Predicting the future is notoriously precarious. Who would have foreseen a year like 2020? Kaspersky’s Global Research and Analysis Team reflect on this year in cybercrime and deduce what we should expect in 2021.
Leaked patient records and COVID pressures in healthcare
2020 was the year everyone had a vested interest in new medical technologies’ success. Cybercriminals attacked medical devices, hospitals and research institutions, intent on stealing COVID-19 vaccine insights. We also saw the first known directly fatal cyberattack: A patient died because ransomware infection of medical equipment caused care delays. Other cybercrime groups surprised us by ruling out attacking medical institutions.
The cybersecurity community set up CTI League: Experts helping medical organizations respond to cyberthreats. Kaspersky gave healthcare organizations free access to tailored cybersecurity.
In 2021, expect more attacks on COVID-19 vaccine developers attempting to steal critical data that could help other nations get ahead. Private healthcare organizations will further come under attack, as many don’t have the resources to protect valuable patient data.
Stay on track with your goal to stay ahead.
With the transition to cloud computing, we may see patient data leaks from cloud services. Criminals can use personal data in hacked medical records to dupe people into revealing more.
Cybercriminals have learned about industrial networks
Attacks on industrial networks will become more targeted. By watching randomly infected machines, cybercrime groups have learned organizations’ IT setup and know how to exploit it. They can then on-sell network access to more sophisticated cybercrime groups who will take control of finance systems to steal cash.
As many industrial control systems (ICS) use old operating systems, the end of support for systems like Windows 7 creates an exploitable loophole. We could see another significant, multi-industry crime campaign like WannaCry.
Ransomware keeps getting more sophisticated. Cybercrime gangs love industrial companies because they tend to pay the ransom. It’s like cutting off the Hydra’s head: More attacks will follow.
As utilities and government services go through digital transformation they’re more vulnerable to attack. Cybercriminals can use a government service as an entry point into industrial systems to disrupt services like public transport.
In 2020, COVID-19 restrictions on working on-site delayed IT-system upgrades. During an attack, it may be harder for IT admins to regain system control quickly. Basic malware could spread and become more serious. Upgrading endpoint security and training workers are vital.
Online education revolution brought new threats
Education changed abruptly in 2020. 1.5 billion students took classes from home. Educators had to learn new skills, like running a class on Zoom or using TikTok lessons. For those who can access the technology, these new services enhance education. But they come with new threats.
Learning management systems (LMS) like Google Classroom are exploding. And with growth comes cybercrime. We saw a staggering 20,000 percent growth in threats to online learning platforms between 2019 and 2020.
Privacy usually involves getting the user’s consent, but a child can’t easily manage their privacy settings.
Poorly configured learning tools can compromise personal data, even without special tools. Those setting up online education systems must pay close attention to protecting personal information and student data.
Video will keep growing as a learning tool. About 60 percent of teachers use YouTube in the classroom. There’s increased risk of exposure to age-inappropriate content, and new threats like Zoombombing could expose learners to harmful content.
Games like Minecraft are a great way to make learning more interactive but exposes students to risks like cyberbullying, trolls and malicious files. Teachers must moderate content in their learning management systems, but with the popularity of social platforms and games for pupil engagement, the challenge has leveled-up.
Poverty driving more financial cybercrime in 2021
In 2021, financial companies became less secure thanks to due hastily deployed remote working solutions. Some bought retail laptops that didn’t match the security standards of the organization. Limited employee training, default configurations and remote access all contributed to increased attacks.
There’s rising extortion using distributed denial of service (DDoS) and ransomware. Targeted ransomware is the new normal for financial organizations. Criminals increased ransoms, emboldened by successful attacks and media coverage. To cover their tracks, they’ll now expect you to pay in cryptocurrencies. People are often the weakest link, like in the failed attempt to infiltrate Tesla.
Stay at home orders didn’t affect cybercriminals: Brazilian cybercrime groups went global in 2020, expanding to Europe and beyond, including attempts to hack ATMs.
Bigger crime groups are evolving their business models to boost profits by hiring more people within their virtual walls rather than outsourcing.
The pandemic may lead to waves of poverty, which means increased crime, including cybercrime. As economies fail, cryptocurrency theft and ransomware heists will appeal to those living on the edge.
To crack down on cybercrime, the US Department of the Treasury’s Office of Foreign Assets Control warned of sanctions for organizations facilitating ransom payment. Next, we predict sanctions against institutions and nations that don’t combat cybercrime coming from their territory.
Crime gangs collaborating on advanced threats
Advanced persistent threats (APTs) are the most dangerous kind of attacks, often seen in geopolitical clashes, intent on harming national interests. With the trend towards improved organization security and more people working from home, crime groups will exploit network technologies such as virtual private networks (VPNs,) using social engineering to get access.
5G is big news, with bogus stories of health risks and some nations limiting or banning Huawei products in their 5G infrastructure. Security researchers are examining Huawei and other 5G providers for implementation flaws. If found, they’ll make the front pages. As more devices depend on 5G for connectivity, attackers will have more incentive to seek vulnerabilities to exploit.
As ransomware becomes the weapon of choice for many criminals, we may see ransomware players’ concentrate. In 2020 the Maze and Sodinokibi gangs pioneered an affiliate collaboration model. These bigger groups may combine to deliver APT-style attacks that overwhelm a target organization’s system, to access specific data.
We’ll likely see attacks like these disrupt everyday lives. It could be an intentional attack on critical infrastructure like utilities or collateral damage from ransomware targeting big organizations we all rely on, like supermarkets, mail or public transport.
Threats may be increasing, but fortunately, there’s better education, technology and intelligence available today to help your organization stay secure and face the future.