What new cybersecurity trends, threats, and events can we expect to emerge in 2021 and beyond? Before we go there, let’s consider what we have learned now that 2020 is winding down.
BeyondTrust’s annual cybersecurity predictions are projections of possibilities we see emerging based on shifts in technology, threat actor habits, and culture. However, sometimes the most impactful trends materialize completely out of left field. We have all been reminded and humbled by this in 2020. COVID-19 has not only upended lives, but truly effected a paradigm shift in how businesses and employees work. This has also had profound ramifications for securing the people and IT assets of enterprises.
While we do not say this to sow fear, it’s fair to say that that the tenor of the year has been “apocalyptic” at times and filled with unease and uncertainty. Our marketing team ran some search data in the SEO tool Ahrefs. We can see that Google search volume exploded for the search terms apocalypse (quadrupling from its baseline) and apocalyptic (tripling from its baseline) in March 2020, and continues to remain elevated.
In 2020, we all suddenly became aware of the term “social distancing”, and, again, this concept had enormous implications for how people live, and in how organizations think about cybersecurity and business continuity. The figure below shows that Google searches for social distancing rocketed from a baseline of 0 to 297,000 searches in February 2020, peaking at 408,000 searches in March 2020.
Data from this year also tells us that Google search traffic around “social distancing” has shifted from questions of “what is social distancing?” to “how long will social distancing last?” Interestingly, while the World Health Organization (WHO) has officially advocated for the term “physical distancing” to replace, “social distancing”, the WHO-preferred term is not yet (at least as of July) being searched in any measurable volume.
Regardless, we’ve all been in this together. We’ve learned a lot about courage and perseverance and humanity from each other, and, ultimately, we will get out of this together. In the meantime, all the other cyberthreats and challenges have not receded away, it’s all just gotten more complicated.
So, as we soon burn the page for 2020, we look ahead with hope, but also brace ourselves for the new tricks and wrinkles cyber threat actors are bound to unleash. By anticipating what’s next, we can all be better prepared to reduce security exposures, while helping our businesses compete and thrive.
Infrastructure protocols have long been a favorite target of threat actors. In 2020, we saw the emergence of solutions to manage DDI (DNS, DHCP, and IP). This is because, when enterprises grow organically or through acquisition, they need toolsets to help manage, configure, and secure these protocols across domains and networks.
This year, support has increased for the usage of secure DNS to prevent man in the middle attacks and spoofing of internet-based services. Threat actors are cherry picking which protocols they can target and which ones can be used for meaningful exploitation. In 2021, Network Time Protocol (NTP) and Windows-time-based servers are next. These protocols help control the timing of everything transaction-based within an organization. If the timing is off, everything from licensing servers to batch-based transactions can fail in spectacular fashion, creating denial of service attacks in key infrastructure on the Internet and within the backend processes of an organization.
In 2021, expect new vulnerabilities, exploits, and payloads targeted against time servers and other legacy protocol services to disrupt an organization. If bundled with ransomware, these exploits can make recovery incredibly difficult.
In 2020, we have witnessed the explosive expansion of the network edge and continued decentralization. The seismic shift to remote working spurred by COVID-19 was a key driver of this trend.
Remote workers are clearly more relaxed operating in the comfort of home. However, this casualness can leave them more prone to letting their cybersecurity guard down. This laxness in security could not come at a worse time as cybercriminals have ramped up social engineering and ransomware attacks.
Home-based employees are also more likely to use personal devices and home networks that are not hardened to the same degree as corporate devices and networks. We now have systems behind consumer network infrastructure that is, in many cases, not even being configured away from defaults.
In 2021, new attack vectors will target remote workers and remote access pathways. In 2020, we learned that not even the era of social physical distancing can slow down social engineering threats. Cybercriminals will continue to wage social engineering attacks and also try to exploit common home devices that can be used to compromise an individual and allow for lateral movement into a business. Social engineering attacks will primarily involve various forms of phishing, including by email, voice, text, instant messaging, and even third-party applications. Organizations should also not overlook the threat of disgruntled insiders who feel less ‘observed’ in their own homes.
The increase in drive-by and opportunist attacks seeking to exploit home networks will necessitate heightened attention to securing systems independently, away from continuous corporate connectivity. With all that said, we foresee remote workers to reign as the number one attack vector for exploitation in 2021.
Social media has proven to be a medium of choice for election tampering, fake news, and other attacks. In 2021, expect attackers to move beyond just targeting individuals to targeting businesses as well. Poor authentication and verification practices will allow social media-based attacks to be successful. For example, a threat actor’s post about hosting a webinar or announcing a new product may mimic that of a legitimate business. However, the illicit registration URL may instead lead to a malicious website to perform a drive by attack, collect personally identifiable information, or even request credentials in an attempt to compromise multifactor authentication solutions. Malicious QR codes or abbreviated URL’s could also be employed to obfuscate the malicious website These attacks could either occur on the legitimate page of the business itself, or via rogue accounts using similar names.
Since the social media controls around posting, verification, and URL redirection are so poorly managed, expect new attacks to flourish.
Lamentably, this prediction proves itself correct year after year. The majority of successful attacks still hinge on exploiting well-known and entirely preventable vulnerabilities. While some of the vulnerabilities may be relatively new, there is usually plenty of time to address them before compromise occurs.
If you can’t get on top of your vulnerabilities, layer your security so that attackers find themselves without access to privilege when they do infiltrate your network. An exploitable vulnerability is a problem, but considerably less so when it doesn’t lead to privileged access.
Read all the predictions and the full article from BeyondTrust here.
As always, if you have any questions about 2021 predictions or just want to talk with our experts about your security, contact us at firstname.lastname@example.org.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.