December 21, 2020

VMware Carbon Black: Cybersecurity under “inconceivable strain” in 2020

By Ellen Daniel

As has been the case for numerous industries, the cybersecurity landscape has changed dramatically during 2020. The past twelve months have seen CIOs adapt to the switch to widespread remote working, and the cybersecurity challenges that brings, as well as an influx in malicious content related to Covid-19.

The year also saw worrying number of attacks targeting vaccine development, and with the ongoing developments of the SolarWinds attack, government departments have been increasingly targeted.

According to cloud security company VMware Carbon Black’s Threat Analysis Unit, nine in ten security professionals they were facing increased attack volumes due to the newly distributed working environment.

During a recent roundtable, VMware Carbon Black’s Tom Kellerman, Head of Cybersecurity Strategy, Rick McElroy, Head of Security Strategy and Greg Foss, Senior Cybersecurity Strategist, reflected on 2020, and made predictions for the year ahead.

As Covid-19 continues to impact the sector, they outlined the key trends that cybersecurity professionals should be aware of, and the tactics that threat actors may deploy.

The rise of ransomware

The cybersecurity experts predicted that ransomware will continue to be a popular attack method for cybercriminals. Currently, ransomware attacks are up 900% year-on-year, caused in part by gaps in visibility caused by remote working and the impact this has had on the effectiveness of on-premises security tools.

However, as backup solutions and disaster recovery become more common, groups are now shifted their attention to “double extortion”, not only encrypting organisations’ data, but also extorting sensitive information in order to make campaigns even more lucrative.

They also noted that the emergence of ransomware-as-a-service has meant that attackers with lower skill levels can also deploy this type of attack. There is also evidence that major ransomware groups are collaborating and sharing resources in order to develop more sophisticated campaigns.

A focus on mobile devices

VMware Carbon Black also predicts that a shift to working from home, and the blurring of personal and professional devices, will mean that attackers will focus their attention on mobile devices and operating systems.

Although they noted that manufacturers of mobile devices “have done a good job” when it comes to security, the experts noted that zero-day attacks are likely to increase, with many mobile devices lacking detection capabilities, meaning breaches are often discovered too late.

They explained that if a hacker is able to infiltrate a mobile device, they can use it to “island hop” onto a corporate network that may have been accessed.

They also said that iOs will be targeted, warning that “the walled garden is in trouble right now”, with attackers using malware such as Shlayer.

“Cloud-jacking”

Furthermore, with the newly distributed workforce increasingly relying on the public cloud, cybercriminal will look to exploit this through cloud-jacking.

They also predicted that nation-state actors will carry out attacks against industrial control system environments, with the oil, manufacturing and gas industries likely targets.

VMware Carbon Black also foresees attack vectors once the reserve of nation states will “trickle down” to other groups.

Health data will be an attractive target

With the Covid-19 pandemic leading to a greater focus on digital healthcare, and the rapid rollout of new telemedicine technology, VMware Carbon Black also predicted that “opportunistic” criminals will seek to gain access to a wealth of health-related personally identifiable information, leading to concerns about privacy and the potential for blackmail.

The experts also predicted that the possible rollout of Covid-19 immunity passports, as well as Covid-19 testing data, could also bring with them new cybersecurity risks.

However, they foresee an increase in IT and security budgets in the sector to combat these threats.

“On the whole security tools and processes are working”

When it comes to combatting attackers, the experts noted that 2021 will see significant advances in the use of artificial intelligence and machine learning in the security stack, with automation “simplified and integrated into the arsenal of more organisations”, as well as a growing awareness of how attackers are using automation.

However, advances in such technology will also benefit attackers in their post-exploitation activities.

Overall, while the experts highlighted that cybersecurity has been placed under “inconceivable strain” over the past year, they noted that “on the whole security tools and processes are working”.

They said that 2020 has demonstrated the importance of cybersecurity for organisations which could lead to “board-level support and a much healthier relationship between IT and security teams”.


Read More: Microsoft confirms it found “malicious” SolarWinds code on its systems.