Op-ed views and opinions expressed are solely those of the author.
Upheaval at the Cybersecurity and Infrastructure Security Agency (CISA) related to the outcome of the 2020 election at the end of the Trump administration led to the highly publicized and controversial firing of the former director of the Department of Homeland Security’s sub-division, Christopher Krebs.
His replacement, Brandon Wales, remains in the position as many media reports are now catching up to what many intelligence insiders have known for years – that America had been under attack in an international cyber war for years.
That said, as the US government continues to steer its focus on the perpetual scramble to protect critical infrastructure, the vulnerability of networks managed by individuals and small businesses has never been greater. As the COVID-19 pandemic and its associated lockdowns have raged on, many small business owners and remote employees have encountered additional risks as much of the American workforce has shifted to the cybersphere.
With less resources than ever as a result of lost business and the diversion of attention towards primarily working towards keeping companies afloat, hackers are poised to have their most profitable year ever in 2021. In consideration of those factors, here are the top cyber threats to watch out for in 2021:
- Ransomware: If nothing else, hackers are opportunists. COVID-19 made the year 2020 huge for ransomware attacks. According to Cyber Insurance provider Coalition, ransomware attacks were responsible for 41% of all cyber insurance claims submitted in the first half of 2020. Furthermore, the 2020 Crowdstrike Global Security Attitude Survey conducted in August and September of 2020 showed that 27% of ransomware victims had paid ransoms in the previous year, on average a whopping $1.1 million. Some of the rising variants of this threat include the Sodinokibi and Lucky ransomware strains.
- Threats from the inside of an organization: With the rise of telecommuting due to the COVID-19 pandemic, some shady employees may see a method to enrich themselves from the wealth of data now accessible without proper supervision. Prior to the pandemic, the 2020 Verizon Data Breach Investigations Report pointed out the fact that the growing trend of insider breach cases now make up about 30 percent of data related incidents.
- Phishing: Email phishing has always been the most commonly leveraged entry point for cyber-attacks. Businesses tend to exchange hundreds of emails and electronic messages on a daily basis. Hackers tend to choose the end of the workday, when employees are a bit tired and less sharp mentally to deliver fake emails with malicious links. All it takes is one employee clicking on a link to give hackers access to a company’s entire network.
- Database Exposure via Social Engineering: Database exposure compromises company information via social engineering, which is a form of psychological manipulation that tricks people into divulging confidential information. Hackers use this method to steal login credentials and access a company’s network. Most companies are known to store customer and employee data, financial records or other information including Social Security numbers on their database.
- Browser Hijackers force unsolicited content onto victims’ PCs: Browser hijackers are able to modify browser settings in order to redirect traffic to partner websites, for the purpose of generating ad revenue for hackers. Victims will see their browser homepage and default search engine be replaced with a phony version of a reputable internet search provider. The illegitimate search engine also has the ability to insert unwanted and intrusive banners and advertisements onto the pages of legit websites. Some of the more prevalent versions of this scam are the Google Redirect Virus and the Yahoo Search Redirect Virus.
- APTs target more than just major corporations: Advanced persistent threats (APTs) have been in the news heavily ever since the discovery of the devastating SolarWinds hacking attack. These threats use persistent and stealthy hacking techniques to penetrate a network and remain inside for an extended period of time. Although these attacks require much effort and are usually aimed at high-value targets like governments and large corporations, smaller businesses and individuals with links to larger entities are now being targeted as a gateway towards bigger game. Some of the more infamous APT groups are APT35 (Charming Kitten), APT38 (Lazarus Group), APT37 (Ricochet Chollima) and APT29 (Cozy Bear).
No one can predict with certainty what pitfalls 2021 will hold in the cybersphere, but recent history points to the possibility of refined hacking attacks based around worldwide events and the increased exploitation of lackadaisical security protocols by both businesses and individuals. Now, more than in any other time in history, investment in cybersecurity is of utmost importance.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including Newsmax, Townhall, American Thinker and BizPacReview.
- Biden’s ‘off limits’ invokes Obama’s ‘red lines’ after latest hack; are cybercriminals now in control? - July 11, 2021
- Does congressional grilling of Colonial Pipeline CEO foreshadow additional governmental intervention? - June 11, 2021
- Colonial Pipeline Ransomware attack just another symptom of weak natl. security - May 12, 2021