting credentials to access corporate VPNs via ‘vishing’ remote workers may also appear as a potential threat.
Demanding money “with menaces”. Changes in ransomware gangs’ strategy are leading to the consolidation of a still diverse but rather tight ransomware eco-system. Following the success of previous targeted attack strategies, more major ransomware players will start focusing their activities and obtaining APT-like capabilities – with the money the gangs have extorted they will be able to invest large funds into new advanced toolsets with budgets comparable to that of some of the state-sponsored APT groups.
More disruptive attacks will result from a directed orchestrated attack designed to affect critical infrastructure or collateral damage—as our lives have become even more dependent on technology with a much wider attack surface than ever before.
The emergence of 5G vulnerabilities. As adoption of this technology increases, and more devices become dependent on the connectivity it provides, attackers will have a greater incentive to look for vulnerabilities that they can exploit.
Attackers will continue to exploit the COVID-19 pandemic. While it did not prompt changes in tactics, techniques and procedures of the threat actors, the virus has become a persistent topic of interest. As the pandemic will continue into 2021, threat actors will not stop exploiting this topic to gain a foothold in target systems.
For a more comprehensive and detailed report on advanced persistent threat predictions for 2021, check out Kaspersky’s full-sized feature at https://securelist.com/apt-predictions-for-2021/99387/
[Material courtesy of Kaspersky]