- More attacks aimed at exploiting unpatched year-old vulnerabilities
- An increase in stealth/covert execution tactics
- APT-hackers-for-hire becoming the new norm
Based on this year’s business threat landscape report, these are likely a small part of the challenges organizations will face throughout 2021.
Bitdefender’s business threat landscape report reveals that the “new normal” thrust upon businesses as they accommodate a remote workforce also left them vulnerable to new attack vectors and facing major shifts in the threat landscape. From infrastructure misconfigurations to unpatched vulnerabilities and APT-hackers for hire, organizations have had a tough year in terms of workforce migration and changes in the threat landscape.
More information about the "new normal" state of cybersecurity can also be found in a recent webinar where we were joined by Forrester Senior Analyst Chris Sherman, who presented how how the buyer’s security challenges have evolved during the pandemic and How endpoint security is expected to evolve in the next 5 years. Click on the banner below to watch the full webinar.
Bitdefender business telemetry shows that 63.63 percent of all reported unpatched vulnerabilities involve CVEs that are older than 2018, potentially signaling that organizations have a large attack surface that threat actors could exploit. If the highlight of opportunistic threats in 2020 revolved around spear-phishing emails leveraging the Coronavirus pandemic, it’s likely that unpatched vulnerabilities will make the spotlight into 20201. If organizations don’t start adopting patch management solutions that asses the state of employees’ machines for unpatched vulnerabilities, companies could be at serious risk.
The use of PowerShell commands and scrips remains the preferred sub-technique that attackers use during the execution stage of attacks, accounting for 52.52 percent of all reported sub-techniques. With attackers focused on tactics that involve flying below the radar of traditional security solutions, it’s likely that organizations will have to reassess their security stack for 2021 to include more than just antimalware capabilities.
One of the biggest changes in the threat landscape involves the emergence of APT-hackers-for-hire, which forces companies of all sizes and across all verticals to reassess their threat model. While traditional APT attacks were something facing government entities and specific industries, APT-style attacks by APT-mercenaries completely change the security paradigm for all organizations.
Whether it’s companies being caught off guard by the rapid transition towards a remote workforce, or new threat landscape shifts, it’s likely that 2020 was just a catalyst for changes throughout 2021 as businesses seek to cope with the “new normal.” From infrastructure blind spots caused by the rapid transition to a work-from-home regime, to employees facing more risk than ever, and the emergence of APT-mercenaries, 2020 likely serves as a preview for what companies should expect in the next 12 months.
For more information about how the pandemic has changed the threat landscape for organizations, check out our 2020 Business Threat Landscape Report.