SlideShare a Scribd company logo

Top 9 Cybersecurity Threats in 2021: Ransomware, BEC, Supply Chain Attacks

K
Krishna N

cyber

Technology
1 of 9
Download to read offline
Powered by EDX LABS TOP 9 CYBERSECURITY THreats FOR 2021 Banks See Billion-Dollar CYBER COSTS SOARING EVEN HIGHER IN 2021 - - Bloomberg THE CYBER FORECAST 70% of Organisations to INCREASE CYBERSECURITY SPENDING Following COVID-19 Impact - learnbonds https://learnbonds.com/news/almost-70-of-major-organisations-to-increase-cybersecurity-spending-following-coronavirus-outbreak/ipsum https://ww- w.bloomberg.com/news/arti- cles/2020-11-24/banks-see- billion-dollar-cyber-costs-so aring-even-higher-in-2021 https://learnbonds.com/news/ almost-70-of-major-organisati ons-to-increase-cybersecurity -spending-following-coronavi rus-outbreak/
The most recent ‘SolarWinds’ breach, a large scale supply chain attack continues to be unchartered territory where the full impact is still unknown. As in the past, empirical evidence from global cybersecurity incidents reveal a substantial increase in hacked and breached data. As the attack surface of organizations continue to grow with increased adoption of the cloud and third party vendors, more complexity has been added with increased usage of mobile and IoT devices in the workplace and at home. A big contributing factor is also increasing work from home and greater employee independence. Cybercrime Statistics of business leaders feel their cybersecurity risks are increasing. 68% CYBER FORECAST REPORT 2021 | © CTM360 Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds. 71% of breaches were financially motivated, & 25% were motivated by espionage. If it were measured as a country, then cybercrime which is predicted to inflict damages totaling globally in 2021 would be the world’s third-largest economy after the U.S. and China. $6 trillion Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015. Cybercrime spend include but are not limited to damage and destruction of data, stolen money, stolen intellectual property & personal data, embezzlement, post-attack disruption, restoration and deletion of hacked data and systems, and reputational harm. Despite increasing investment in cybersecurity globally, cybersecurity losses continue to rise exponentially. The worldwide information security market is forecasted to reach $170.4 billion in 2022. 52% of breaches featured hacking, 28% involved Malware, and 32–33% included Phishing or Social Engineering, respectively. https://cybersecurityventures.co m/cybercrime-damage-costs-10-t rillion-by-2025/ - Cybersecurity Ventures https://ung.edu/continuing-educatio n/news-and-media/cybersecurity.php https://enterprise.verizon.com/en-gb/resources/reports/dbir/ - Verizon https://www.gartner.com/en/documents/3889055 - Gartner - University of Maryland https://enterprise.verizon.com/en-gb/resourc - Verizon - Accenture Technology advancements and disruptive ideas have forced organizations to embrace digital transformation; COVID-19 has only accelerated the same. Many organizations were not adequately prepared and this resulted in new challenges for the Cybersecurity industry during 2020. Looking forward at the cyber threat landscape of 2021, CTM360 sheds light on the Top 9 threats expected to stand out during the year.
In ransomware attacks, cybercriminals steal or encrypt an organization’s information and demand a ransom. If the organization refuses to pay, attackers threaten to publicly release or permanently delete the data, which forces the organization to choose between settling a large ransom or bearing the large scale reputational and financial loss. Global research predicts that businesses will fall victim to ransomware attacks every 11 seconds in 2021 compared to every 14 seconds in 2019. One of the leading causes of this surge is that businesses have less tolerance for downtime with remote work. The lack of cybersecurity governance over remote work motivates threat actors further. It is increasingly common for breached organizations to pay ransom instead of the far more expensive post- attack remediation cost to avoid prolonged downtime, regulatory oversight, and minimize reputational damage in the public. The success of ransomware attacks encourages cybercriminals to continue this practice. CYBER FORECAST REPORT 2021 | © CTM360 1 Spike in ransomware Attacks “The average downtime due to a Ransomware attack was 19 days in Q3 of 2020 compared to 12.1 days in Q3 2019.” “In 2019-2020, the average global cost to remediate a Ransomware attack was $761,106.” THE ESTIMATED COST OF RANSOMWARE TO BUSINESSES WILL TOP $20 BILLION IN THE UPCOMING YEAR WITH AN AVERAGE ATTACK COSTING OVER $4 MILLION. “The average cost of downtime is 24 times higher than the average ransom amount.” Ref: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/ https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report - Coveware https://www.sophos.com/en-us/mediali- brary/Gated-As- sets/white-papers/sophos-the-state-of-r ansomware-2020-wp.pdf - Sophos https://www.datto.com/resources/dattos-global-state-of-the-channel-ransomware-report - Datto
Business Email Compromise (BEC) is one of the most financially damaging online crimes. It exploits the fact that most organizations rely on email to conduct business. In a BEC scam, cyber-criminals send an email that appears to come from a legitimate source. After active reconnaissance on the victim’s mailbox, these emails are sent to make financial requests that are timed perfectly and appear legitimate. BEC can be carried out using numerous tactics and techniques. One of the popular approaches is executive impersonation, also known as CXO Fraud. Business Email Compromise “$44,000 – the average cost for a Business Email Compromise hack.” Beyond banking, finance, insurance and healthcare sectors, it is noted that online delivery services were highly targeted in 2020. Amazon and DHL were two of the most impersonated brands in 2020. It is expected that similar courier and delivery scams will increase in 2021. Brand oriented attack types also serve as launchpads for spear phishing and social engineering attacks. Brand Abuse 3 2 In this scenario, the scammer assumes the personality of a high ranking executive. This tactic gives the victim a sense of urgency and persuades them to make the requested funds transfer/data disclosure with less probability of questioning the matter. One of the increasing trends to counter BEC is the correct implementation of DMARC, especially in financially sensitive sectors. Increased staff awareness and training is a high-value investment to avoid BEC. “83% of Spear Phishing Attacks Involve Brand Impersonation.” CYBER FORECAST REPORT 2021 | © CTM360 The modern organization is evolving rapidly with increased cloud adoption and a greater digital presence. Accelerated by the pandemic, a majority of infrastructure and services have shifted online. Organizations are more focused on their online presence and are relying on it to conduct business. Brand abuse and brand impersonation will see a huge spike in the coming year as people rely more and more on online services. There has been a spike in BEC Fraud cases, increasing by 15% from Q2 to Q3 of 2020 - Abnormal Security Ref: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes - Verizon https://www.barracuda.com/spe ar-phishing-report - Barracuda These attacks include impersonation on social media, job scams, next of kin scams, investment scams, fake news, and even to launch malware. With such a high variety of attack types, a new industry category dubbed Digital Risk Protection is rapidly evolving.
CYBER FORECAST REPORT 2021 | © CTM360 With increasing remote activity, many organizations have been implementing Remote Desktop Protocol (RDP) & Virtual Private Networking (VPN) to allow access to corporate data and servers off-site. Although RDP is already one of the most commonly attacked services online, the next year is expected to see a further spike in exploitation of RDP, VPN, and other remote services. Attacks on RDP/VPN 5 Despite the additional security layer that VPN provides, cybercriminals view VPN as an open gateway into an organization’s entire network if access is achievable. As data breaches increase, cybercriminals have an abundance of leaked credentials paired with exploits and brute force opportunities; thus almost doubling the attacks against RDP, VPN, and remote connection servers in 2021. Supply chain attacks are cyber attacks that compromise a target organization by penetrating a third party vendor of software package instead of the organization itself. This style of attack proves especially lucrative to attackers for several reasons; a breach on one vendor creates a ripple effect which can have a much higher impact on all organizations downstream. During 2020, there has been an increased reliance on third parties to counter limited business and engineering resources. In addition, threats are often overlooked as organizations tend to trust the vendors they use in day to day business. “63% of all cyber-attacks could be traced either directly or indirectly to third parties.” 4 The biggest supply chain attack of 2020 was the SolarWinds hack where attackers pushed malicious code as part of an update package of the Orion software. This affected 18000+ customers of SolarWinds which including Microsoft, Cisco, Intel, and multiple US government agencies. In 2020, experts have warned of a 430% increase in supply chain attacks targeting open-source tools used across industries. These figures are expected to increase further in 2021 as organizations are deploying more third-party services and tools to facilitate their operations. Supply Chain Attack Usually IT vendors or small businesses are the perfect entry point for hackers since they lack security controls. Organizations should evaluate the cybersecurity posture of all their third-party vendors to eliminate the risk of supply chain attacks. Ref:https://www.csoonline.com/article/3542895/attacks-against-internet-exposed-rdp-servers-surging-during-covid-19-pandemic.html Ref: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12 https://www.pwc.com/us/en/service s/consulting/cybersecurity-privacy-f orensics.html - PwC https://www.zdnet.com/article/kasper sky-rdp-brute-force-attacks-have-go ne-up-since-start-of-covid-19/ “RDP Brute-force Attacks grew 400% in March and April alone.” - Kaspersky
This risk gives rise to 3 major challenges. • Employees do not have adequate skills and knowledge in cloud security and hence it leaves an open door for hackers. • The current security frameworks lack adequate mapping to implement security measures on cloud services and this exponentially increases the risk. • Exposure of mission critical or corporate data left exposed on the internet for attackers to access. The most common misconfiguration is over-privileged user accounts. When attackers gain access to an associated identity with broad privileged permis- sions, they can abuse those permissions maliciously. Data Breaches on Cloud-based Infrastructure and Services “82% of cloud users have experienced security events caused by confusion over who is responsible to secure the implementations.” 6 CYBER FORECAST REPORT 2021 | © CTM360 Cloud adoption has its own challenges. Organizations are expected to implement their own cybersecurity infrastructure and configure them adequately to secure themselves. Infrastructure as a Service (IaaS) vendors typically have a shared security services model. Subsequently, misconfigurations may lead to data breaches and exposure of sensitive corporate information; this is a high risk. “Errors caused 22% of Data Breaches.” "Number of records exposed reaches a staggering 36 billion in 2020." https://www.riskbasedsecurity.com/ 2020/10/29/new-research-number- of-records-exposed-reaches-stagg ering-36-billion/ - Risk Based Security https://enterprise.verizon.co m/resources/reports/dbir/ - Verizon https://www.oracle.com/a/ocom/docs/dc/final-o racle-and-kpmg-cloud-threat-report-2019.pdf - Oracle and KPMG
CYBER FORECAST REPORT 2021 | © CTM360 Employees working from home use devices that aren’t patched, managed, or secured by the corporate IT department. This gives hackers an entry point into the network that bypasses the perimeter security. Sensitive company data is being stored on these devices, further increasing the risk of data breaches. Additionally, the majority of people do not manage the default settings of their home router which leaves an entry point for hackers to access the network and confidential data. Moreover they may have many IoT devices within their home network with inadequate security controls which can also prove to be a threat. Targeted threats leveraging remote work “In corporate contexts, decision-makers are aware of the issue: 83% of them said that their organization was at risk from Mobile Threats and 86% agreed that Mobile Threats are growing faster than others.” 8 New security challenges are brought on by the rapid deployment of tools, technologies, and processes that enable people to work remotely. The shift in working practices, associated devices, and locations makes it far easier for these types of threats to go unnoticed. The rapid increase of mobile devices widens the organization’s potential attack surface. This threat is further amplified by the associated rise in cloud adoption and the short-term ‘Use Your Own Device’ (UYOD) policies that many organizations adopted to overcome remote work challenges. With the current rise in remote work, development teams are often scattered, working remotely and sharing code via online repositories. Data exposure risks will subsequently increase with limited security governance and lack of practical controls. Data Exposure on Code Repositories 7 Developers routinely use code repositories such as GitHub to back up, share, and manage changes to code. It is a popular environment for collaborative development by the developer community; however, code repositories are also public by default, which means that anyone can find and access code that has been uploaded to such websites. And all too often, developers forget to remove sensitive data from their code or make the reposito- ries private before uploading them on GitHub. Malicious hackers actively scan and scrape GitHub for leaked passwords, client IDs, secret keys, and API tokens, to name a few, because they know programmers are prone to such oversight. Ref: https://unit42.paloaltonetworks.com/github-data-exposed/ https://unit42.paloaltonetworks.com/github-data-exposed/ “Unit 42 researchers analyzed more than 24,000 public GitHub data uploads via GitHub’s Event API and found thousands of files containing potentially sensitive information, which included: 4109 Configu- ration files, 2464 API keys, 2328 Hardcod- ed username and passwords, 2144 Private key files, 1089 OAuth tokens.” - Palo Alto https://enterprise.verizon.com/resources/reports/2020-msi-report.pdf - Verizon
“More than 60% of Phishing Attacks involve keyloggers.” “A single Spear-Phishing Attack results in an average loss of $1.6 million.” Since its outbreak in March 2020, COVID-19 has been the main headline of news and media outlets. Threat actors recognized this pandemic as the most apparent bait to make their schemes more effective. The use of the COVID-19 pandemic as a theme for phishing campaigns is expected to progress into 2021. Attacks will often coincide with significant events or news, such as a spike in new cases or a new vaccine drug's announcement. Smishing and Vishing attacks are also growing as cybercriminals turn to mediums that are trusted more than email. Smishing is a type of social engineering attack that utilizes SMS text messaging as its medium. Vishing, on the other hand, is conducted via phone calls. There is no current filter or technology where numbers are confirmed as trusted sources, making mobile phone users more vulnerable to these attacks. Phishing, Vishing, and Smishing Attacks “According to Verizon’s 2020 Mobile Security Index, Smishing Attacks have increased from 2 percent to 13 percent in just the past year.” 9 CYBER FORECAST REPORT 2021 | © CTM360 “In Q3 of 2020, APWG detected almost 572,000 unique Phishing websites and observed more than 367,000 unique Phishing email subjects.” There are different variations of these campaigns. For example, impersonating official healthcare entities like the WHO, hospitals, and insurance companies is a prevalent pattern. Another variation that scammers opt for is masking as relief funds and donation campaigns. Other than attacks directly connected to COVID-19, a rise in activity related to the after effects of the pandemic is anticipated. These may include fictitious employment opportunities, investment propositions, threats to online collaboration activities, and various online shopping scams. https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends/ - APWG https://securityboulevard.com/2020/12/staggering-phishing-statistics-in-2020/#:~:text=A%20single%20spear%20phishi ng%20attack,phishing%20attack%20at%20least%20once. -Security Boulevard https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/ - Cofense https://enterprise.verizon.com/resources/reports/mobile-security-index/ - Verizon
To learn more about CTM360, visit: www.ctm360.com | Email: Info@ctm360.com CYBER FORECAST REPORT 2021 | © CTM360 YOUR CYBERSECURITY TEAM IN THE CLOUD CTM360® is a 24 x 7 x 365 Cyber Security subscription service for detecting and responding to cyber threats. Headquartered in the Kingdom of Bahrain, CTM360 specializes in offensive defense and strives to strengthen the security posture by making you harder target in cyberspace.

Recommended

White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022Bernard Marr
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptxIT Company Dubai
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020Agnieszka Guźniczak-Beim
 
True Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessTrue Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessIndusfacePvtLtd
 
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19Alex Smirnoff
 

Recommended

White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022The Five Biggest Cyber Security Trends In 2022
The Five Biggest Cyber Security Trends In 2022Bernard Marr
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cAanchal579958
 
7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptx7 Cybersecurity Statistics You Need to Know in 2023.pptx
7 Cybersecurity Statistics You Need to Know in 2023.pptxIT Company Dubai
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
5 main trends in cyber security for 2020
5 main trends in cyber security for 20205 main trends in cyber security for 2020
5 main trends in cyber security for 2020Agnieszka Guźniczak-Beim
 
True Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessTrue Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessIndusfacePvtLtd
 
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19The Quarantine Report: Cybersecurity Impact Assessment for COVID-19
The Quarantine Report: Cybersecurity Impact Assessment for COVID-19Alex Smirnoff
 
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryWhat Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryCR Group
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021redteamacademypromo
 
Cybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfCybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfYamuna5
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographicGabe Schurman
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017Insights success media and technology pvt ltd
 
2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat Report2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat ReportAlex492583
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...SG Analytics
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
 
seqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfseqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfsatheesh kumar
 
P04-AIDC-NAM-IDC04.pdf
P04-AIDC-NAM-IDC04.pdfP04-AIDC-NAM-IDC04.pdf
P04-AIDC-NAM-IDC04.pdfShyampratapSingh13
 
NME IT Security Survey 2016
NME IT Security Survey 2016 NME IT Security Survey 2016
NME IT Security Survey 2016 CTM360
 
Top cybersecurity trends to adapt in 2022
Top cybersecurity trends to adapt in 2022Top cybersecurity trends to adapt in 2022
Top cybersecurity trends to adapt in 2022Cigniti Technologies Ltd
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosHaltdos
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018Confederation of Indian Industry
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

More Related Content

Similar to Top 9 Cybersecurity Threats in 2021: Ransomware, BEC, Supply Chain Attacks

What Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryWhat Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryCR Group
 
Cybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfCybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfYamuna5
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographicGabe Schurman
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat Report2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat ReportAlex492583
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...SG Analytics
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionCBIZ, Inc.
 
seqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfseqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfsatheesh kumar
 
NME IT Security Survey 2016
NME IT Security Survey 2016 NME IT Security Survey 2016
NME IT Security Survey 2016 CTM360
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosHaltdos
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity PredictionsMatthew Rosenquist
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 

Similar to Top 9 Cybersecurity Threats in 2021: Ransomware, BEC, Supply Chain Attacks (20)

What Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryWhat Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
 
Cyber attacks in 2021
Cyber attacks in 2021Cyber attacks in 2021
Cyber attacks in 2021
 
Cybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdfCybersecurity Predictions For 2022.pdf
Cybersecurity Predictions For 2022.pdf
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Cybersecurity infographic
Cybersecurity infographicCybersecurity infographic
Cybersecurity infographic
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwc
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat Report2022 Sonicwall Cyber Threat Report
2022 Sonicwall Cyber Threat Report
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
Proliferation of Smartphones and Rising Incidents of Cyberattacks are resulti...
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
seqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdfseqrite-prediction-report-2023.pdf
seqrite-prediction-report-2023.pdf
 
P04-AIDC-NAM-IDC04.pdf
P04-AIDC-NAM-IDC04.pdfP04-AIDC-NAM-IDC04.pdf
P04-AIDC-NAM-IDC04.pdf
 
NME IT Security Survey 2016
NME IT Security Survey 2016 NME IT Security Survey 2016
NME IT Security Survey 2016
 
Top cybersecurity trends to adapt in 2022
Top cybersecurity trends to adapt in 2022Top cybersecurity trends to adapt in 2022
Top cybersecurity trends to adapt in 2022
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDos
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Top 9 Cybersecurity Threats in 2021: Ransomware, BEC, Supply Chain Attacks

  • 1. Powered by EDX LABS TOP 9 CYBERSECURITY THreats FOR 2021 Banks See Billion-Dollar CYBER COSTS SOARING EVEN HIGHER IN 2021 - - Bloomberg THE CYBER FORECAST 70% of Organisations to INCREASE CYBERSECURITY SPENDING Following COVID-19 Impact - learnbonds https://learnbonds.com/news/almost-70-of-major-organisations-to-increase-cybersecurity-spending-following-coronavirus-outbreak/ipsum https://ww- w.bloomberg.com/news/arti- cles/2020-11-24/banks-see- billion-dollar-cyber-costs-so aring-even-higher-in-2021 https://learnbonds.com/news/ almost-70-of-major-organisati ons-to-increase-cybersecurity -spending-following-coronavi rus-outbreak/
  • 2. The most recent ‘SolarWinds’ breach, a large scale supply chain attack continues to be unchartered territory where the full impact is still unknown. As in the past, empirical evidence from global cybersecurity incidents reveal a substantial increase in hacked and breached data. As the attack surface of organizations continue to grow with increased adoption of the cloud and third party vendors, more complexity has been added with increased usage of mobile and IoT devices in the workplace and at home. A big contributing factor is also increasing work from home and greater employee independence. Cybercrime Statistics of business leaders feel their cybersecurity risks are increasing. 68% CYBER FORECAST REPORT 2021 | © CTM360 Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds. 71% of breaches were financially motivated, & 25% were motivated by espionage. If it were measured as a country, then cybercrime which is predicted to inflict damages totaling globally in 2021 would be the world’s third-largest economy after the U.S. and China. $6 trillion Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015. Cybercrime spend include but are not limited to damage and destruction of data, stolen money, stolen intellectual property & personal data, embezzlement, post-attack disruption, restoration and deletion of hacked data and systems, and reputational harm. Despite increasing investment in cybersecurity globally, cybersecurity losses continue to rise exponentially. The worldwide information security market is forecasted to reach $170.4 billion in 2022. 52% of breaches featured hacking, 28% involved Malware, and 32–33% included Phishing or Social Engineering, respectively. https://cybersecurityventures.co m/cybercrime-damage-costs-10-t rillion-by-2025/ - Cybersecurity Ventures https://ung.edu/continuing-educatio n/news-and-media/cybersecurity.php https://enterprise.verizon.com/en-gb/resources/reports/dbir/ - Verizon https://www.gartner.com/en/documents/3889055 - Gartner - University of Maryland https://enterprise.verizon.com/en-gb/resourc - Verizon - Accenture Technology advancements and disruptive ideas have forced organizations to embrace digital transformation; COVID-19 has only accelerated the same. Many organizations were not adequately prepared and this resulted in new challenges for the Cybersecurity industry during 2020. Looking forward at the cyber threat landscape of 2021, CTM360 sheds light on the Top 9 threats expected to stand out during the year.
  • 3. In ransomware attacks, cybercriminals steal or encrypt an organization’s information and demand a ransom. If the organization refuses to pay, attackers threaten to publicly release or permanently delete the data, which forces the organization to choose between settling a large ransom or bearing the large scale reputational and financial loss. Global research predicts that businesses will fall victim to ransomware attacks every 11 seconds in 2021 compared to every 14 seconds in 2019. One of the leading causes of this surge is that businesses have less tolerance for downtime with remote work. The lack of cybersecurity governance over remote work motivates threat actors further. It is increasingly common for breached organizations to pay ransom instead of the far more expensive post- attack remediation cost to avoid prolonged downtime, regulatory oversight, and minimize reputational damage in the public. The success of ransomware attacks encourages cybercriminals to continue this practice. CYBER FORECAST REPORT 2021 | © CTM360 1 Spike in ransomware Attacks “The average downtime due to a Ransomware attack was 19 days in Q3 of 2020 compared to 12.1 days in Q3 2019.” “In 2019-2020, the average global cost to remediate a Ransomware attack was $761,106.” THE ESTIMATED COST OF RANSOMWARE TO BUSINESSES WILL TOP $20 BILLION IN THE UPCOMING YEAR WITH AN AVERAGE ATTACK COSTING OVER $4 MILLION. “The average cost of downtime is 24 times higher than the average ransom amount.” Ref: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/ https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report - Coveware https://www.sophos.com/en-us/mediali- brary/Gated-As- sets/white-papers/sophos-the-state-of-r ansomware-2020-wp.pdf - Sophos https://www.datto.com/resources/dattos-global-state-of-the-channel-ransomware-report - Datto
  • 4. Business Email Compromise (BEC) is one of the most financially damaging online crimes. It exploits the fact that most organizations rely on email to conduct business. In a BEC scam, cyber-criminals send an email that appears to come from a legitimate source. After active reconnaissance on the victim’s mailbox, these emails are sent to make financial requests that are timed perfectly and appear legitimate. BEC can be carried out using numerous tactics and techniques. One of the popular approaches is executive impersonation, also known as CXO Fraud. Business Email Compromise “$44,000 – the average cost for a Business Email Compromise hack.” Beyond banking, finance, insurance and healthcare sectors, it is noted that online delivery services were highly targeted in 2020. Amazon and DHL were two of the most impersonated brands in 2020. It is expected that similar courier and delivery scams will increase in 2021. Brand oriented attack types also serve as launchpads for spear phishing and social engineering attacks. Brand Abuse 3 2 In this scenario, the scammer assumes the personality of a high ranking executive. This tactic gives the victim a sense of urgency and persuades them to make the requested funds transfer/data disclosure with less probability of questioning the matter. One of the increasing trends to counter BEC is the correct implementation of DMARC, especially in financially sensitive sectors. Increased staff awareness and training is a high-value investment to avoid BEC. “83% of Spear Phishing Attacks Involve Brand Impersonation.” CYBER FORECAST REPORT 2021 | © CTM360 The modern organization is evolving rapidly with increased cloud adoption and a greater digital presence. Accelerated by the pandemic, a majority of infrastructure and services have shifted online. Organizations are more focused on their online presence and are relying on it to conduct business. Brand abuse and brand impersonation will see a huge spike in the coming year as people rely more and more on online services. There has been a spike in BEC Fraud cases, increasing by 15% from Q2 to Q3 of 2020 - Abnormal Security Ref: https://www.fbi.gov/scams-and-safety/common-scams-and-crimes - Verizon https://www.barracuda.com/spe ar-phishing-report - Barracuda These attacks include impersonation on social media, job scams, next of kin scams, investment scams, fake news, and even to launch malware. With such a high variety of attack types, a new industry category dubbed Digital Risk Protection is rapidly evolving.
  • 5. CYBER FORECAST REPORT 2021 | © CTM360 With increasing remote activity, many organizations have been implementing Remote Desktop Protocol (RDP) & Virtual Private Networking (VPN) to allow access to corporate data and servers off-site. Although RDP is already one of the most commonly attacked services online, the next year is expected to see a further spike in exploitation of RDP, VPN, and other remote services. Attacks on RDP/VPN 5 Despite the additional security layer that VPN provides, cybercriminals view VPN as an open gateway into an organization’s entire network if access is achievable. As data breaches increase, cybercriminals have an abundance of leaked credentials paired with exploits and brute force opportunities; thus almost doubling the attacks against RDP, VPN, and remote connection servers in 2021. Supply chain attacks are cyber attacks that compromise a target organization by penetrating a third party vendor of software package instead of the organization itself. This style of attack proves especially lucrative to attackers for several reasons; a breach on one vendor creates a ripple effect which can have a much higher impact on all organizations downstream. During 2020, there has been an increased reliance on third parties to counter limited business and engineering resources. In addition, threats are often overlooked as organizations tend to trust the vendors they use in day to day business. “63% of all cyber-attacks could be traced either directly or indirectly to third parties.” 4 The biggest supply chain attack of 2020 was the SolarWinds hack where attackers pushed malicious code as part of an update package of the Orion software. This affected 18000+ customers of SolarWinds which including Microsoft, Cisco, Intel, and multiple US government agencies. In 2020, experts have warned of a 430% increase in supply chain attacks targeting open-source tools used across industries. These figures are expected to increase further in 2021 as organizations are deploying more third-party services and tools to facilitate their operations. Supply Chain Attack Usually IT vendors or small businesses are the perfect entry point for hackers since they lack security controls. Organizations should evaluate the cybersecurity posture of all their third-party vendors to eliminate the risk of supply chain attacks. Ref:https://www.csoonline.com/article/3542895/attacks-against-internet-exposed-rdp-servers-surging-during-covid-19-pandemic.html Ref: https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12 https://www.pwc.com/us/en/service s/consulting/cybersecurity-privacy-f orensics.html - PwC https://www.zdnet.com/article/kasper sky-rdp-brute-force-attacks-have-go ne-up-since-start-of-covid-19/ “RDP Brute-force Attacks grew 400% in March and April alone.” - Kaspersky
  • 6. This risk gives rise to 3 major challenges. • Employees do not have adequate skills and knowledge in cloud security and hence it leaves an open door for hackers. • The current security frameworks lack adequate mapping to implement security measures on cloud services and this exponentially increases the risk. • Exposure of mission critical or corporate data left exposed on the internet for attackers to access. The most common misconfiguration is over-privileged user accounts. When attackers gain access to an associated identity with broad privileged permis- sions, they can abuse those permissions maliciously. Data Breaches on Cloud-based Infrastructure and Services “82% of cloud users have experienced security events caused by confusion over who is responsible to secure the implementations.” 6 CYBER FORECAST REPORT 2021 | © CTM360 Cloud adoption has its own challenges. Organizations are expected to implement their own cybersecurity infrastructure and configure them adequately to secure themselves. Infrastructure as a Service (IaaS) vendors typically have a shared security services model. Subsequently, misconfigurations may lead to data breaches and exposure of sensitive corporate information; this is a high risk. “Errors caused 22% of Data Breaches.” "Number of records exposed reaches a staggering 36 billion in 2020." https://www.riskbasedsecurity.com/ 2020/10/29/new-research-number- of-records-exposed-reaches-stagg ering-36-billion/ - Risk Based Security https://enterprise.verizon.co m/resources/reports/dbir/ - Verizon https://www.oracle.com/a/ocom/docs/dc/final-o racle-and-kpmg-cloud-threat-report-2019.pdf - Oracle and KPMG
  • 7. CYBER FORECAST REPORT 2021 | © CTM360 Employees working from home use devices that aren’t patched, managed, or secured by the corporate IT department. This gives hackers an entry point into the network that bypasses the perimeter security. Sensitive company data is being stored on these devices, further increasing the risk of data breaches. Additionally, the majority of people do not manage the default settings of their home router which leaves an entry point for hackers to access the network and confidential data. Moreover they may have many IoT devices within their home network with inadequate security controls which can also prove to be a threat. Targeted threats leveraging remote work “In corporate contexts, decision-makers are aware of the issue: 83% of them said that their organization was at risk from Mobile Threats and 86% agreed that Mobile Threats are growing faster than others.” 8 New security challenges are brought on by the rapid deployment of tools, technologies, and processes that enable people to work remotely. The shift in working practices, associated devices, and locations makes it far easier for these types of threats to go unnoticed. The rapid increase of mobile devices widens the organization’s potential attack surface. This threat is further amplified by the associated rise in cloud adoption and the short-term ‘Use Your Own Device’ (UYOD) policies that many organizations adopted to overcome remote work challenges. With the current rise in remote work, development teams are often scattered, working remotely and sharing code via online repositories. Data exposure risks will subsequently increase with limited security governance and lack of practical controls. Data Exposure on Code Repositories 7 Developers routinely use code repositories such as GitHub to back up, share, and manage changes to code. It is a popular environment for collaborative development by the developer community; however, code repositories are also public by default, which means that anyone can find and access code that has been uploaded to such websites. And all too often, developers forget to remove sensitive data from their code or make the reposito- ries private before uploading them on GitHub. Malicious hackers actively scan and scrape GitHub for leaked passwords, client IDs, secret keys, and API tokens, to name a few, because they know programmers are prone to such oversight. Ref: https://unit42.paloaltonetworks.com/github-data-exposed/ https://unit42.paloaltonetworks.com/github-data-exposed/ “Unit 42 researchers analyzed more than 24,000 public GitHub data uploads via GitHub’s Event API and found thousands of files containing potentially sensitive information, which included: 4109 Configu- ration files, 2464 API keys, 2328 Hardcod- ed username and passwords, 2144 Private key files, 1089 OAuth tokens.” - Palo Alto https://enterprise.verizon.com/resources/reports/2020-msi-report.pdf - Verizon
  • 8. “More than 60% of Phishing Attacks involve keyloggers.” “A single Spear-Phishing Attack results in an average loss of $1.6 million.” Since its outbreak in March 2020, COVID-19 has been the main headline of news and media outlets. Threat actors recognized this pandemic as the most apparent bait to make their schemes more effective. The use of the COVID-19 pandemic as a theme for phishing campaigns is expected to progress into 2021. Attacks will often coincide with significant events or news, such as a spike in new cases or a new vaccine drug's announcement. Smishing and Vishing attacks are also growing as cybercriminals turn to mediums that are trusted more than email. Smishing is a type of social engineering attack that utilizes SMS text messaging as its medium. Vishing, on the other hand, is conducted via phone calls. There is no current filter or technology where numbers are confirmed as trusted sources, making mobile phone users more vulnerable to these attacks. Phishing, Vishing, and Smishing Attacks “According to Verizon’s 2020 Mobile Security Index, Smishing Attacks have increased from 2 percent to 13 percent in just the past year.” 9 CYBER FORECAST REPORT 2021 | © CTM360 “In Q3 of 2020, APWG detected almost 572,000 unique Phishing websites and observed more than 367,000 unique Phishing email subjects.” There are different variations of these campaigns. For example, impersonating official healthcare entities like the WHO, hospitals, and insurance companies is a prevalent pattern. Another variation that scammers opt for is masking as relief funds and donation campaigns. Other than attacks directly connected to COVID-19, a rise in activity related to the after effects of the pandemic is anticipated. These may include fictitious employment opportunities, investment propositions, threats to online collaboration activities, and various online shopping scams. https://www.comparitech.com/vpn/cybersecurity-cyber-crime-statistics-facts-trends/ - APWG https://securityboulevard.com/2020/12/staggering-phishing-statistics-in-2020/#:~:text=A%20single%20spear%20phishi ng%20attack,phishing%20attack%20at%20least%20once. -Security Boulevard https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/ - Cofense https://enterprise.verizon.com/resources/reports/mobile-security-index/ - Verizon
  • 9. To learn more about CTM360, visit: www.ctm360.com | Email: Info@ctm360.com CYBER FORECAST REPORT 2021 | © CTM360 YOUR CYBERSECURITY TEAM IN THE CLOUD CTM360® is a 24 x 7 x 365 Cyber Security subscription service for detecting and responding to cyber threats. Headquartered in the Kingdom of Bahrain, CTM360 specializes in offensive defense and strives to strengthen the security posture by making you harder target in cyberspace.