By Sherri Davidoff   /   Jan 14th, 2021

Top Cybersecurity Threats of 2021

The top cybersecurity threats are evolving as hackers become more efficient and more effective, and cybercriminal gangs hone their business models and refine their tactics. Hacking is no longer a hobby; it’s big business. This year’s top cybersecurity threats have also evolved due to the COVID-19 pandemic and the resulting shift to remote work/cloud environments. In 2021, organizations need to adapt their priorities to reflect this shift in the cybersecurity threat landscape, while still addressing classic threats such as weak passwords and phishing.

Without further ado, let’s get to it!

The Top Cybersecurity Threats of 2021

Supply Chain Attacks

The close of 2020 brought with it the revelation that hackers have infiltrated the global technology supply chain that every organization relies upon, from midsized specialty vendors like SolarWinds to giants such as Intel, Cisco, Microsoft, and others. Using this access, hackers can steal data, install ransomware, or use your systems to attack others. All of this raises the specter of potential data breaches, financial and reputational damage, and liability for hacked organizations.

Email security vendor Mimecast is the latest tech company to announce that they’ve been hacked. Criminals compromised a Mimecast certificate used to encrypt email communications involving Microsoft 365 tenants, opening the door for these criminals to potentially intercept email communications exchanged with Microsoft 365 tenants. This can lead to data exposure, financial fraud and more.

Supply-chain attacks are easily one of the top cybersecurity threats of 2021 because the impacts of these breaches can be so far-reaching that it can seem almost impossible to tackle – yet the risks are high enough that they cannot be ignored. You should adjust your 2021 cybersecurity plan to ensure supply chain security is at the top of your priority list. Keep it simple to start; prioritize your suppliers and make sure to vet the ones that pose the highest risk. The NIST Cybersecurity Framework includes a section on Supply Chain Risk Management with straightforward recommendations, such as ensuring contracts with suppliers include cybersecurity measures. See our recent blog post on supply chain security and our SUNBURST community advisory for actionable strategies to strengthen your supply chain security.

Multifactor Authentication Bypass

Multifactor Authentication (MFA) bypass is a worrying trend that has rocketed its way to a spot on our top cybersecurity threats list. It is particularly concerning because most organizations are still struggling to implement MFA at all, while attackers are already on the next lap of the race and honing bypass strategies.

Let’s look at the MFA bypass vulnerability. It starts with passwords. During 2020 we continued to see a surge of password-based attacks. Researchers uncovered over 15 billion stolen passwords traded on the dark web, which enable cybercriminals gangs to easily purchase credentials for online banking accounts or remote login interfaces. These easily accessible password databases also fueled credential stuffing attacks, in which criminals take stolen passwords and attempt to login to other web sites, typically using automated tools. Since approximately 65% of people re-use the same password for multiple accounts, credential stuffing attacks are effective and an easy way for even low-tech criminals to break into accounts.

In response, many organizations turned on multifactor authentication (MFA), requiring users to take an action (such as entering a code generated by an app or text message), in combination with their password. That way even if a criminal has access to a user’s password, they can’t immediately login to the victim’s account.

Unfortunately, criminals were already ahead of the curve, and as 2020 wound to a close we saw a myriad of reports involving MFA bypass techniques. MFA bypass is new on our list of top cybersecurity threats, but it leverages several traditional vulnerabilities. Here are a few common MFA bypass techniques:

  • Social engineering – Criminals use straightforward social engineering tactics to trick users into giving out MFA codes over the phone or through the web. Often it is as simple as a phone call, in which criminals ask the victims to read an MFA code from their phone. In other cases, victims receive an email with a link to a phishing site that looks just like the real site—and once they type in their password and an MFA code, the criminals immediately pass the credentials along to the real site and login. Employees are also increasingly targeted in scams aimed at bypassing MFA for customer accounts. For example, in July, criminals famously hacked the personal Twitter accounts of dozens of celebrities. They did this by tricking a Twitter employee into giving out credentials, which enabled them to access an internal Twitter support tool and subsequently reset the email addresses associated with each account. Once they had access to the account’s email, they initiated a password reset and turned off multifactor authentication to the accounts. Far from being an isolated case, cybercriminal gangs have since launched copycat attacks against dozens of other companies.
  • Consent phishing – Even when MFA is turned on for a user’s interactive login, often applications have special tokens enabling them to access the user’s data behind the scenes. In 2020, criminals began taking advantage of that, often by launching a “consent phishing attack,” which is designed to trick users into giving a malicious app permission to access their data. In August, the cybersecurity training organization SANS announced a security breach due to a consent phishing attack. It should be noted that while phishing in general did not make it into our top cybersecurity threats list, it remains one of the most popular and effective attack vectors. Organizations should have technology defenses and user training programs in place.
  • Trusted device attacks – By infecting a victim’s computer with malware such as Emotet or Trickbot, criminals can often leverage local configuration choices such as banking web sites that allow you to “Trust this device.” In this manner, criminals can bypass MFA requirements that apply to other computers and also take advantage of any passwords that may be stored in the web browser.
  • SIM swapping (aka SIM jacking) – Criminals steal PINS as they are texted through your phone and use them to break into bank accounts and other high-security sites that leverage SMS-based two-factor authentication. Typically, criminals use stolen personal information to convince your telecommunications company that you have a new phone, and suddenly, all your text messages are sent somewhere else. The problem is not new; Reddit was famously hacked in 2018 when criminals stole an employee’s 2FA credentials, and the company subsequently posted that “we learned that SMS-based authentication is not nearly as secure as we would hope.” Likewise, Twitter CEO Jack Dorsey lost control of his own Twitter account in 2019 due to a SIM-swapping attack.

You can defend against MFA bypass attacks using the following techniques:

  • Use strong MFA Not all forms of MFA are created equal. Ditch the text messages and opt for a phone app instead, or a hardware token.  That said, SMS-based MFA is better than no MFA at all.
  • Train users to resist the latest threats, such as consent phishing emails.
  • Configure cloud applications carefully, to reduce the risk of users granting access to arbitrary applications or enabling attackers to bypass strong authentication.

Ransomware Data Exposure

Every day it seems a new ransomware case hits the news. This is in part because of a change in attacker extortion tactics: instead of quietly holding an organization’s data hostage, criminals are now also threatening to expose sensitive data and launching publicity campaigns. These so-called “double extortion” or “exposure extortion” cases now make up nearly half of all ransomware attacks, while the average ransom demand has ballooned to over $233,817. At the same time, criminals are forming cartels and leveraging shared infrastructure, enabling their affiliates to publish data on popular extortion web sites, potentially in exchange for some of the payout.

This is not the first time ransomware has been on our top cybersecurity threats list. The change in cybercriminal tactics means that organizations must change their response to ransomware attacks. Today, recovering from ransomware is about far more than restoring from backups; we also need to be prepared to handle potential data exposure and the fallout from a breach. Proper cyber insurance coverage can go a long way in transferring risk, as can proactive prevention measures such as securing RDP interfaces and reducing the risk of phishing attacks.

The cyber threat landscape is changing; organizations need to adapt their cybersecurity programs to ensure they are prepared for the top cybersecurity threats of 2021. Make sure to include supply chain management, strong MFA implementation, and ransomware risk assessments on your list of priorities for 2021. If you need assistance quickly and effectively tackling these high-priority items, contact LMG’s team of experts today. Whether it is testing, consulting services to help you refine your policies and programs, training, or incident response, our expert team is ready to help.

About the Author

Sherri Davidoff

Sherri is the CEO of LMG Security and the author of “Data Breaches.” As a recognized expert in cybersecurity and data breach response, Sherri has been called a “security badass” by The New York Times. She has conducted cybersecurity training for many distinguished organizations, including the Department of Defense, the American Bar Association, FFIEC/FDIC, and many more. She is a faculty member at the Pacific Coast Banking School, and an instructor for Black Hat, where she teaches her “Data Breaches” course. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), and has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien”Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN), and holds her degree in Computer Science and Electrical Engineering from MIT. Her latest book, Ransomware Response, will be published early next year.