Report Predicts IT Security Threats in 2021
Sophos, a global player in next-generation cyber-security has released the Sophos 2021 Threat Report, which revealed how ransomware and fastchanging attacker behaviors, from advanced to entry level, will shape the landscape and Information Technology (IT) security in 2021.
The report, written by SophosLabs security researchers, as well as Sophos’ threat hunters, rapid responders, and cloud security and Artificial Intelligence (AI) experts, provides a three-dimensional perspective on security threats and trends, from their inception to realworld impact.
The first dimensional perspective of the report, focused on the gap between ransomware operators at different ends of the skills and how resource spectrum will increase. According to the report, at the high end, the big-game hunting ransomware families would continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organisations with multimillion-dollar ransom demands.
In 2020, such families included Ryuk and RagnarLocker. At the other end of the spectrum, Sophos anticipates an increase in the number of entry level, apprentice-type attackers looking for menu-driven, ransomwarefor-rent, such as Dharma, which allows them to target high volumes of smaller prey.
Another ransomware trend is, “secondary extortion,” where alongside the data encryption the attackers steal and threaten to publish sensitive or confidential information, if their demands are not met. In 2020, Sophos reported on Maze, RagnarLocker, Netwalker, REvil, and others using this approach.
Analysing the report, Principal Research Scientist at Sophos, Chester Wisniewski, said: “The ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets. However, we’ve also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative cartels.”
The second dimensional perspective of the report, focused on how everyday threats such as commodity malware, including loaders and botnets, or human-operated Initial Access Brokers, will demand serious security attention.
According to the report, such threats could seem like low level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions. If human operators are behind these types of threats, they will review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation.
“Commodity malware can seem like a sandstorm of low-level noise clogging up the security alert system. From what Sophos analyzed, it is clear that defenders need to take these attacks seriously, because of where they might lead,” Wisniewski said.