Acronis cybersecurity expert predicts 2021's top threats for Security Boulevard

Attendees of a recent webinar hosted by tech news site Security Boulevard got a preview of the universe of cyberthreats that businesses will face this year based on the analysis of Candid Wüest, Acronis VP of Cyber Protection Research, and his team.

Wüest, who served as the tech lead for Symantec’s global security response team for 16 years prior to joining Acronis, began his keynote with a look back at the top threats of 2020. He set the table with headlines of major cyberattacks – from highly-destructive ransomware attacks on global corporations to the exploit of the SaltStack vulnerability that brought down thousands of data centers to December’s harrowing software supply-chain breach of tech vendor SolarWinds that resulted in the subsequent penetration of tens of thousands of businesses and government institutions and the theft of sensitive data from dozens of them.

He enumerated the most common attack vectors used by cybercriminals to pierce their targets’ defenses, noting that the pandemic-driven surge in the use of SaaS apps, cloud resources, and home workspaces had exacerbated the challenges of keeping critical data safe. Malicious emails emerged as the most prevalent attack vector, abetted by new tactics for delivering malware and unprecedented success in stealing credentials through subterfuge or compromise of credential stores. Cybercriminals also targeted their efforts more effectively higher up the org chart, as senior executives were gulled into falling for wire-transfer and other cyber scams.

The shift to remote work provided another rich target environment for the bad guys, as home-office tech provided weaker defenses against credential theft, distributed denial-of-service (DDoS) attacks, and exploits of vulnerabilities in VPNs, consumer-grade routers, and collaboration apps like Zoom. The parallel rush to cloud adoption opened another set of gaps in cyber defenses, as tech staffers unfamiliar with cloud configuration and management tools made errors that left cloud services, APIs, containers and data stores open to attack.

Abuse of trusted tools, connections, and relationships was another highly-effective weapon in the cybercriminals’ arsenal in 2020. Using a coordinated array of techniques -- including fileless malware attacks, credential theft, privilege escalation and lateral movement – attacker were able to embed malware in IT tools widely used by managed services providers, businesses, and government institutions alike, which in turn enabled the spread of that malware to their initial victims’ customers and partners. It marked a watershed nation-state use of Advanced Persistent Threat attack techniques against smaller commercial and public-sector targets.

Ransomware came in as another top threat, with cybercriminals more effectively customizing attacks to chosen targets and wielding new tactics to get victims to pay up, including threats to disclose stolen information or mount DDoS attacks if ransoms were not swiftly paid. Wüest went on to dissect the typical attack chain of a ransomware attack, as well as the growing breadth and sophistication of other attack strategies, highlighting this year’s challenges to cybersecurity operations and threat-hunting teams.

Based on those recent trends, Wüest offered his cyberthreat predictions for 2021, which showed a continuing upward trajectory for many of last year’s threats as well as the advent of some troubling new ones. Cybersecurity defenders can anticipate an increase in known attacks, abetted by automation and artificial intelligence to create more frequent and more dynamic attacks.

Among the risks expected to dominate this year’s cyberthreat landscape:

• Cloud services will continue to be targeted by attackers seeking to take advantage of the growing commercial reliance on serverless and containerized apps, and the immaturity of cloud management and protection skills.
• Remote workers will continue to be an easy target, with their softer infrastructure and occasionally-lax security practices.
• Ransomware and software supply-chain attacks will continue to trend upward in frequency, effective customization to specific targets, and ability to evade legacy security countermeasures.
• The increasing connectedness of operational technology to IT, the parallel growth of Internet of Things devices, and the advent of 5G wireless networks will open up additional attack surfaces to cybercriminals.

To delve into his detailed analysis of these threats, you can listen to a replay of the webinar. Wuest and his team also offered their insights into these trends in the recently published Acronis Cyberthreats Report.

Wüest concluded his keynote with recommendations to address this complex new threat environment, including vigilance in reviewing security designs and configurations; the breaking down of silos between security countermeasures via increased integration; improvements to logging, monitoring, and event correlation; better focus on credential protection with measures like multi-factor authentication; and a renewed commitment to security awareness education of users.

To illustrate how Acronis addresses these issues through the use of highly consolidated, integrated, automated, and AI-enabled cybersecurity and data protection services, Acronis Enterprise Solutions Architect John “J.D.” Perham gave a quick tour of Acronis Cyber Protect. J.D.’s demo highlighted the product’s multifaceted anti-malware capabilities, integrated vulnerability scanning and patch management features, and sophisticated data protection capabilities that are complementary to cybersecurity functions, including the collection of rich forensic data in backups.

Perham and Wüest wrapped up with a look at a variety of independent third-party testing labs that recently reported Acronis Cyber Protect as delivering top-rated performance in tests of anti-malware capabilities, exceeding the results of many large, legacy cybersecurity vendors. A detailed look at those performance results is available in the white paper Acronis Cyber Protect -- Wide Recognition in Independent Evaluations.

To learn how to protect yourself against software supply-chain attacks like the SolarWinds breach, get the new e-book Assessing and Mitigating Software Vendor Supply-Chain Cybersecurity Risk.