The BlackBerry 2021 Threat Report examines the biggest cybersecurity events of last year and the security issues likely to affect the upcoming year. By publishing this information, we hope to minimize the damage of future cyber attacks and strengthen the global security posture.
MAJOR EVENTS IMPACTING CYBERSECURITY IN 2020
The most obvious cybersecurity event of the year was COVID-19. The pandemic created many opportunities for threat actors. Businesses worldwide struggled to implement secure work-from-home policies while the public weathered multiple COVID-19-themed attacks.
Mercenary threat groups also experienced another year of growth as unscrupulous actors and organizations outsourced their cyber attacks. Ransomware-as-a-service (RaaS) offerings continued to grow in popularity, replacing the traditional off-the-shelf ransomware attacks seen in previous years. Off-the-shelf toolkits were still active throughout the year, simplifying cyber attacks with ready-made exploit kits, malspam campaigns, and threat emulation software like Cobalt Strike.
Cryptocurrency also had a strong year. Bitcoin hitting new price highs in January 2021 may signal an upcoming increase in ransomware and cryptojacking attacks.
CYBERSECURITY ISSUES IN 2020 AND 2021
Election security was a topic of great interest in 2020. Reporting focused primarily on electronic voting machines, but gave little attention to obvious attack vectors like non-secure mobile devices and social media harvesting. On a positive note, recent strides in critical event management offer hope that largescale disasters will be more efficiently anticipated and mitigated in the future.
The BAHAMUT group, known by several other names and aliases, remained active in the South Asia and Persian Gulf regions. Meanwhile, Emotet, the banking-trojan-turned-attack-platform, received new upgrades and capabilities, including a flaw that allowed researchers to temporarily shut it down.
The U.N. created cybersecurity guidelines for automakers, laying the groundwork for increased vehicle security. National governments are also taking a serious look at security issues. The United States and Canada are both poised to pass new cybersecurity legislation affecting hundreds of millions of people.
Smartphones came under attack as innovative threat actors found new ways to exploit users’ expectations and trigger malicious GUI overlays. Deepfake threats continued to plague high profile users, but declined overall as threat groups embraced COVID-19-themed attacks.