Just as we go off in the US to a long weekend to be thankful, Sophos brings some data in their threat report.
Three key trends from the report:
- The gap between ransomware operators at different ends of the skills and resource spectrum will increase.
- Everyday threats such as commodity malware, including loaders and botnets, or human-operated Initial Access Brokers, will demand serious security attention.
- All ranks of adversaries will increasingly abuse legitimate tools, well known utilities and common network destinations to evade detection and security measures and thwart analysis and attribution
Also of note, the report highlights that the secondary extortion market is created and growing as ransoms rise in the increased number of attacks. RDP remains the #1 attack vector for ransomware. Sophos also classifies the category of “Crimeware-as-a-Service”, and calls it the new normal.
Why do we care?
So, even the common every day ransomware is increasing in risk and penetration, the criminals have systemized, and security tools are being used against us. The report noted that COVID-19 is also an accelerant of attacks, just as it accelerates all trends.
This report is a pretty good read, and gives a comprehensive look at the current state of affairs.
Here’s my takeaway – I’m not a security expert, and even I can observe that what we are doing now isn’t working. 2021 needs to be about significant changes to change the trajectory.