{"id":45500,"date":"2020-11-29T08:50:02","date_gmt":"2020-11-29T03:20:02","guid":{"rendered":"https:\/\/www.technologyforyou.org\/?p=45500"},"modified":"2020-11-29T08:50:02","modified_gmt":"2020-11-29T03:20:02","slug":"sophos-threat-report-flags-ransomware-and-other-significant-cyberattack-trends-expected-to-shape-it-security-in-2021","status":"publish","type":"post","link":"https:\/\/www.technologyforyou.org\/sophos-threat-report-flags-ransomware-and-other-significant-cyberattack-trends-expected-to-shape-it-security-in-2021\/","title":{"rendered":"Sophos Threat Report Flags Ransomware and Other Significant Cyberattack Trends Expected to Shape IT Security In 2021"},"content":{"rendered":"

Comprehensive Report Provides 3D View of Cyberattack Trends from SophosLabs Researchers, as well as from Sophos\u2019 Threat Hunters, Rapid Responders, and Cloud Security and AI Experts<\/span><\/strong><\/p>\n

\n

Sophos, a global leader in next-generation cybersecurity, today published the\u00a0Sophos 2021 Threat Report, which flags how ransomware and fast-changing attacker behaviors, from advanced to entry-level, will shape the threat landscape and IT security in 2021. The report, written by SophosLabs security researchers, as well as Sophos\u2019 threat hunters, rapid responders, and cloud security and AI experts, provides a three-dimensional perspective on security threats and trends, from their inception to real-world impact.<\/span><\/p>\n

Three key trends analyzed in the Sophos 2021 Threat Report include:<\/span><\/strong><\/p>\n

1. The gap between ransomware operators at different ends of the skills and resource spectrum will increase.\u00a0<\/strong>At the high end, the big-game hunting ransomware families will continue to refine and change their tactics, techniques and procedures (TTPs) to become more evasive and nation-state-like in sophistication, targeting larger organizations with multimillion-dollar ransom demands. In 2020, such families included\u00a0Ryuk\u00a0and\u00a0RagnarLocker. At the other end of the spectrum, Sophos anticipates an increase in the number of entry-level, apprentice-type attackers looking for menu-driven, ransomware-for-rent, such as Dharma, that allows them to target high volumes of smaller prey.<\/span><\/p>\n

Another\u00a0ransomware trend is \u201csecondary extortion,\u201d\u00a0where alongside the data encryption the attackers steal and threaten to publish sensitive or confidential information, if their demands are not met. In 2020, Sophos reported on\u00a0Maze, RagnarLocker,\u00a0Netwalker,\u00a0REvil, and others using this approach.<\/span><\/p>\n

\u201cThe ransomware business model is dynamic and complex. During 2020, Sophos saw a clear trend towards adversaries differentiating themselves in terms of their skills and targets. However, we\u2019ve also seen ransomware families sharing best-of-breed tools and forming self-styled collaborative \u2018cartels,\u2019\u201d said Chester Wisniewski, principal research scientist, Sophos. \u201cSome, like Maze, appeared to pack their bags and head for a life of leisure, except that some of their tools and techniques have resurfaced under the guise of a newcomer, Egregor. The cyberthreat landscape abhors a vacuum. If one threat disappears another one will quickly take its place. In many ways, it is almost impossible to predict where ransomware will go next, but the attack trends discussed in\u00a0Sophos\u2019 threat report<\/a>\u00a0this year are likely to continue into 2021.\u201d<\/span><\/p>\n

2. Everyday threats such as commodity malware, including loaders and botnets, or\u00a0human-operated Initial Access Brokers, will demand serious security attention.\u00a0<\/strong>Such threats can seem like low level malware noise, but they are designed to secure a foothold in a target, gather essential data and share data back to a command-and-control network that will provide further instructions. If human operators are behind these types of threats, they\u2019ll review every compromised machine for its geolocation and other signs of high value, and then sell access to the most lucrative targets to the highest bidder, such as a major ransomware operation. For instance, in 2020,\u00a0Ryuk<\/a>\u00a0used\u00a0Buer Loader\u00a0to deliver its ransomware.<\/span><\/p>\n

\u201cCommodity malware can seem like a sandstorm of low-level noise clogging up the security alert system. From what Sophos analyzed, it is clear that defenders need to take these attacks seriously, because of where they might lead. Any infection can lead to every infection. Many security teams will feel that once malware has been blocked or removed and the compromised machine cleaned, the incident has been prevented,\u201d said Wisniewski. \u201cThey may not realize that the attack was likely against more than one machine and that seemingly common malware like Emotet and Buer Loader can lead to Ryuk, Netwalker and other advanced attacks, which IT may not notice until the ransomware\u00a0deploys, possibly in the middle of the night or on the weekend. Underestimating \u2018minor\u2019 infections could prove very costly.\u201d<\/span><\/p>\n

3. All ranks of adversaries will increasingly abuse legitimate tools, well-known utilities and common network destinations to evade detection and security measures and thwart analysis and attribution<\/strong>. The abuse of legitimate tools enables adversaries to stay under the radar while they move around the network until they are ready to launch the main part of the attack, such as ransomware. For nation-state-sponsored attackers, there is the additional benefit that using common tools makes attribution harder. In 2020, Sophos\u00a0reported\u00a0on the wide range of standard attack tools now being used by adversaries.<\/span><\/p>\n

\u201cThe abuse of everyday tools and techniques to disguise an active attack featured prominently in Sophos\u2019\u00a0review\u00a0of the threat landscape during 2020. This technique challenges traditional security approaches because the appearance of known tools doesn\u2019t automatically trigger a red flag. This is where the rapidly growing field of human-led threat hunting and managed threat response really comes into its own,\u201d said Wisniewski. \u201cHuman experts know the subtle anomalies and traces to look for, such as a legitimate tool being used at the wrong time or in the wrong place. To trained threat hunters or IT managers using endpoint detection and response (EDR) features, these signs are valuable tripwires that can alert security teams to a potential intruder and an attack underway.\u201d<\/span><\/p>\n

Additional trends analyzed in the Sophos 2021 Threat Report include:<\/span><\/strong><\/span><\/p>\n