It’s hard to look forward to 2021 without considering the trends that shaped the generally unfavorite year known as #2020. History books will, of course, remember this year mostly for two major events – the COVID-19 pandemic and the US presidential election. From a business perspective, the pandemic has altered nearly every aspect of how organizations operate. From the rapid shift to remote work to completely rethinking every aspect of the customer dynamic, the business world has been turned on its head.
These changes have also caused a dramatic acceleration in digital initiatives across industries. Many drove what felt like 5 years of transformation in 5 months – as they quickly adopted technologies to help productivity and business continuity. Whether it was bringing on new collaboration tools or moving critical infrastructure and applications to the cloud, everything has become more distributed – and as a result, has significantly increased opportunities for attackers.
As we look ahead to 2021, how will the convergence of these unimaginable forces and events impact cybersecurity for the next 12 months?
I checked in with a some of our in-house experts and here’s what they had to say:
Personal Islands of Security Shift the Attacker’s Mindset
As more and more companies look at remote work strategies for the long term, distributed IT environments are only going to continue to expand. With many employees working from home, they are regularly accessing corporate systems and resources through insecure home networks and personal devices – making each and every user their own island where legacy security controls are ineffective. Individual actions are threatening corporate security to a greater degree than ever before.
It’s because of these islands of security that we’ll see the attack cycle move away from broad “spray and pray” social-engineering attacks to more hyper-personalized attacks targeting those users with privileged access to sensitive systems, data and infrastructure.
Where attackers generally rely on lateral movement – seeking any foothold and working to elevate access and move across the network to get to their desired destination – these islands now limit the attacker to whatever high levels of access their specific target has been granted. As a result, we’ll see a move toward vertical movement – with attackers targeting individuals, like business users, based on what they have access to – from administrative consoles and financial records, to competitive data.
While this new “personalized attack chain” approach will be more time consuming and costly for attackers as they look to identify and profile the exact person they are looking for, it will also lead to shorter attack-cycles –making it more difficult for organizations to identify and stop attacks before they impact the business.
-Shay Nahari, Head of Red Team Services
Deepfakes Appear in Enterprise Attacks
Can something be overhyped and an emerging threat? This is where we are with deepfakes – a term that is simultaneously overused and an example of how attackers will continue to personalize their attacks.
In simple terms, deepfakes are synthetic or manipulated media in which a person in a video or image is replaced with someone else’s likeness. From a cultural standpoint, the concept of deepfakes has dominated news cycles as a potential threat that could influence public opinion, damage reputation and more. Often, these attacks make headlines, but end up relatively empty when it comes to effectiveness.
However, as the personal attack chain trend evolves, we’ll see the emergence of deepfakes used more in enterprise attacks – not to sow mass confusion or chaos necessarily, but more to amplify social engineering attacks.
For example, video and recordings of executives and business leaders are readily available across marketing collateral, social media channels, and more. Attackers could coordinate deepfakes from these properties as a strategic follow on to phishing attempts (which will also move away from email to other platforms like chat and collaboration apps) to make manipulated communications feel even more authentic. Especially in today’s day and age where more and more organizations are relying on video as a way for executives to communicate with their remote employees, attackers can take advantage of this instilled level of trust.
For example, phishing emails spoofing IT asking for passwords are common – but what if that email was followed by an urgent message from the CEO on WhatsApp? Attackers could also use manipulated videos of executive leaders on social channels to entice customers, employees, partners and others to click on malicious links – creating broader new attack avenues for malicious actors.
-Nir Chako, Cyber Research Team Leader, CyberArk Labs
5G Leads to Biggest DDoS Attack Yet
We’ve already started to see how adoption of technologies like 5G, IoT and cloud are driving new frontiers for business – and this will continue in 2021. For 5G in particular, while it allows businesses to speed up digital transformation and create dynamic customer experiences, it is also expanding the attack surface exponentially as more and more interconnected devices come online – and opening organizations up to new risks.
Google recently revealed that it was hit with a massive 2.5Tbps DDoS attack in 2017 – the largest such attack ever recorded – even topping the 2.3 Tbps attack that targeted Amazon in 2018. Comparatively, these attacks were 4x the scale of the massive Mirai botnet attacks of 2016 that compromised of more than 600,000 IoT devices and endpoints.
As 5G is rolled out across the globe, these attacks will pale in comparison to the massive, and more frequent, DDoS attacks 5G will enable. 5G will increase the overall bandwidth available and allow a massive amount of IoT devices to be connected. Because there is still no standard for IoT security, these devices are often easy to compromise and control as part of amassing a botnet army.
As a result, we’ll see the first ever 5Tbps DDoS attack being launched within the next year. The 2Tbps attacks thwarted by Google and Amazon will become more commonplace – causing massive disruption of online and connected businesses.
-Bryan Murphy, Director of Consulting Services
Pandemic-Led Pressure Cracks Insiders and Drives Bad Decisions
The pandemic has created tremendous pressure on employees and their families. Economic uncertainty and the move to remote work and school has put many in uncharted territory. These new challenges could likely drive more employees to make poor decisions when it comes to cybersecurity and create a whole new wave of insiders.
As we’ve already seen in 2020, attackers are increasingly offering employees with privileged access tempting financial incentives to share or ‘accidentally’ leak their credentials. In addition, privileged access on the dark web is more popular than ever, with some reports indicating that attackers will pay a premium for privileged access to a corporate networks, VPNs and workstations.
The potential financial payoff, combined with increased economic anxiety, will drive new threats that organizations will struggle to deal with.