Some of our members has wrote a short summary about what to expect in 2021.
Especially on India, there should be more cybersec opportunities for nation perspective. As for the previous year, we saw that some most critical attacks can be seen when the year is about to end. Like last year, we had vpn gateway critical flaw, now we have sunburst. So I hope there will be much more interesting bugs next year. I expect that some new types of mutation ransomware to come in picture. Number of National wide apt attacks should decrease. There shouldn’t be another Fireeye hack If that happens then everyone should be able to grab that information from them. Also I am in my last year of graduation and I hope there are more job/internship oppurtinities.
I think that in 2021 there will be more blackhats trying to cause breaches and ofcourse i am 100% sure there will be more attacks like fireeye. The chain hackers have databases of many big companies which they have compromised with this attack and they will use that database against those companies and breach one by one. It can be more worse if database sold on darkweb. I also think that there will be a possibility for a huge ransomware attack on governments around the world.
1. .NET malware will be on the rise. As edr and siems become more mature, threat actors will have to find new ways of evading detection and one of their best methods is to interact directly with Windows apis, leaving me to believe we will see this activity increase.
2. We will see massive investment in cyber security following the solarwinds breach, especially at the governmental level. The United States is already talking about increasing both their cyber defense and offense budget, companies and governments are now aware of the potential impact of highly sophisticated actors and will take the threat more seriously.
3. We can expect more formal rules of engagement when cyber operations relate to geopolitics. The solarwinds breach is being discussed as a potential act of war in some circles. Most nations do not have a clear path of escalation in regards to cyber attacks, I see countries putting significant importance on deciding when and how they are going to respond to such intrusions, and for our industries sake, I hope they don’t start sending missiles as a response.
COVID-19 has forced many people to work remotely, which was something deemed unimaginable before the onset of the pandemic. More office computers are now likely to be configured to access company internal resources from the Internet, which may not have been the use case designed previously. From a risk perspective, CISOs need to understand whether the assumptions that governed the risk posture of corporate infrastructure still remains true in light of remote work (e.g. the trustworthiness of endpoints), and from their assessment, install additional defences as appropriate (e.g. pre-shared VPN configurations prior to accessing corporate infrastructure, anomaly detection systems to detect strange user behaviour). Remote working is likely to persist even after COVID-19 due to the cost advantages exhibited by remote work. Hence, corporate infrastructure must be planned with the assumption that the endpoints used to access corporate infrastructure may not always be trusted (physical tampering of corporate device, undetected local privilege escalation to modify local settings, propagation of pre-shared client configuration files)