Technology always has a good side and a dark side, particularly when it comes to cybersecurity. You just have to look at the debate on encryption and backdoors to see how advanced technology can be used by the ‘bad guys’ as effectively as it is by those trying to protect our privacy and security.
Automation is another technology that works for better or worse, and will play a major role in shaping cybersecurity attack and defense activities in the next 12 months as it becomes faster and more sophisticated.
For example, spear phishing is traditionally a high-investment, high-return targeted attack activity. As automation tools replace manual techniques, cyber-criminals can launch spear phishing campaigns at record volumes by harvesting victim-specific data from social media sites and company web pages. As society continues to grapple with the impact of COVID-19, it is likely that these automated spear phishing attacks will prey on fears around the pandemic, politics and the economy.
Conversely, as more businesses migrate to the cloud, automation will also help cloud-hosting providers such as Amazon, Microsoft and Google to crack down on cyber-criminal groups abusing their reputation and services to launch malicious attacks. Threat actors commonly host website HTML files designed to mimic a legitimate website like Microsoft365 or Google Drive to steal credentials submitted by unsuspecting victims. In 2021, we will see these companies deploying automated tools and file validation technologies that will spot spoofed authentication portals.
SaaS risks
As Software as a Service (SaaS) continues to grow in popularity, especially as more employees work from home, authentication and credentials will pose the weakest link. With the wealth of corporate data held in SaaS solutions, cyber-criminals can use bulk stolen credentials to target authentication portals.
So, we can expect to see an increase in password spraying or credential stuffing attacks against popular SaaS offerings, in the hope that employees use the same password from another site that suffered a data leak.
VPNs and endpoints
So, what else can we expect in the next 12 months and beyond? Certainly, the tumultuous events of 2020 will impact the threat landscape for years to come. In particular, as more companies adopt or grow VPNs and Remote Desktop Protocol (RDP) solutions to provide secure connections to employees working from home, we think that attacks against VPNs and RDPs will double in 2021. If an attacker can compromise VPN, RDP or remote connection servers, they have an unobstructed path into the corporate network.
Security gaps in endpoints have also become a high priority target for attackers during the global pandemic and many personal home computers still running legacy software that is difficult to patch or update.
For example, as Microsoft has just ended its extended support program for Windows 7, organizations should expect at least one major new Windows 7 vulnerability to make the headlines next year.
Credential crisis
Authentication is the cornerstone of strong security; but with billions of usernames and passwords available on the dark web and the prevalence of automated authentication attacks, no internet-exposed service is safe from cyber intrusion if it isn’t using strong multi-factor authentication (MFA). Companies are waking up to the fact that they can no longer rely on simple credentials for logins and any service that is not protected by MFA, is highly likely to be compromised in 2021.
Whose data is it anyway?
Back in the home, the last few years have seen a rapid increase in the use of digital assistants such as Alexa, Google Assistant and Siri, along with smart home systems to automatically control lights, room temperatures and access, while wearable devices track and sense critical health parameters. Behind the scenes, machine learning algorithms harness and correlate data to document user activities, behaviors, connections and interests.
This means that a lot of our data is getting into other peoples’ hands and we think that 2021 will mark a tipping point when consumers will begin to fully-understand and revolt against the privacy concerns associated with smart and connected devices. We will see users start to push back against vendors of IoT devices that collect personal data and will pressure governments to regulate the capabilities of these devices to protect their privacy.
Will it, won’t it?
As we have learnt in 2020, it is very difficult to predict what is going to happen in the future but our Threat Lab team along with other researchers around the world have an increasing level of analytics and insight to make well-informed guesses.
Cyber-criminals always look for the weak links, so the growing ranks of home workers are an obvious target and when it comes to new technologies such as automation and AI. What can work for good, can also be exploited for malicious activity. It’s just a case of trying to stay one step ahead.