Quick Heal Reveals Threat Predictions For 2021

Pune, December 25, 2020: 2020 has been a year of unexpected events, with COVID-19 striking a blow to the world, and bringing overnight changes to our lifestyles. While going digital was one of the primary transitions for businesses, it also created an opportunity for cybercriminals to use pandemic as their new bait – and eventually inject malware in the systems to barge in and steal sensitive data. Strengthening cybersecurity hence became the need of the hour for most businesses as they gear up for 2021. To understand this better, Quick Heal, a specialist provider of IT security and data protection solutions to corporates, SMEs, and governments, has released its threat predictions that will share the future of cybersecurity in 2021 and beyond.

Targeted Ransomware attacks on Healthcare and Pharma Sector to Surge

Healthcare and Pharma sector companies that have been in the front lines working to fight against the Coronavirus pandemic are also facing a new wave of ransomware attacks and extortion demands lately. Though few ransomware operators agreed to not attack the healthcare sector during the COVID-19 crisis, several other attack groups have continued to use ransomware against this sector, largely because of the sensitive and personal data of patients they store. Numerous hospitals, COVID-19 research firms, and pharma companies have fallen victim to ransomware in the last quarter of ‘20, making it necessary for them to adopt or deploy a comprehensive set of security solutions.

Increase in threats on Remote Work Infrastructure

With the Covid-19 pandemic, almost all organizations have rolled out a remote working model— businesses have introduced tools to facilitate employees to connect to office networks from home and collaborate. Typically, VPNs are used to connect to such networks, whereas video conferencing or chat applications are used to communicate with colleagues — many SMBs have also rolled-out BYOD (Bring Your Own Device).

This new infrastructure must be managed and configured with great precision. IT administrators need to update and patch the software, OS, and Antivirus whenever required to defend against exploitation attempts made on this new attack surface. Any new vulnerabilities in such popular applications could be encashed by malware authors as soon as they are reported or discovered.

Next wave of Crypto-miners

The cryptocurrency prices are at an all-time high currently and are expected to rise even more in 2021. Cryptocurrencies like Bitcoin and Monero have almost tripled in value in 2020. The booming cryptocurrency values will invite even more threat actors towards developing stealthier crypto-miners and generate higher revenues in 2021.

Coronavirus themed threats to divert from precaution-based to prevention-based

In the initial timeframe of the pandemic outbreak, cyber threats were precaution-based where phishing sites, fake mobile apps, and malware filenames were related to awareness of coronavirus, symptoms, precaution measures, PPE kits, test kits, lockdown, and social distancing.

With the end of the year approaching, the big race among all the pharma companies has led to the creation of several vaccines that are at various stages of testing and approvals. The governments of different countries and states are gearing up for providing vaccines to all its citizens free of cost or at subsidized rates to prevent the virus from infecting and spreading. Hence, now the threats are forecasted to start diverting to a prevention-based theme.

Deep-fakes to cyber-frauds

Deep-fakes are fake/manipulated video or audio clips of a person, created using deep learning technology. This can be used to create fake news and carry out cyber fraud. A company’s CEO featuring in a deep-fake video asking colleagues or employees to transfer funds is a classic example of a deep-fake video. Expect more of these in 2021.

Automation in performing phishing attacks

Hackers have been increasingly seen using automation in performing phishing attacks. This trend will continue — a variety of social engineering tricks will be used to lure into giving up on sensitive information in 2021.

Increase in attacks related to mobile banking

In September 2020, Cerberus mobile banking trojan’s source code was released for free on underground hacking forums. Following this, an immediate rise in mobile app infections was seen. It is expected that far more advanced variants of mobile banking malware based on Cerebrus’s code will emerge next year with new techniques and payloads.

Speaking on these security predictions, Himanshu Dubey, Director, Quick Heal Security Labs, said, “Undoubtedly, 2020 started with a significant unforeseen event. Nobody would have imagined of COVID-19 and how it might disrupt economies worldwide. More importantly, the pandemic acted as a huge opportunity for cybercriminals to innovate their attack strategies further, and steal sensitive data for their personal gain. These advancements are likely to continue in the coming year as well. For instance, new tactics like double extortion, crypto-mining, ethical hacking, etc. are expected to be widely adopted by threat actors in 2021. At Quick Heal, we will continue to research and innovate and work closely with our customer and partner network to spread awareness on the various tactics and methods adopted by cybercriminals.”

The predictions made by Quick Heal highlight emerging cybersecurity trends that are projected to disrupt the evolving business landscape. Some of the successful predictions made by Quick Heal last year include an increase in web skimming attacks, more Bluekeep-like wormable exploits, APT attacks on critical infrastructures, increased use of LOL Bins, and a rise in Office Macro-based attacks over office exploits. Since its inception, Quick Heal has been helping businesses establish an agile cybersecurity framework to defend against known and unknown attack vectors. Today, it has emerged as a preferred cybersecurity partner for thousands of businesses across the globe.