In quishing attacks, cybercriminals place QR codes containing malicious links in public places, such as parking meters or restaurants, or send these QR codes via email. Such attacks can result in financial losses, stolen personal data, or compromised device, cybersecurity experts warn.
January XX, 2026. At the start of January, the US Federal Bureau of Investigation (FBI) issued a warning against cyber attacks organised by North Korean cybercriminals who used fake QR codes to trick users into obtaining personal information. According to cybersecurity experts, similar attacks, also known as “quishing”, are on the rise not only in the US but in other countries, as cybercriminals look for new ways to profit.
Quishg (QR code phishing) is a phishing technique where cybercriminals try to trick users into scanning QR codes that lead to malicious websites. Organisations in several countries have issued warnings that bad actors place these QR codes on top of legitimate ones in public places such as kiosks, restaurants, or parking meters.
For example, last year, UK government institutions have warned users of fake QR stickers on parking machines, with victims being sent to spoofed payment pages. Meanwhile, the US Federal Trade Commission issued a similar warning about unexpected packages containing QR codes that led to phishing websites.
Such fake QR codes can also be shared online. For example, the FBI said that a North Korean state-sponsored cybercriminal group, called Kimusky, targeted employees of organizations by embedding malicious QR codes in an email. In one such instance, a QR code was presented as a way to download additional information.
According to cybersecurity experts at Planet VPN, a free virtual private network (VPN) provider, no matter where a fake QR code is placed, the scheme is similar. After scanning it, a user is often forwarded to a fake phishing website mimicking a legitimate one, such as a restaurant’s website, where cybercriminals may try to charge a user’s credit card.
According to Konstantin Levinzon, co-founder of Planet VPN, such scams can lead not only to financial losses but also to compromised devices.
“Quishing is phishing–just in a different wrapper. A QR code can lower people’s guard because this technology became ubiquitous only during the pandemic, and the threat still isn’t as widely recognized. It also shifts the “risky click” from a visible link to a quick scan, making the danger easier to miss. Attackers are refining these tactics every year and constantly finding new ways to trick users,” he says.
According to Levinzon, one reason why cybercriminals may favour QR codes in emails instead of regular phishing emails is that QR codes often bypass anti-phishing and scam filters, because these often analyze only text and links, but don’t analyze images.
And even if anti-spam filters in emails are equipped with QR code detection, cybercriminals often find new ways to bypass them, for example, by making QR codes in different colors.
Cybersecurity researchers at Proofpoint estimate that during the first half of last year, there were 4,2 million QR code-related threats. However, Levinzon says that the number is likely higher because many QR code scams are undetected.
When it comes to protecting against the growing threat, users are advised to be more deliberate about when and why they scan a QR code. If after scanning a QR code, a person is forwarded to a website that asks for payment or log-in details, this is a real warning sign.
Meanwhile, if a QR code is sent from an unknown sender via email, Levinzon advises contacting the sender directly before entering login credentials or downloading files.
“We recommend applying the same logic everywhere: stay skeptical whether you receive a message from a coworker or on your personal social media account. However, vigilance is only part of the story. To maximize security, users also need basic safeguards – use a VPN on public Wi-Fi, install updates promptly, use strong passwords, and enable multi-factor authentication on all accounts,” he says.
Among the many changes happening in the tech world, slow and steady improvements in security may be some of the least noted ones. While everyone cares about security in theory, the significant results of new security measures are usually not as visibly impressive as those of many other technological innovations. We just don’t (and can’t) see all the cyberattacks that didn’t happen thanks to secured technology.
But noting how cybersecurity is developing every once in a while is worthwhile for anyone who cares about the online world. Today, we’re taking a look at the important steps forward that the online casino industry has taken in regards to player safety.
Licenses Give Players a Basis to Judge By
When we’re talking about the security of online casinos, it would be fair to say that casino licensing systems have done the most to guarantee players a safe experience.
Many countries have their own authorities, gambling commissions, that provide licenses to online casinos that can prove themselves to be serious companies with a focus on player experience. Casinos can prove to players that they’re trustworthy, and players have an easy way of identifying secure casinos through their license. An easy way to find secure UK licensed online casinos is to use the review site Hityah.
Among the most popular and reputable licenses are the MGA license, the Curaçao license, and the UKGC license.
New, Safe Payment Methods Have Been Introduced
Online payment methods have come far in the 30-something years they’ve existed. Today, we have hundreds of different ways to pay online.
Many secure options are available at casinos. Today, you can usually choose between paying with a card, electronic banking, e-wallets, and prepaid coupon-based cards. Online platforms also employ a trusted payment gateway, meaning that they don’t ever touch your sensitive information – only the trusted third party does.
There are also plenty of crypto-friendly platforms for those who prefer not to share their payment information at all when making a deposit. On top of being secure, there are other benefits to crypto platforms. Robbie Purves from esports.net lists fast banking, anonymity, access anywhere, and high limits to deposits and withdrawals as some of the most notable benefits.
Information Is More Carefully Encrypted and Secured
The World Wide Web has come a long way when it comes to security. These days, high-level encryption during information transfers is the standard. Almost all websites are now relatively secure and protected against malicious third-party hackers.
Through encrypting information while it’s being sent from one server to another, data leaks become less common. Even if someone does get their hands on the data, they have to figure out how to decrypt it for it to be useful – a task that can prove difficult and resource-consuming without the right key.
For the most part, this isn’t even something websites like online casinos actively have to employ. As the net is getting more secure, protocols like HTTPS are simply the standard that all websites end up utilizing.
Online Security and the Future
Cybersecurity is an incredibly important field, with a demand set to keep increasing. As more and more devices, tools, and people are connected to the net, it becomes more and more important that no one has unauthorized access.
New tools are being developed all the time. As devices get more sophisticated tools, cybercriminals figure out more sophisticated ways of hacking these tools. That’s why the continued development of higher and higher security and more is always going to matter – cybersecurity is a never-ending cat-and-mouse game.
But what’s important to note is that the user is often the weak link in the security system – it is often users who unknowingly give hackers the access they need.
“There’s plenty you can do to protect your own devices, data, and privacy,” writes Neil J. Rubenking from PC Mag.
“Making your devices, online identity, and activities more secure doesn’t take much effort. Several of the following tips boil down to little more than common sense, yet they’ll help keep you safer online.”
While the continued improvement of security at online casinos is crucial, player awareness could be the most important tool for protecting player data and access, and must not be forgotten in the shadow of more exciting technology.
Like most areas of our society, health care has wholeheartedly embraced the boom of digital technology. Computerised equipment and ‘smart’ medical devices have revolutionised patient care, and looking back on the last twenty years, the sorts of advancements that have come about are nothing short of outstanding.
Of course, it’s not perfect. As is the case with any infrastructure that relies heavily upon technology, there’s always the concern of cyber security. In this article, you’ll learn about the main considerations medical institutions need to make.
On Data Breaches
Given the vast amounts of personal, sensitive data that hospitals and medical centres deal with on a daily basis, they’ve become a prime target for cybercriminals.
Whether it be stealing patient medical histories, financial records, insurance details, bank information, and more, hackers frequently seek to target hospitals for the immense value this sort of data has on the black market for use in fraud and ransom schemes.
Thankfully, hospitals have now started to employ rigorous encryption methods to ensure patients are protected.
The Risk Involved With Medical Devices
While there wasn’t much concern even ten years ago, the leap in technological advancements seen in medical devices has become a hot topic where cybersecurity is concerned.
More and more frequently, implantable devices and screening equipment are connected to the internet as standard; this can offer very valuable insight for researchers, but it comes at the added cost of potentially compromising cyber security.
Aside from the obvious worrisome issue of personal data being leaked, there’s the much more serious implication of hackers being able to interfere with the actual mechanisms of these devices – a very dangerous precedent for patient safety.
Thankfully, companies like Blue Goat Cyber exist: they work to secure medical devices from a cybersecurity perspective before they even hit the market.
Training and Awareness in Cybersecurity
When we’re talking cybersecurity, it’s mostly all about letting the latest technology do the work. That doesn’t mean to say that human intervention isn’t crucial, however.
Over the last several years, hospitals and medical centres have placed a huge focus on training their staff on how to safely handle sensitive and private data. This sort of training includes cyber hygiene (how to keep data organised and properly dispose of information no longer needed), how to distinguish fishing from regular email, and what steps to take to appropriately damage control in the unfortunate event that an attack does happen.
Protecting against cyber attacks in a medical setting requires tight collaboration, as it can only take one weak link to have everything fall down like a stack of cards. Software and hardware – if properly maintained – is usually always rocksteady, so human error represents a key area for risk mitigation.
Wrapping Up While data breaches and cyberattacks in hospitals may be a scary prospect, with rigorous testing, thorough staff training, and the use of the latest cybersecurity software and hardware, the risks can be managed sufficiently enough that there isn’t a major cause for concern. Hopefully, you now have a better idea of how this standard can be accomplished.
HP Ireland today issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are relying on open redirects, overdue invoice lures, and Living-off-the-Land (LotL) techniques to sneak past defences. The report provides an analysis of real-world cyberattacks, helping organisations to keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape.
Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include:
Attackers using open redirects to ‘Cat-Phish’ users: In an advanced WikiLoader campaign, attackers exploited open redirect vulnerabilities within websites to circumvent detection. Users were directed to trustworthy sites, often through open redirect vulnerabilities in ad embeddings. They were then redirected to malicious sites – making it almost impossible for users to detect the switch.
Living-off-the-BITS: Several campaigns abused the Windows Background Intelligent Transfer Service (BITS) – a legitimate mechanism used by programmers and system administrators to download or upload files to web servers and file shares. This LotL technique helped attackers remain undetected by using BITS to download the malicious files.
Fake invoices leading to HTML smuggling attacks: HP identified threat actors hiding malware inside HTML files posing as delivery invoices which, once opened in a web browser, unleash a chain of events deploying open-source malware, AsyncRAT. Interestingly, the attackers paid little attention to the design of the lure, suggesting the attack was created with only a small investment of time and resources.
Patrick Schläpfer, Principal Threat Researcher in the HP Wolf Security threat research team, comments:
“Targeting companies with invoice lures is one of the oldest tricks in the book, but it can still be very effective and hence lucrative. Employees working in finance departments are used to receiving invoices via email, so they are more likely to open them. If successful, attackers can quickly monetise their access by selling it to cybercriminal brokers, or by deploying ransomware.”
By isolating threats that have evaded detection-based tools – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.
The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include:
At least 12% of email threats identified by HP Sure Click* bypassed one or more email gateway scanners.
The top threat vectors in Q1 were email attachments (53%), downloads from browsers (25%) and other infection vectors, such as removable storage – like USB thumb drives – and file shares (22%).
This quarter, at least 65% of document threats relied on an exploit to execute code, rather than macros.
Val Gabriel, Managing Director at HP Ireland, comments:
“Living-off-the-Land techniques expose the flaws of relying on detection alone as try sneak past defences. As they are using legitimate tools, it can be difficult to spot threats without throwing up a lot of disruptive false positives. Threat containment provides protection even when detection fails, preventing malware from destroying user data or credentials, and preventing attacker persistence. This is why organisations should take a defence-in-depth approach to security, isolating and containing high-risk activities to reduce their attack surface.”
HP Wolf Security runs risky tasks in isolated, hardware-enforced disposable virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that slip past other security tools and provides unique insights into intrusion techniques and threat actor behaviour.
About the data
This data was gathered from consenting HP Wolf Security customers from January-March 2024.
In the digital age, where cyber threats are increasingly sophisticated, protecting your iPhone’s data is more critical than ever. Virtual Private Networks (VPNs) offer a robust line of defense, ensuring your digital privacy and security in various ways. Let’s explore how a quality VPN, such as arobust VPN for iPhone, can shield your device from numerous cyber threats.
Encryption of Data Transmission
The fundamental security feature of any VPN is its ability to encrypt data transmissions. When using a VPN on your iPhone, your data is secured in an encrypted tunnel, rendering it unreadable to potential interceptors. This encryption is particularly vital when transmitting sensitive information, such as passwords or financial data. VPNs employ advanced encryption protocols like OpenVPN or IKEv2/IPsec, balancing maximum security with optimal speed. This encryption ensures that your personal information remains confidential, safeguarding it against cyber criminals who may intercept network traffic.
Securing Public Wi-Fi Connections
Public Wi-Fi networks are convenient but notoriously insecure, making them prime targets for cybercriminals. A VPN secures your iPhone’s connection on these networks by routing your internet traffic through encrypted servers. This hides your online activities from potential snoops on the same network. By using a VPN on public Wi-Fi, you substantially lower the risk of cyber attacks, keeping your personal information safe from the vulnerabilities commonly found in these networks.
Anonymizing Online Activities
Anonymity is a crucial aspect of cybersecurity. A VPN masks your iPhone’s IP address, making your online activities anonymous and protecting you against targeted cyber-attacks and surveillance. This anonymity makes it challenging for hackers to track your online movements or determine your physical location, providing a critical barrier against identity theft and digital espionage.
Blocking Malicious Sites and Adware
Beyond encryption and anonymity, many VPNs offer integrated features to block access to malicious websites and ads. This is a proactive security measure, vital in an era where cyber threats are constantly evolving. By filtering out harmful content, a VPN can prevent your iPhone from being compromised by malware, protecting your personal data from unauthorized access or theft.
Regular Updates and Security Patches
The dynamic nature of cyber threats necessitates regular software updates. A VPN that frequently updates its software ensures protection against the latest vulnerabilities and threats. These updates often include security patches for newly discovered exploits, keeping your iPhone secure against emerging cyber threats. A commitment to regular updates is essential for maintaining high security on your iPhone, protecting it from the plethora of evolving cyber risks.
In conclusion, employing a VPN on your iPhone is a prudent step towards enhancing your digital security and privacy. It provides a multifaceted defense mechanism against various cyber threats, from encrypting data to blocking malicious sites. Remember, not all VPNs are created equal. Choose a VPN that offers comprehensive features and regular updates to ensure the best protection for your iPhone in the ever-changing landscape of cybersecurity.
HP Ireland today issued its quarterly HP Wolf Security Threat Insights Report, showing how threat actors are chaining different combinations of attacks together like toy bricks to sneak past detection tools. It comes as the Government has published the Mid-Term Review of the National Cyber Security Strategy 2019-2024 plan to boost cybersecurity, which includes measures to support the potential growth of the cybersecurity industry.
The research has found that by isolating threats that have evaded detection tools on PCs, HP Wolf Security has specific[i] insight into the latest techniques used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 30 billion email attachments, web pages, and downloaded files with no reported breaches.
Based on data from millions of endpoints running HP Wolf Security[ii], the researchers found:
It’s playtime for cybercriminals using building block style attacks: Attack chains are often formulaic, with well-trodden paths to the payload. Yet creative QakBot campaigns saw threat actors connecting different blocks together to create unique infection chains. By switching up different file types and techniques, they were able to bypass detection tools and security policies. 32% of the QakBot infection chains analysed by HP in Q2 were unique.
Spot the difference – blogger or keylogger: Attackers behind recent Aggah campaigns hosted malicious code within popular blogging platform, Blogspot. By hiding the code in a legitimate source, it makes it harder for defenders to tell if a user is reading a blog or launching an attack. Threat actors then use their knowledge of Windows systems to disable some anti-malware capabilities on the users’ machine, execute XWorm or the AgentTesla Remote Access Trojan (RAT), and steal sensitive information.
Going against protocol: HP also identified other Aggah attacks using a DNS TXT record query – typically used to access simple information on domain names – to deliver the AgentTesla RAT. Threat actors know the DNS protocol is not often monitored or protected by security teams, making this attack extremely hard to detect.
Multi-lingual malware: A recent campaign uses multiple programming language to avoid detection. Firstly, it encrypts its payload using a crypter written in Go, disabling the anti-malware scanning features that would usually detect it. The attack then switches language to C++ to interact with the victim’s operating system and run the .NET malware in memory – leaving minimal traces on the PC.
Val Gabriel, Managing Director of HP Ireland, comments:
“In Q2, we welcomed the Government’s plan to boost cybersecurity in Ireland but there is still a long way to go. We have observed that the top threat attack vectors that can be exploited to break into an IT system, is email (79%) and browser downloads (12%). Our research shows thattoday’s attackers are becoming better organised and more knowledgeable. It’s easier for attackers so exploit any security gaps by knowing the best entry points and how to easily navigate systems. To limit the chances of a security breach, businesses and users should avoid downloading files from untrusted sites or clicking on any suspicious links.”
The report details how cybercriminal groups are diversifying attack methods to bypass security policies and detection tools. Key findings include:
Archives were the most popular malware delivery type for the fifth quarter running, used in 44% of cases analysed by HP.
Q2 saw a 23% rise in HTML threats stopped by HP Wolf Security compared to Q1.
There was a 4%-point increase in executables from 14% to 18% from Q1 to Q2, mainly caused by usage of the PDFpower.exe file, which bundled software with a browser hijacking malware.
HP noted a 6%-point drop in spreadsheet malware (19% to 13%) in Q1 compared to Q4, as attackers move away from Office formats that are more difficult to run macros in.
At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanner in Q2.
The top threat vectors in Q2 were email (79%) and browser downloads (12%).
Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc., comments:
“While infection chains may vary, the methods of initiation remain the same – it inevitably comes down to the user clicking on something. Instead of trying to second guess the infection chain, organisations should isolate and contain risky activities such as opening email attachments, clicking on links, and browser downloads.”
HP Wolf Security runs risky tasks in isolated, hardware-enforced virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behaviour.
No matter what type of business you might be running, the danger of cyberattacks is always present. According to thelatest trends, cybercrime will cost companies over $10.5 trillion every year by 2025. That’s why you should do whatever you can to secure your company’s data and servers. Most traditional methods such as antivirus and antimalware software often aren’t enough to prevent hackers from breaching your systems. That’s why you should think about investing in a proxy server, for example, a Japanese Proxy, and appear as a private user from another country. Stay with us, and we’ll explain everything in more detail.
Web Proxy? What is it?
But before we get to the benefits of using proxies, we first have to explain what they are. Proxy servers are privately owned servers found in locations all over the globe. Most proxy providers have a server in dozens of different countries and across all continents. These servers generate real IP addresses, and the more there are, the better. Every time you want to connect to the internet using a proxy, you connect through a proxy instead of connecting directly from your device. That gives you an extra layer of protection and can send hackers on a wild goose chase. Apart from that, proxies offer other benefits, but we’ll get to that in a moment.
What Proxies Do
Proxies act as a middleman between your device and the internet. When you want to access a website or a server, you leave your IP address. It works as a virtual postal address, and it helps the server send the information to the right place. That’s how the internet works. The problem is, once a website or server gets your IP address, they can easily find out your location, browsing preferences, and other personal information. Proxies simply switch your original IP with another located far from your original location, making it impossible to track you down. As a company, proxies can provide you withall kinds of benefits that will help you improve your operation and stay safe from cybercriminals.
Now we get to the good stuff – the benefits. As we already explained, proxy services hide your original location, making it much harder for anyone to track your online activity. However, they also provide some other benefits that will undoubtedly help your business in the long run. Here’s what you can expect.
Better Connection Speeds
Proxy servers remember the files and websites you frequently visit, speeding up your connection and loading time. So, instead of loading everything from scratch every time you go online, proxies will display the information you need much faster, freeing up the bandwidth and upping the loading time.
Bypass Geo-Restrictions
You can also use proxies to bypassgeo-restrictions and internet censorship. Some areas of the world limit the data and type of files you can access. For example, you can’t access some of the content in Japan, while Japanese people can. But, if you get a Japanese proxy, you’ll be able to use all Japanese websites even if you’re not in Japan. Employee Internet Usage Control You can also use a proxy server to limit internet use within your company. For example, you can create a list of websites or areas in the world you want to block. The proxy will simply prevent your employees from loading those websites while at work.
Common Business Uses
Now, when it comes to business uses, proxies have a very wide application. Professional proxy services like SmartProxy, offering over 100M+ residential IPs covering 195+ countries, are tailored to meet the needs of large-scale concurrent data collection and precise geolocation. They are mostly used for common practices such as competition monitoring, web scraping, gathering user reviews on your brand, and so on. Here are a few more applications:
Web Scraping
Finding the right information you need to improve your business is crucial for your success. However, most of your competitors and websites will try to prevent you from scraping their data. They can block you once they know your IP address, but if you mask it with a proxy, you’ll appear as a different user, so they won’t know who to block.
Better Security
Knowing what websites your employees visit and limiting their choice will go a long way in protecting your sensitive information. Not only that, since no one will be able to track your online activities, you will drastically reduce the chances of a cyberattack.
Conclusion
Proxy servers are definitely a must if you want to stay safe and hidden from cybercriminals. However, they can also help you conduct web scraping projects without interference, speed up your website, limit internet use within the company, and of course, help you bypass geo-limitations. Just like the example with a Japanese proxy. If you are interested in various proxy pools, visit Oxylabs website and learn more about proxies in multiple locations around the world.
HP today released its 2021 predictions on how security threats – such as human-operated ransomware, thread hijacking, unintentional insider threats, business email compromise and whaling attacks – are set to increase in the next 12 months.
“Organizations have had a tough 2020, and in Ireland specifically, the financial services and healthcare sectors have been particularly vulnerable to attacks. The shift to remote working has widened the attack surface and made life even more difficult for security teams, meaning the days of the hardened perimeter are behind us. Now, more than ever, organizations need to shift their focus to delivering protection where it is most needed: the endpoint. Over the course of 2020, we have seen hackers become increasingly targeted, while also using sophisticated lures to trick users into engaging in risky behaviours. Over the next 12 months we will see more of the same, with targeted and sophisticated attacks directed at users and endpoints,”
Gary Tierney, Managing Director at HP Ireland. “Organizations cannot afford to close their eyes and hope for the best in 2021, which is why it’s critical that they adopt a protection-first approach to endpoint security to keep them a step ahead of cybercriminals.”
HP’s cybersecurity experts including – Julia Voo, Global Lead Cybersecurity and Tech Policy; Joanna Burkey, CISO; Boris Balacheff, Chief Technologist for Security Research and Innovation at HP Labs; Dr Ian Pratt, Global Head of Security for Personal Systems; and Alex Holland, Senior Malware Analyst – and experts from HP’s Security Advisory Board – Justine Bone, CEO at MedSec; and Robert Masse, Partner at Deloitte – all gave their predictions for the year ahead.
Weakened organizational security will lead to more unintentional insider threats
The dramatic changes to how we work in 2020 and the shift to remote working will continue to create challenges, says Julia Voo: “COVID-19 has weakened organizational security. Remote access inefficiencies, VPN vulnerabilities and a shortage of staff that can help the business adapt means data is now less secure.” From a cybercriminal’s perspective, the attack surface is widening, creating more opportunities, as Joanna Burkey explains: “We can expect to see hackers identifying and taking advantage of any holes in processes that were created, and still exist, after everyone left the office.”
Boris Balacheff points out that this also means that home devices will be under increased pressure: “We have to expect home infrastructure will be increasingly targeted. The scale at which we operate from home increases the incentive for attackers to go after consumer IoT devices and pivot to business devices on the same networks. And as we know, if attackers are successful with destructive attacks on home devices, remote workers won’t get the luxury of having someone from IT turning up at their door to help remediate the problem.”
Burkey also believes there will be more unintentional insider threats: “With employees working remotely, the lines between work and personal equipment are blurred, and innocent actions – such as reading personal email on a company machine – can have serious consequences.” Overall, the pandemic has increased the risk of employees making errors, as Robert Masse explains: “If you view the pandemic as a war experience, then organizations will be dealing with employee burnout. This can lead to an increased risk of errors in judgement.”
Human-operated ransomware attacks will remain an acute threat
Ransomware has become the cybercriminal’s tool of choice, and this is likely to continue in the year ahead, comments Burkey: “What we’ll see is a rise in ransomware-as-service attacks where the threat is no longer the ‘kidnapping’ of data – it’s the public release of the data.”
The rise of ransomware has fueled the growth of an ecosystem of criminal actors who specialize in different capabilities needed to pull off successful attacks. Malware delivered by email, such as Emotet, TrickBot and Dridex, are often a precursor to human-operated ransomware attacks. “To maximize the impact of an attack, threat actors use their access to compromised systems to deepen their foothold into a victims’ networks. Many crews use offensive security tools to gain control of a victim’s domain controllers, which are often the best point in a network to deploy ransomware,” explains Dr Ian Pratt.
This trend is of particular concern to those in the public sector, as Alex Holland explains: “The rise of ‘double extortion’ ransomware, where victim data is exfiltrated before being encrypted, will particularly hurt public sector organizations, who process all manner of personally identifiable information. Even if a ransom is paid, there is no guarantee that a threat actor won’t later monetize the stolen data.”
Greater innovation in phishing will see thread hijacking and whaling attacks
In 2021, there will be more innovative phishing lures designed to trick users and make attacks harder to identify. “The most innovative mass phishing technique we see is email thread hijacking, which is used by the Emotet botnet. The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. This data is then used to reply to conversations with messages containing malware, making them appear very convincing,” explains Dr Ian Pratt. We can also expect to see more of these attacks targeting individuals working remotely, says Justine Bone: “Thanks to everything relying on strong authentication, as opposed to in-person presence, there is more opportunity for hackers to engage in social engineering to trick employees into divulging credentials.”
The prospect of continued social isolation has encouraged people to share more personal information online, which cybercriminals can weaponize. “Whaling, a form of highly targeted phishing attack aimed at senior executives, will become more prominent with cybercriminals able to take personal information shared online to build convincing lures leading to business email compromise fraud,” comments Masse. Many of these phishing emails will continue to exploit people through fear, according to Voo. “New fears will be used to drive people to open malicious emails – whether it’s COVID vaccines, financial concerns related to the lockdown and any political instability.”
Hackers will tailor attacks to target specific verticals – in particular, critical infrastructure, pharma and healthcare, Industrial IoT and education
One of the most at-risk verticals in 2021 will be healthcare. “Healthcare has been a perfect target – society depends on it and these organizations are typically under-resourced, change-averse and slow to innovate. Education also fits this criterion and could be another prime target,” says Bone. However, this threat extends beyond hospitals and doctor’s surgeries into more critical areas. “Due to the race to develop a new vaccine, pharmaceutical companies and research facilities will also continue to face adverse risk,” comments Masse.
But the next 12 months will also see other targets come into consideration for hackers. “Car makers, particularly EV companies, will become bigger targets as they grow in prestige and profitability, and we can also expect to see critical infrastructure and the Industrial Internet of Things continue to be in hackers’ crosshairs,” explains Masse.
Zero trust is here to stay, but needs to be implemented in a way that is transparent to the user
Zero trust as a concept isn’t new, but the increase in remote working means that it is now a reality that organizations need to accept. “The traditional ways of securing access to the corporate network, applications and data are no longer fit for purpose. The perimeter has become obsolete. Over the years the workforce has become more dispersed, and SaaS adoption has risen – this means critical data is being hosted outside the enterprise firewall. The time has come for organizations to start protecting against the unknown, which means utilizing zero trust, but in a way that is transparent to the user,” comments Pratt.
COVID-19 will be a key driver behind zero trust adoption and also means we’ll see greater innovation in this area. “Zero trust is the best defensive approach for enabling remote working, but for identity and access management to be seamless it needs to be easy to use. Quality authentication methods are a key enabler of zero trust, which is why technologies such as biometrics will be expected by end users in the future,” comments Bone.
A new approach to security is needed
“2020 demonstrated that is has become critical to manage highly distributed endpoint infrastructure,” comments Balacheff. “Organizations need to accept that the future is distributed. Everything from remote workers’ devices to industrial IoT devices have become the new frontlines of the cybersecurity battleground in our increasingly cyber-physical world. To meet this challenge, organizations need to re-think their security architectures and controls, and embrace the necessary innovation in technology and processes to help them support this new environment. For example, modern hardware technology exists that can help not only protect but also recover employees remotely and securely in the face of destructive attack like those we have seen in the last few years.”
“Organizations face a huge security challenge in the year ahead, with cybercriminals becoming savvier about how to extract the most value out of victims,” comments Ian Pratt. “Relying on detection alone will only result in an unsatisfactory outcome for the organization, so a more architecturally robust approach to security is required; one that builds protection in from the hardware up. Hardware-enforced technologies like micro-virtualization are transparent to the end user – this means they can click on email attachments and download files as they normally would, but are safe in the knowledge that if anything is malicious, it is rendered harmless. This protection-first approach leaves hackers with nothing to steal and no way to persist, helping organizations to deal with the variety of threats 2021 and beyond will throw at them.
