2020 and Cybersecurity - A Perspective

As the leader of the Trustwave SpiderLabs global security research team, I spend my days exploring some of the darkest corners of the web, searching for vulnerabilities, gathering threat intelligence and generally doing whatever I can to help thwart cybercrime.

In this year alone, Trustwave SpiderLabs made two of the biggest discoveries in our history, with the discovery of massive voter and consumer databases for sale on hacker forums and the discovery of GoldenSpy, a malware installed in a tax reporting software that foreign companies operating in China were required to use.  

Additionally, we have discovered vulnerabilities in a variety of products and services that we report responsibly to vendors while helping them confirm the patches address the discovered issues. Examples include Schneider Electric PLC, SAP ASE and IBM DB2 databases and Microsoft Teams, among many others.

Looking back at all the work we have done in 2020, there are a few key insights on global cybersecurity that stand out to me, along with trends that organizations should be aware of – and begin preparing for – in the year to come.

Cybercrime Is Becoming More Innovative  

In 2020, cybercriminals continued demonstrating creativity and relentless persistence in creating social engineering attacks and other cyberattacks. Cybercriminals who try to distribute malware and phishing in masses (e.g. distributing general ransomware) continuously create new variants and mutations to evade detection. New formats are used with malicious URLs to make it difficult to detect and block them. Cybercriminals who are financially motivated identified some cybercrime "cash cows" such as ransomware and BEC. They are used heavily and will continue to be.

Attacks Are More Sophisticated

Cybercriminals that conduct targeted attacks, especially advanced persistent threats (APTs) and nation-state actors, continue to demonstrate an incredibly high level of sophistication. That's also true for targeted ransomware attacks, where the requested ransom payments from corporations (which are often paid) add up to millions of dollars.

Just recently we were given another chilly reminder of the sophistication used in APT attacks. Certain actors, whose identity is still unknown at this time, have managed to compromise large numbers of organizations and corporations, including some government entities and major vendors, by installing malicious files through the update mechanism of SolarWinds, an IT management software. As the story unfolds, we see the determination of those actors, for example in stealing hundreds of attack and evaluation tools that were developed and used by the cybersecurity vendor FireEye.

We also saw that just before the 2020 elections in the United States, the FBI and Department of Justice confirmed that several countries obtained detailed voters' lists and could use them. We discovered at that time that such voter databases and massive databases with information about consumers in the US and in other countries circulate in certain hacker forums. The level of details about citizens in those databases was huge and beyond what many would expect.

COVID Showed That Nothing Is Off Limits

When the COVID-19 situation started, cybercriminals quickly realized that they could monetize the opportunity. They launched numerous scams that leveraged this unprecedented global catastrophe, including malicious Corona maps, phishing sites that exploited the distribution of stimulus and relief funds in various countries, scams targeting people who switched to working from home, or scams that targeted people who were left without income and were desperately looking for a new job.

While we have seen that there is a kind of code of honor among some cybercriminals, seeking to profit from a pandemic that has killed over a million people is sadly not covered by that code – organizations of all kinds, but especially in the health care sector, should be aware, and plan accordingly.

Working from Home Is A Vulnerability

As we’ve previously covered, the COVID-19 pandemic forced an enormous and almost instant switch to massive work from home postures. Unfortunately, that meant cybercriminals were able to target our workforce more easily. There is less scrutiny when people work from home. As the work from home trend is projected to continue, even after the pandemic ends, that will require companies and organizations to keep educating their users about the risks and how to be vigilant.

Looking Ahead to 2021

I expect continuous efforts of cybercriminals to attack consumers, corporations, and a variety of organizations with different motives in mind. Most cybercriminals are after financial profits and therefore financially motivated attacks will continue with increased intensity – but as the FireEye breach has shown, national and political motivations will also play a huge role.

Forums on the dark web will continue to be used to sell and buy stolen information such as user credentials, credit card information, remote access into hacked networks and more. Therefore, we will continue seeing phishing and sniffing attacks that capture that information. The sad reality is, since most cybercriminals can conduct activity very profitably, with minimal physical risk, it will continue to attract more and more players.

APTs will intensify their attacks on corporations and government targets and demonstrate increasing levels of sophistication. No target is excluded from or immune to these attacks. Organizations should continuously examine their security posture and educate their users about the risks.

Remember – your assumption should always be that it’s not a question of whether or not you’re going to be hacked, but when you will be hacked. Using recurrent proactive threat hunting and penetration testing is vital!