Threat Trends for Security Professionals to Watch in 2021

This Blog is an excerpt of the 2021 Threat Report by BlackBerry.

BlackBerry researchers and security professionals were asked to provide their cybersecurity predictions for the upcoming year. They ask users to stay aware of the following threat trends as 2021 progresses.

Ransomware Attacks Will Continue to Leverage the Double Extortion Strategy

Threat actors will continue to conduct ransomware attacks while utilizing double extortion to pressure a victim to pay ransom this year. Throughout 2020, cyber criminals strategically stole the victim’s data before encrypting it, then threatened to release the stolen information to the public, or even to a competitor. This tactic is used to compel the victim to pay (or at least engage with) the attackers to recover their data. The strategy has driven up the average ransom payments throughout 2020, even though there are no guarantees that attacker-owned copies of the victim’s data will be deleted. Instances have been discovered where attackers still released the victim’s data even after receiving the ransom payment.

Threat Actors Contacting Patients as Part of Healthcare Extortion Strategies

Throughout 2020, healthcare organizations continued to top the target list of cyber attacks. The healthcare industry is critical for providing services during the pandemic and also holds confidential data like medical records, which are extremely valuable to attackers. Threat researchers saw cases where medical records were weaponized to facilitate the attacker’s objectives.

In October 2020, a Finnish psychotherapy center had their systems attacked and patient data stolen. Not only did the attackers demand a ransom from the psychotherapy center, they also contacted patients individually seeking a ransom of 200 Euros in bitcoins. The threat actors ultimately published the records of at least 300 patients via a Tor site3 . This tactic could become more popular throughout 2021, especially when combined with traditional ransomware attacks. Furthermore, it could also provide additional pressure on healthcare service providers from patients who are being extorted individually, leading to a higher probability of ransom payment.

Nation-State Actors Hiding Behind Crimeware-as-a-Service

The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability. Attackers can obfuscate their efforts to make it appear as though an attack originated almost anywhere. This makes decisively attributing cyber-attacks to known threat actors extremely difficult. Companies should consider adapting by applying Zero Trust networking principles and rolebased access controls, not just to users, but also to applications and servers.

Crypto Prices Driving Ransomware Growth

It is generally believed that there is a correlation between the rate of ransomware infections and the price of bitcoin. The value of bitcoin reached all new highs in early 2021 . If this assumed correlation holds true, a robust ransomware market can be expected in the near future.