Authored by: Malwarebytes Labs
2020 has been a challenging year for many of us. The COVID-19 global pandemic has forced organisations to digitalise their way of operations, shifted traditional business practices and compelled majority of the workforce to work remotely. Due to the lack of rapid response and preparedness, many organisations and individuals fall prey to the hands of threat actors.
Throughout the course of the year, Malwarebytes research have shown very concerning trends. Survey results from the “Enduring from Home” COVID-19’s impact on business security” report showed that 20 per cent of companies admitted that they faced a security breach as a result of a remote worker, and 18 per cent admitted that for their employees, cybersecurity was not a priority. While we move towards 2021, it is crucial for organisations and individuals to keep up to date with the latest trends, especially as it seems that remote working is here to stay. Here are five cybersecurity predictions that Malwarebytes Labs team foresees will shake up the cybersecurity space in the Asia-Pacific region.
Stalkerware has been prominent throughout 2020, and will continue to be in 2021
Throughout 2020, there has been an uptick in stalkerware-type app detections for Android since shelter-in-place orders were implemented in March 2020. Stalkerware programs enable an abuser to intrude into a person’s private life and can be used as a tool for abuse in cases of domestic violence and stalking. By installing these applications on a person’s device, abusers can get access to their victim’s messages, photos, social media, geolocation, audio or camera recordings. Such programs run hidden in the background, without a victim’s knowledge or consent. From January 1 to October 31, 2020, Malwarebytes recorded a 584 per cent increase in monitor app detections, and a 1,044 per cent increase in spyware detections. Overall, this represents more than 43,000 monitor app detections in the first 10 months of 2020. In an effort to battle stalkerware, the Coalition Against Stalkerware, which was co-founded by Malwarebytes and established a year ago, aims at improving detection and mitigation of stalkerware, as well as educating individuals and victims on the technical aspects of the threat.
A spike in e-commerce threats
COVID-19 has segregated the community physically and as a result, consumer behaviour has changed – we are all now taking our work, entertainment and even shopping online. Threat actors see this as the perfect time to conduct cybercrimes via e-commerce platforms. Just recently, RedMart experienced a major cybersecurity compromise, in which 1.1 million RedMart user accounts had their personal information stolen from a customer database, including information such as names, phone numbers, e-mail, mailing addresses and encrypted passwords. With access to sensitive information as such, threat actors look to install malware and even ransomware on victims’ system by baiting them to click on attractive links. Here are some of the common symptoms of an infected system – new toolbars or buttons appear in your browser; a constant barrage of ad pop-ups; system is slow and crashes repeatedly; and e-mails that keep bouncing. With the increased traffic in e-commerce platforms, and even messaging apps which sport Mobile commerce, it is likely that attackers such as Magecart are dovetailing new tactics as we speak, and this must be something that cybersecurity professionals pay close attention to.
An increase in Remote Desktop Protocol attacks and major ransomware activity
Used for remotely connecting to Windows systems, criminals who leverage on Microsoft's Remote Desktop Protocol (RDP) look for unsecured RDP services to exploit and access enterprise networks. Through social engineering or brute force attacks, threat actors get a hold of login credentials for a remote desktop, from which they will be able to deploy a ransomware and demand for payment from the victim. Many organisations fail to secure their RDP services against unauthorised access, making it easy for threat actors to execute an RDP attack. There are some things that you can do to make it harder for unauthorised users to access your network. This includes placing the RDP access behind a virtual private network (VPN); using a Remote Desktop Gateway Server, which also gives you additional security like two-factor authentication; using strong passwords; limit users; and enabling Network Level Authentication (NLA).
The ever-evolving threat of destructive malware, Emotet
The October 2020 HP-Bromium Threat Insights Report reports a 1,200 per cent increase in Emotet detections from July to September compared to the previous three months in which deployment of the malware appeared to decline. Experts believe that the threat will continue well into 2021 and beyond. Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious links. Emotet emails may contain familiar branding designed to look like a legitimate email. It may try to persuade users to click the malicious files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies. Just last year, it was reported that Emotet had tripled its activity level in Singapore and currently still poses a multi-faceted threat to systems here. The top five sectors that Emotet had targeted here in Singapore include the manufacturing, financial services, media, aviation and healthcare sectors. As an individual, there are some ways to mitigate the risk from Emotet, and that is to keep your computer/endpoints up-to-date with the latest patches of Microsoft Windows; put a priority on creating strong passwords with two-factor authentication; not clicking on suspicious or too-good-to-be-true links; and protecting your system with a robust cybersecurity program such as one from Malwarebytes.
Advanced Persistent Threats are switching up, expect more air-gap attacks
An Advanced Persistent Threat (APT) is a prolonged, targeted attack on a specific entity or entities with the intention of compromising their systems and gaining information from or about them. The target can be a person, an organisation or a business. When these threats were dubbed, their targets were governments and military organisations. The word threat doesn’t mean to imply that there is only one kind of malware involved, because an APT usually consists of several different attacks. Moving forward, APTs are switching up by targeting the air-gap network, and we can expect more attacks from these threats in 2021. It is also attempting to switch to a multi-platform malware which threatens Linux and Mac operating systems. Moreover, with the increase in online and mobile usage, mobile phones are no exception to APTs. Malicious documents are the main initial vector but threat actors are switching from excel Macros to Excel4 or Excel and Macro where macros cannot be detected easily but will be embedded in the formulas, making it tricky to contain.