Cyberattacks to intensify 2021 as hackers explore weakly-secured infrastructure 

Activities of cybercriminals are expected to be on the upward swing in the next 12 months, except adequate measures are instituted, an expert has said.

Sharing cybersecurity threats to watch out for in 2021 with The Guardian, the Managing Director, HP Nigeria, Ifeyinwa Afe, listed five vulnerable loopholes.

Afe listed the loopholes as weakened organisations’ security would lead to more unintentional insider threats, human-operated ransomware attacks will remain an acute threat, greater innovation in phishing will see thread hijacking and whaling attacks and tailored attacks to target specific verticals especially critical infrastructure, pharma and healthcare.

She explained that home devices would be under increased pressure while infrastructure will be targeted. According to her, the scale at which people operate from home increases the incentive for attackers to go after consumer IoT devices.

The HP MD said ransomware has become the cybercriminal’s tool of choice and that this would likely continue in the year ahead. She said there would be a rise in ransomware-as-service attacks where the threat is no longer the ‘kidnapping’ of data but public release of the data.

This, according to her, has fueled the growth of an ecosystem of criminal actors, who specialise in different capabilities needed to pull off successful attacks. She added that malware delivered by email was often a precursor to human-operated ransomware attacks.

Afe predicted that in 2021, there would be more innovative phishing designed to trick users and make attacks harder to identify. She disclosed that the most innovative mass phishing technique seen is email thread hijacking, which is used by the Emotet botnet.

“The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. This data is then used to reply to conversations with messages containing malware, making them appear very convincing. We can also expect to see more of these attacks targeting individuals working remotely, thanks to everything relying on strong authentication, as opposed to in-person presence, there is more opportunity for hackers to engage in social engineering to trick employees into divulging credentials,” she stated.

On targeted sectors’, Afe informed that one of the most at-risk verticals in 2021 will be healthcare, which society depends on. She said these organisations are typically under-resourced, change-averse, and slow to innovate.

According to her, education also fits this criterion and could be another prime target. She said this threat extends beyond hospitals and doctor’s surgeries into more critical areas.

“Due to the race to develop a new vaccine, pharmaceutical companies and research facilities will also continue to face adverse risk,” she added.

She noted that zero trust as a concept is not new, but the increase in remote working means that it is now a reality that organizations need to accept. She, therefore, said the traditional ways of securing access to the corporate network, applications and data are no longer fit for purpose.

She stressed that the perimeter has become obsolete, adding: “over the years the workforce has become more dispersed, and SaaS adoption has risen – this means critical data is being hosted outside the enterprise firewall. The time has come for organizations to start protecting against the unknown, which means utilizing zero trusts, but in a way that is transparent to the user.”

To tackle the menace, Afe said a new approach to security is needed. She stressed that 2020 demonstrated that it has become critical to manage highly distributed endpoint infrastructure and organizations need to accept that the future is distributed.

According to her, everything from remote workers’ devices to industrial IoT devices has become the new frontlines of the cybersecurity battleground in our increasingly cyber-physical world.

To meet this challenge, the HP boss said organisations need to re-think their security architectures and controls and embrace the necessary innovation in technology and processes to help them support this new environment.

“Organizations have had a tough 2020, and in Nigeria, we have seen high-profile attacks against several sectors including banking, telecommunication, among other sectors. The shift to remote working has widened the attack surface and made life even more difficult for security teams, meaning the days of the hardened perimeter are behind us.

“Now, more than ever, organizations need to shift their focus to delivering protection where it is most needed: the endpoint. For 2020, we have seen hackers become increasingly targeted, while also using sophisticated lures to trick users into engaging in risky behaviors. Organizations cannot afford to close their eyes and hope for the best in 2021, which is why they must adopt a protection-first approach to endpoint security to keep them a step ahead of cybercriminals,” she stressed.