INTERNET SECURITY firm Kaspersky on Monday said it expects new cyberattack strategies to emerge next year, which will mainly target network appliances and 5G.
“New attack vectors, such as the targeting of network appliances and the search for 5G vulnerabilities, will happen alongside multi-stage attacks and positive actions against activities enabling cyberattacks, such as zero-day sales,” Kaspersky said in an e-mailed statement on Monday.
The company said its forecast for 2021 was developed based on the changes that its global research and analysis team observed in 2020.
For 2021, Kaspersky anticipates more countries to use legal indictments as part of their cyber strategy.
“Kaspersky’s previous predictions of ‘naming and shaming’ of APT (advanced persistent threat) attacks carried out by hostile parties has come true, and more organizations will follow suit,” it noted.
“Exposing toolsets of APT groups carried out at the governmental level will drive more states to do the same, thereby hurting actors’ activities and developments by burning the existing toolsets of their opponents in an effort to retaliate,” it added.
Kaspersky’s researchers also expect more Silicon Valley firms to take action against zero-day brokers.
“Following the scandalous cases where zero-day vulnerabilities in popular apps were exploited for espionage on a variety of different targets, more Silicon Valley corporations are likely to take a stance against zero-day brokers in an effort to protect their customers and reputation,” it said.
As for the expected increase in the attacks on network appliances, Kaspersky said: “With remote work, organizational security has become a priority, and more interest towards exploiting network appliances such as VPN gateways will emerge.”
It added harvesting credentials to access corporate VPNs through “vishing” work-from-home employees may also emerge.
The company also anticipates changes in ransomware gangs’ strategy.
“Following the success of previous targeted attack strategies, more major ransomware players will start focusing their activities and obtaining APT-like capabilities — with the money the gangs have extorted, they will be able to invest large funds into new advanced toolsets with budgets comparable to that of some of the state-sponsored APT groups,” Kaspersky noted.
More disruptive attacks can also be expected, “as our lives have become even more dependent on technology with a much wider attack surface than ever before,” it added.
Cybercriminals will likewise have a greater incentive to look for vulnerabilities they can exploit, Kaspersky said, referring to 5G.
Such attackers are expected to continue exploiting the coronavirus pandemic crisis. “While it did not prompt changes in tactics, techniques and procedures of the threat actors, the virus has become a persistent topic of interest. As the pandemic will continue into 2021, threat actors will not stop exploiting this topic to gain a foothold in target systems,” the company said. — Arjay L. Balinbin