HP reveals: Prepare 2021 will be a year of more targeted cyber attacks
HP, one of the world’s leading technology companies, recently published its projections for 2021 on how virtual security threats will impact people and organisations in 2021.
Thus, according to the company, ransomware attacks, which steal data and demand bitcoin ransom, have become the tool of choice for cybercriminals, and this will probably continue next year.
„What we will see is an increase in ransomware-type attacks as a service, where the threat is no longer ‚hijacking‘ of data, but public disclosure of data,“ comments Joanna Burkey, HP CISO.
The increase in ransomware has stimulated the growth Bitcoin Evolution of an ecosystem of criminals specialising in the different capabilities needed to carry out attacks successfully. Malicious codes sent by e-mail, such as Emotet, TrickBot and Dridex, are often precursors to human-operated ransomware attacks.
„To maximize the impact of an attack, attackers use their access to compromised systems to deepen their anchorage within the victims‘ networks. Many groups use harmful security tools to command the victim’s domain controllers, which are often the best locations in a network to deploy a ransomware“, explains Dr. Ian Pratt.
This trend is of particular interest to the public sector, according to Alex Holland, senior malware analyst – and experts from the HP Security Advisory Board
„The increase in ‚double racketeering‘ ransomware, where victim data is leaked before being encrypted, will specifically harm public bodies, which process all kinds of personally identifiable information. Even if a ransom is paid, there is no guarantee that the attacker will not subsequently monetize the stolen data“.
He also points out that in 2021, we will have improved phishing lures to fool users and make it difficult to identify attacks.
In this way, access systems to crypto platforms, digital banks and Pix keys may be the preferred target for this type of attack.
„The most innovative mass phishing technique we see is email thread hijacking, which is used by Emotet botnet. The technique automates the creation of spear phishing lures by stealing email data from compromised systems. This data is then used to respond to conversations with messages that contain malware, making them very convincing,“ explains Dr. Ian Pratt.
The prospect of prolonged social isolation has made people share more personal information online, which can be used by cybercriminals.
„Whaling, a highly targeted form of phishing attack whose targets are senior executives, will become more prominent with cybercriminals being able to take personal information shared online to create convincing baits that lead to corporate email fraud,“ Masse comments.