Cybersecurity Predictions For 2021
Here we are again for the annual predictions of the trends and events that will impact the cybersecurity landscape in 2021. Let’s try to predict which will be the threats and bad actors that will shape the landscape in the next 12 months. I’ve put together a list of the seven top cybersecurity trends that you should be aware of.
#1 Ransomware attacks on the rise
In the past months we have observed an unprecedented surge of ransomware attacks that hit major businesses and organizations across the world. The number of attacks will continue to increase in 2021, threat actors will use prominent botnets like Trickbot to deliver their ransomware. Security experts will also observe a dramatic increase in the human-operated attacks that see threat actors exploiting known vulnerabilities in targeted systems in order to gain access to the target networks. Once gained access to these network operators will manually deploy the ransomware. School districts and municipalities will be privileged targets of cybercriminal organizations because they have limited resources and poor cyber hygiene.
In the first quarter of 2021, a growing number of organizations will continue to allow their employees to remotely access their resources in response to the ongoing COVID-19 pandemic, thus enlarging their surface of attacks.
Most of the human-operated attacks will be targeted, ransomware operators will carefully choose their victims in order to maximize their efforts.
The ransomware-as-a-service model will allow network of affiliates to arrange their own campaign that will hit end-users and SMEs worldwide.
Start 2021 off right and get certified! Fill out the form below to get started
ChatGPT training built for everyone
#2 The return of cyber attacks on cryptocurrency industry
The number of cyber-attacks against organizations and businesses in the cryptocurrency industry will surge again in the first months of 2021 due to a new increase in the value of currencies such as Bitcoin.
Cryptocurrency exchanges and platforms will be targeted by both cybercrime organizations and nation-state actors attempting to monetize their efforts.
If the values of the major cryptocurrencies will increase we will observe new malware specifically designed to steal cryptocurrencies from the wallets of the victims along with new phishing campaigns targeting users of cryptocurrency platforms.
#3 Crimeware-as-a-service even more efficient
In the Crimeware-as-a-Service (CaaS) model cybercriminals offer their advanced tools and services for sale or rent to other less skilled criminals. The CaaS is having a significant effect on the threat landscape because it lowers the bar for inexperienced threat actors to launch sophisticated cyber attacks.
The CaaS model will continue to enable both technically inexperienced criminals and APT groups to rapidly arrange sophisticated attacks. The most profitable services that will be offered using this model in 2021 are ransomware and malware attacks.
CaaS allows Advanced threat actors to rapidly arrange hit-and-run operations and make their attribution difficult. In 2021 major botnet operations, such as Emotet and Trickbot, will continues to infect devices worldwide.
In the next months we will assist to the growth of Remote Access Markets that allow attackers to exchange access credentials to compromised networks and services. These services expose organizations to a broad range of cyber threats, including, malware, ransomware and e-skimming.
#4 Cyberbullying, too many people suffer in the silent
Words can cause more damages than weapons, we cannot underestimate this threat and technology could exacerbate this dangers. Cyberbullying refers to the practice of using technology to harass, or bully, someone else.
The term cyberbullying is as an umbrella for different kinds of online abuse, some of which are rapidly increasing such as doxing, cyberstalking, and revenge porn.
Authorities and media are approaching the problem with increasing interest, but evidently it is not enough.
This criminal practice represents one of the greatest dangers of the Internet, it could have a devastating impact on teenagers.
In the upcoming months, the problem of cyberbullying will impact, most of ever, the online gaming community reaching worrisome level.
#5 State-sponsored hacking, all against all
In 2021, cyber attacks carried out by state-sponsored hackers will cause important damages to the target organizations.
The number of targeted attacks against government organizations and critical infrastructure will increase pushing the states to promote a global dialog to discuss about the risks connected to these campaigns.
The healthcare and the pharmaceutical sector, as well as academic and financial industries will be under attack.
Nation-state actors aim at gathering intelligence on strategic Intellectual Property.
Most of the campaigns that will be uncovered by security firms will be carried out by APT groups linked to Russia, China, Iran, and North Korea. This is just the tip of the iceberg because the level of sophistication of these campaigns will allow them to avoid the detection for long periods with dramatic consequences.
Nation-state actors will be also involved in long-running disinformation campaigns aimed at destabilizing the politics of other states.
#6 IoT industry under attack
The rapid evolution of the internet-of-things (IoT) industry and the implementation of 5G networks will push businesses to become ever more reliant on IoT technology.
The bad news it that a large number of smart devices fails in implementing security by design and most of their instances are poorly configured, exposing the organizations and individuals to the risk of hack.
Threat actors will develop new malware to target IoT devices that could be abused in multi-purposes malicious campaigns. Ransomware operators will also focus their efforts on the development of specific malware variants to target these systems.
IoT ransomware are designed to take over connected systems and force them to work incorrectly (i.e. changing the level of chemical elements in production processes or manipulating the level of medicine in an insulin pump), and forcing victims into paying the ransom in order to restore ordinary operations.
Phishing simulations & training
#7 Data breaches will continue to flood cybercrime underground market
Thousands of data breaches will be disclosed in 2021 by organizations worldwide. As a result, billion stolen records will flood the cybercrime underground market. These data will give to cybercriminals and nation-state actors an immense opportunity, it could be used by attackers to gain access to target organizations and carry out malicious activities. In 2021 security experts will observe the rise of credential-stuffing attacks.
Credential stuffing is a type of attack where stolen account credentials (i.e., lists of usernames or email addresses and the corresponding passwords) obtained from past data breaches are used to access user accounts through large-scale automated login requests. The attackers automate the logins for thousands or millions of previously discovered login credentials using web automation tools available online.
Credential stuffing will continue to be an efficient way to monetize the attacks.
ChatGPT training
In this Series
- Cybersecurity Predictions For 2021
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization