• Adam Adler

Adam Adler: 2021 Emerging trends in cyber threats

Adam Adler: “During the next

decade, cybersecurity

risks will become

harder to assess and

interpret due to the

growing complexity of

the threat landscape,

adversarial ecosystem

and expansion of the

attack surface.”

01_Malware is getting an upgrade.

Malware family strains are being upgraded into new versions with additional features, distribution, and propagation mechanisms. Emotet for example, a malware originally designed as a banking Trojan back in 2014, has become one of the most

effective malware distributors of 2019.

02_Threats will become fully mobile.

Users are increasingly dependent on mobile devices to secure their most sensitive accounts. The use of 2fa tied to an app authenticator or via a text message is one of the examples. With more malware going fully mobile, fraudulent apps,

SIMJacking and operating systems exploits make these devices the weakest

link and therefore, extremely vulnerable to attacks.

03_Attackers are using new file types such as disc image files (ISO and IMG) for spreading malware.

DOC, PDF, ZIP, and XLS files are still the most commonly used attachment type for

spreading malware but other types are getting popular. A few campaigns

distributing AgentTesla InfoStealer and NanoCore RAT were found using

image file type in 2019.

04_Increase in targeted and coordinated ransomware attacks.

In 2020, we saw an escalation of sophisticated and targeted

ransomware exploits with the public sector, health care organizations and

specific industries at the top of the list. Attackers are spending more time

gathering intelligence about their victims, knowing exactly what to encrypt,

achieving maximum disruption and higher ransoms.

05_Credential-stuffing attacks will widespread.

Credential stuffing - the automated injection of stolen username and

password combinations through large-scale automated login requests

directed against a web application - will proliferate as a result of a decade

of an abnormal number of data breaches and trillions of personal data

records were stolen.



NEED MORE INFORMATION? Contact us at info@digitalbankvault.com

Ten emerging trends in attack vectors

01_Attacks will be massively distributed with a short duration and a wider impact

These attacks are meant to affect the highest number of devices possible to

steal personal information or block access to data by encrypting the


02_Finely targeted and persistent attacks will be meticulously planned with well-defined and long-term objectives

Malicious actors plan this type of attacks to reach high-value data such as

financial information, intellectual and industrial property, trade secrets,

classified information, etc.

03_Malicious actors will use digital platforms in targeted attacks

Malicious actors will explore the potential of digital platforms to support

targeted attacks (e.g. social media, gaming, messaging, streaming, etc.).

From personal data theft for spear-phishing attacks to broad malware

distribution, digital platforms with a high number of subscribers are

efficient attack vectors increasingly popular among malicious actors.

04_ The exploitation of business processes will increase

With more automation and less human intervention, business processes

can be maliciously altered to generate profit for an attacker. Commonly

known as Business Process Compromise (BPC) this technique is often

undervalued by process engineering specialists due to the lack of a proper

risk assessment.

05_ The attack surface will continue expanding

E-mail is no longer the prime and only tool and top attack vector for

phishing. Malicious actors are now using other platforms to communicate

and attract victims to open compromised web pages. A new trend is

emerging with the use of SMS, WhatsApp, Snapchat, and social media


06_Teleworking will be exploited through home devices

With more people teleworking and connecting their devices to corporate

networks, the risk of opening new entry points for attackers will increase.

With the COVID-19 pandemic, this trend will urge IT Managers to tighten

security policies and make urgent changes in the IT infrastructure.

07_Attackers will come better prepared

Attackers choose their targets carefully, perform reconnaissance against

specific employees, and target those with spear-phishing attacks to obtain

usable credentials to target the organization. Once the attackers gain

access to a single machine, they may employ penetration-testing tools

such as Mimikatz to gather and exploit credentials with elevated privileges.

08_Obfuscation techniques will sophisticate

Threat actors are continuously innovating to make threats more effective

and less susceptible to detections. The Anibus, an Android banking Trojan

and bot has been distributed by masquerading as an innocuous app,

primarily through Google Play Store.

09_ The automated exploitation of unpatched systems and discontinued applications will increase

The abnormal increase in Telnet traffic to port 445 observed in 2019

unveiled the expansion of worms and exploits such as Eternal Blue. Telnet,

which is no longer used except in the realm of IoT devices, saw the

greatest volumes during the period.

10_ Cyber threats are moving to the edge

Edge devices are deployed at the boundaries between interconnected

networks. We have seen a growing trend with attacks targeting these

devices — such as routers, switches, and firewalls — having a significant

impact to an enterprise and on the connected digital ecosystem.