This post is also available in: עברית (Hebrew)
2020 has been a challenging year from the point of view of cybersecurity, with many organizations reacting to the unexpected impact of the COVID-19 pandemic. Existing threats have continued to evolve while, on the other hand, innovation may bring about better tools to fight cybercrime.
Here are several cyber threat predictions for 2021.
- Remote working needs to be secured – Few organizations were prepared to manage a remote workforce securely, and as they scrambled to set up secure communication channels, cybercriminals uncovered a multitude of fresh attack vectors. While many companies will be planning to invest in securing the remote workforce, there’s a risk that they are underestimating the scale and challenge of the task ahead.
- Mobile attacks will proliferate – A steep rise in scams coming through mobile devices is expected. Sophisticated fraud attempts are expected via SMS and WhatsApp, with attackers leveraging devious social engineering techniques to manipulate people into paying money or sharing sensitive data.
- Ransomware will get worse – According to forbes.com, we should expect cybercriminals to be more ruthless in the pursuit of ransom payments, threatening to expose stolen credentials to the public and setting up online stores to sell data. They will also leverage data exfiltration and use stolen employee passwords to force targets into paying up.
- The promise of multi-factor authentication (MFA) may be creating a false sense of security for some organizations, and hackers are set to shatter it in 2021. Once a cybercriminal understands which MFA system you’re using, they can fine-tune their attack strategy and sometimes even use your reliance upon it to bypass your defenses.
- As IT systems increasingly converge with operational technology (OT) systems, particularly critical infrastructure, there will be even more data, devices, and unfortunately, lives at risk. Industrial control systems (ICS) will be attacked more, and critical infrastructures will be threatened. Aging and underfunded systems can harbor potential exploits that politically-motivated hacktivists and criminals are certain to find.
- Social engineering tactics and phishing attacks – Health and testing information, government assistance and home working all proved to be fertile ground for phishing attacks. Leveraging important contextual information about users including daily routines, habits, or financial information could make social engineering-based attacks more successful.
- The Internet of Things (IoT) – Over the past few years, the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks. One of the most significant advantages to cybercriminals in all of this is that while all of these edges are interconnected many organizations have sacrificed centralized visibility and unified control in favor of performance and digital transformation, as evaluated by fortinet.com. As a result, cyber adversaries are looking to evolve their attacks by targeting these environments. Expect more use of edge-access trojans and the exploitation of the speed and scale possibilities 5G will enable for advanced swarm-based attacks. These attacks leverage hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share intelligence in real-time to refine their attack as it is happening.
- Innovation in computing performance as a target – Processing power is important if cybercriminals want to scale future attacks with ML and AI capabilities. Eventually, by compromising edge devices for their processing power, cybercriminals would be able to process massive amounts of data and learn more about how and when edge devices are used.
Collaboration is the new task, asserts fortinet.com. Organizations cannot be expected to defend against cyber adversaries on their own. They will need to know who to inform in the case of an attack so that the “fingerprints” can be properly shared and law enforcement can do its work. Cybersecurity vendors, threat research organizations, and other industry groups need to partner with each other for information sharing, but also with law enforcement to help dismantle adversarial infrastructures to prevent future attacks.