Announcement of 10. December 2020

G DATA IT Security Trends 2021: Cyber attacks are becoming more aggressive, more targeted and smarter

Criminals are using Malware-as-a-Service and polyglots to carry out complex attacks that are difficult for security solutions to counter

Cyber criminals are ‘working from home’ as well it seems, as attacks are actually on the increase, rather than decreasing. Companies must prepare themselves for ever more sophisticated attacks. G DATA CyberDefense explains the IT security trends for 2021.

What is the difference between coronavirus and IT security in 2021? While the number of people who are falling ill is decreasing and normality is returning due to effective vaccines, the number of cyber attacks will continue to rise in the coming year. Various factors are responsible for this trend.

Andreas Lüning

The coronavirus crisis has clearly shown us that a secure IT infrastructure is as existential as the supply of electricity or water. Unfortunately, cyber criminals are also taking advantage of the current push towards digitalisation for their own ends and will increase their attack efforts in the future. In doing so, they are also starting to rely on automated attacks to infiltrate networks. Anyone who does not invest in IT security now is taking a gamble, with the benefits of digitalisation at stake.

Andreas Lüning

co-founder and CEO of G DATA CyberDefense

Complex cyber attacks with Malware-as-a-Service and smart malware

Criminal hackers are always looking for new tricks to hijack networks, PCs or mobile devices. They are increasingly using malware suites that combine different types of malware such as keyloggers, information stealers and ransomware. The attackers do not even have to develop the software themselves. They simply assemble the individual parts. They acquire the components for this as Malware-as-a-Service in underground forums. This process is the logical continuation of an existing trend. Users who become victims of such an attack lose their digital identity in one fell swoop. This is because the attackers either re-use the login data or sell it themselves in the dark net. And even if victims have paid a ransom to prevent the publication of their personal data, this is no guarantee that the data will not be published anyway.  

Another trend is that cyber criminals are combining harmless files with malware to undermine security solutions. In so-called polyglot attacks, for example, the attackers link a harmless *.exe file with a malicious *.jar file. At the same time, malware is becoming smarter. Using simple mathematical methods, the malware determines the victim's financial status and adjusts the ransom demands for encrypted data accordingly. The presence of Bitcoin wallets, or an extensive collection of PC games, for example, can serve as indicators that provide a possible clue to the victim's financial strength.

Swindling on the smartphone

Smartphones still remain an attractive target for cyber criminals. The danger is set to increase through so-called fleeceware apps. These apps offer short, free tests, leading to monthly subscriptions and in-app purchases that subsequently add up to hundreds of euros a year. The in-app purchases are indispensable for using certain app functions, optional extensions or extras. Especially perfidious is aggressive online advertising and fake five-star ratings to convince unsuspecting users to install the apps.

A rethink is needed in the area of mobile security. In the coming year, companies will experience attacks on employees' smartphones as they are no longer used just for communication. Thanks to people working from home, the business mobile phone has gained in importance. Over and above it being a mere means of communication, it is part of the security architecture with two-factor authentication. However, many companies have not yet thought this strategy through to its conclusion. For example, many managers still have to work out what happens if employees lock themselves out of the two-factor procedure, for example if the device is stolen or lost. Basically, they have to find new ways for on- and off-boarding in times of coronavirus and beyond. This requires a shrewd mix of security and usability. Only then will modern security procedures bring added value for companies and employees.

In the sights of the attackers - employees and medium-sized companies

The number of attacks on small and medium-sized enterprises is set to increase sharply. These are the companies that still believe their networks and websites are secure enough because they are not a worthwhile target for criminal hackers. But this is a misconception, because criminal hackers have realised that these companies also offer them an opportunity to make quick and easy money. Small and medium-sized enterprises especially should deal more intensively with the subject of IT security. Moreover, in increasingly interconnected supply chains, they provide a loophole in cyber defence to infiltrate larger companies. What many companies are not aware of is that attacks today are increasingly carried out fully automatically - for example when a new vulnerability is published. Therefore a company does not have to be particularly 'interesting' in order to become a target. Thanks to the increasing division of labour among criminal groups, some take care of the initial infection and then sell the access data to other groups. The latter then runs a ransomware attack, perhaps, to refinance the investment and to turn a profit.

Phishing is getting better and better and is reacting to current events within short periods of time. In the coming year, it can be expected that users will increasingly be offered vaccines instead of potency-enhancing drugs or face masks.

Tim Berghoff

We expect that next year criminals will try to make users believe they have something like a “fast pass” to a coronavirus vaccination. If so, it is important to rely only on information from official authorities and to be critical of any shortcuts that are being offered.

Tim Berghoff

Security Evangelist at G DATA.

Phishing attacks are also relying more and more on well-known trust elements to make users believe that they are safe, such as HTTPS-encrypted connections to phishing sites. However, users should not be taken in by this. A green lock only means that communication with the website cannot be tapped - not that the content is legitimate.

So, once again next year, there will hardly be time to relax or let your guard down, even if some sense of normalcy returns. But, with a mixture of the right security solution and critical attention to IT security issues, many IT security problems can be overcome - even in uncertain times.


Announcement of 10. December 2020