A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Photo: Reuters / Kacper Pempel / Illustration.

CTech – Researchers from the cybersecurity company Kaspersky have shared what they believe are some of the most probable ‘Advanced Persistent Threats’ (APTs) as we enter a new year. This year faces a different set of circumstances due to the turmoil experienced in 2020 and the new ways we live our lives, notably with broadened attack surfaces from remote working and 5G vulnerabilities.

The forecast was developed by Kaspersky’s Global Research and Analysis Team (GReAT) after the changes they witnessed throughout 2020. Following the publication of their findings to support the cybersecurity communities, these guidelines and insights were created to help us with new challenges that lie ahead.

The most dangerous trend that the Kaspersky researchers anticipate in 2021 is the change in the approach of attacks by threat actors. This year has seen a rise in targeted ransomware attacks through generic malware that can then get a foothold into targeted networks. As such, organizations will need to pay more attention to generic malware and enhance their incident response activities on each computer to make sure that general malware is not used as a way to deploy more sinister threats.

“In 2021, we expect that APT players will try to lead more attacks that disrupt essential services, similar to the attempted attack on water facilities in Israel in April,” said Mark Lechtik, a senior security researcher at Kaspersky Israel’s research division. “Cybercriminals no longer focus on mass distribution of malware – a higher ransom amount may be required. We are likely to see more ransomware damage which could disrupt the activities of hospitals, food chains, public transport bodies, and more.”

Lechtik noted that just as 2020 has brought about many changes in the reality of our lives, so to have the cyber threats we are exposed to undergone profound changes. According to him, Kaspersky’s research team in Israel even identified a rare attack this year that is being reported for only the second time in the world. “The importance of the APT Threats Forecast is an opportunity that enables the entire defense cyber industry to plan for the risks that organizations are expected to face in the coming year, and to arrive in real-time more prepared than ever.”

Other threats highlighted in their guidelines include:

• Countries using legal indictments as a cyber-strategy – The act of ‘naming and shaming’ attacks from hostile parties or countries will increase, as government-level groups become more involved.
• Silicon Valley will take action against zero-day brokers – After zero-day vulnerabilities in apps were exploited, more of the Valley’s companies will take a stance against zero-day brokers.
• Increased targeting of network appliances – Since more people work from home and rely on VPNs, hackers will start to exploit those gateways and start ‘vishing’
• Less direct, more disruptive – Due to more of our lives relying on networked technology, we can expect there to be wider attacks and not directed at specific organizations.
• 5G vulnerabilities – 5G is still a fairly new technology, so as usage increases and dependency becomes inevitable, attackers will seek incentives to exploit users.
• COVID-19 – The pandemic has changed almost everything we do with work, so hackers may still use it to exploit our lives next year. Since COVID-19 will likely come with us to 2021, so will the threats associated with it.

These predictions are a part of the Kaspersky Security Bulletin (KSB) – an annual predictions series and analytical articles on key changes in the world of cybersecurity. The company, which was founded in 1997, offers its security solutions to protect businesses, infrastructure, governments, and consumers. Today, it serves more than 400 million users and 250,000 corporate clients.