What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Jun 01, 2023
Critical Vulnerability in MOVEit Transfer
THE THREAT eSentire is aware of reports relating to the active exploitation of a currently unnamed vulnerability impacting Progress Software’s managed file transfer software MOVEit Transfer.…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jan 12, 2021

2021 Drops the Cyber from Cybercrime

But cybercrime isn’t going away--it’s only getting more ingrained

4 minutes read
Speak With A Security Expert Now

Well, it’s that time of year. Time for the much-ballyhooed 2021 predictions. Time to stick our collective cyber finger in the digital winds to determine the coming trends. As we exit 2020, the year that ran like a compilation of disaster movies, we are set for more of the same, at least when it comes to cybercrime. Here are my top seven predictions:

1. Mainstream social media abandoned for alternative dens of inequity

In 2020, conspiracy theories pervaded popular social media services. In 2021, deep fake won’t simply be about seamless manipulation of video and audio. Rather, the general acceptance of the preposterous will become the new baseline. Expect new media platform names to not only become household vernacular but prosper as the protectors of the First Amendment and uncensored speech. On New Year’s Eve, kiss truth and fact goodbye, and say hello to a whole new opportunity for criminals to spread misinformation and continue to sow mistrust.

2. Cyber Tampering: From elections to public markets

The shenanigans seen in election tampering will go mainstream — and for profit. Swaying or manipulating elections is the long play for gray zones (aka, enemy states: Russia, China, Iran, North Korea, etc.). The short play involves using the same tactics to manipulate public sentiment and belief to engineer the value of a publicly traded company and make money on the stock market.

Insider trading is nothing new for the SEC to police, but when it happens in extremely subtle ways through the manipulation of social media, it looks like gray cyberwars: hard to prove, difficult to attribute, and even harder to stop. Imagine if campaigns promote a product and spread tales of poor quality, dangerous materials, or labor abuses to damage the reputation of a global brand. Criminals can “short” the stock knowing it will fall. Gray crime leaves no fingerprints. There is no smoking gun — only millions of posts and re-posts. And bots, fake accounts, and false identities create a haystack in which the criminal needle is hidden. These crimes will likely go unnoticed, let alone unprosecuted.

3. Artificial Intelligence and Machine Learning — Ghost in the machine?

Machine learning could help with gray crime, looking at eddies in the current, undetectable to the naked eye, that indicate suspicious activity. But 2021 will see the poisoning of the AI well, and manipulation of data lakes to affect the outcome of machine learning. It’s the same approach as election tampering. What would a poisoned data well look like? How about missed cancer detection in medical technology? Or, planting an easter egg so security algorithms miss specific aberrant behavior that creates a vulnerability criminals can exploit? Machine learning and AI can be used to analyze millions of cyber attacks to hone skills and predict the most successful tactics or phishing lures, but we shouldn’t assume they will always be used for noble purposes.

4. Watching the watchers

In the same way that election tampering and the mainstream spread of conspiracy theories has eroded accepted fact and bipartisan trust, the next campaign of cyber attacks will sow suspicion between companies and the vendors they trust to protect them from cyber criminals. In 2020, we saw a rise in cyber attacks against managed service providers and marquee security vendors. Initial attacks were used to access the target business through its most trusted and privileged suppliers, the security vendors. This new phase is designed to erode trust in security technology and its ability to protect their clients. It could create a do-it-yourself mentality, and carve off companies from the herd, leaving them vulnerable to attack. It won’t work in regulated industries, but might in private, family-owned businesses that are already looking for an excuse not to spend money on IT.

5. Massive outages becomes the next plague

I talked about gray crime. What about brown (out) crime? Criminals showed they are willing to cripple healthcare delivery organizations amidst the greatest pandemic of our generation. And, we’ve seen nation states target businesses in retaliation for geopolitical events. We’ve also seen smaller and limited cyber attacks against local utilities such as water and electricity. Perhaps those attacks are testing our perimeter. Imagine the impact of constant cyber attacks against power, water and gas providers? How long before the public demands governments pay ransoms, or demand like-for-like retribution? It’s a world that is no longer distinguishing between combatants and civilians. There won’t be collateral damage. Just damage. And, we will all pay the price.

6. Cyber insurance becomes mandatory

We often compare the actuarial maturity of life or auto insurance to cyber policies as a way of expressing security maturity as a proxy for risk, thereby establishing premiums. Cyber insurance is often characterized as the wild, wild west. Not anymore. It’s time to settle the west. The reality is, companies will have to carry coverage to offset residual risk. In fact, coverage will likely become a requirement to participate in certain industries or client pools. Like data breaches, it’s not if, but when. Same goes for cyber insurance.

7. Cybercrime goes the way of white-collar crime

Like white collar crime of the past, it simply became “crime.” We stopped distinguishing between the methodology of the malfeasance. The same will happen with cybercrime. As we become more and more interconnected, we won’t see the difference between crime categories. So, perhaps an extra prediction: By the end of 2021, we will drop the use of cybercrime. It will simply be referred to as “crime.” The cyber piece will become a secondary descriptor. Gun or knife, pen or privilege, cyber or digital. It’s a tool or weapon. What matters is that it’s crime. Pure and simple.

View Most Recent Blogs
eSentire
eSentire

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.