Security company Eset is warning about a series of new cyber threats in 2021, exploiting everything from the remote-working boom to the rise of smart sex toys.
Trend #1: The future of work – embracing a new reality
The advent of the Covid-19 pandemic has ushered in mass implementation of remote working, which has seen a heavier reliance on technology than ever before. This shift away from the office has brought benefits for employees, but it has also left companies' networks vulnerable to attack.
Eset security specialist Jake Moore said: "We have all learned that working remotely can benefit organisations; however, I don't think that we will continue to work remotely five days a week. More employees around the world will naturally and effortlessly migrate to what works for them and their businesses.
"As more and more of our working and home lives become digitised, cybersecurity will remain the lynchpin of business safety. Cyberattacks are a persistent threat to organisations, and businesses must build resilient teams and IT systems to avoid the financial and reputational consequences of such an attack."
Trend #2: Ransomware with a twist – pay up or your data gets leaked
With ransomware attackers seeking greater leverage to coerce victims into paying, as well as upping the ante in ransom demands, the stakes are increasing for victims.
Exfiltration and extortion may not be new techniques, but they are certainly growing trends - as F&P Appliances discovered earlier this year when hackers spilled some of the whiteware maker's budget and planning documents onto the web in a bid to make it cough up after a ransomware attack (the company refused).
The same happened to Toll Group, which also ultimately refused to pay up (although not everyone was so noble.
Blackbaud, which had data stolen from clients including Auckland University, did pay up).
"Thwarted attacks or diligent backup and restore processes may no longer be enough to fend off a committed cybercriminal who's demanding a ransom payment," Eset expert Tony Anscombe says.
"The success in monetising due to a change of technique [to blackmail] offers cybercriminals an increased chance of a return on investment. This is a trend that, unfortunately, I am sure we will witness more of in 2021."
Trend #3: Beyond prevention – keeping up with the shifting sands of cyberthreats
In recent years, cybercriminal groups have turned to using increasingly complex techniques to deploy highly targeted attacks.
Some time ago, the security community began to talk about "fileless malware" attacks, which piggyback on the operating system's own tools and processes and leverage them for malicious purposes.
These techniques have gained more traction recently, having been employed in various cyberespionage campaigns and by various malicious actors, mainly to hit high-profile targets such as government entities.
Camilo Gutiérrez Amaya, an Eset research, said: "Fileless threats have been evolving rapidly, and it is expected that in 2021 these methods will be used in increasingly complex and larger-scale attacks. This situation highlights the need for security teams to develop processes leveraging tools and technologies that not only prevent malicious code from compromising computer systems, but that also have detection and response capabilities – even before these attacks fulfill their mission."
Trend #4: Bad vibes – security flaws in smart sex toys
With new models of smart toys for adults entering the market all the time - many of which can be remotely controlled by a partner at the other end of an internet connection - research has shown that we are a long way from being able to use smart sex toys without exposing ourselves to the risk of a cyberattack.
Now, these findings are more relevant than ever, as we are seeing a rapid rise in sex toy sales as a reflection of a global health crisis and the social distancing measures related to Covid-19, Eset says.
Cecilia Pastorino, Eset Security Researchers, commented: "The era of smart sex toys is just beginning. The latest advances in the industry include models with VR [virtual reality] capabilities and AI-powered sex robots that include cameras, microphones and voice analysis capabilities based on artificial intelligence techniques.
"As has been proven time and time again, secure development and public awareness will be key to ensuring the protection of sensitive data, while we empower users to become smart consumers who are able to demand better practices from vendors in order to maintain control of their digital intimacy in the years to come."
The market segment can be played for laughs.
A security vulnerability in a smart chastity belt - which was discovered before hackers could exploit it to clamp users en masse - was labelled a "painful flaw," for example.
But Eset adds a more serious context, saying: "We cannot talk about the implications of an attack on a sexual device without also reassessing the significance of sexual abuse in the context of the digital transformation that society is going through.
"What are the consequences of someone being able to take control of a sexual device without consent? "Could that be described as an act of sexual assault?
"The notion of cybercrime takes on a different appearance if we look at it from the perspective of invasion of privacy, abuse of power, and lack of consent for a sex act. Consent obtained through fraud is no consent at all, and this legislative gap in current laws will need to be resolved in order to ensure the sexual, physical, and psychological safety of users in the digital arena."