Right now, it’s challenging to look forward to what 2021 will bring with any degree of clarity – even from a business context.
Nearly every aspect of how organisations operate; from the distribution of workforces, to the movement of almost all customer interactions online, the business world has completely turned on its head.
One thing we do know is that these changes have dramatically accelerated digital initiatives across industries. Technologies to help productivity and business continuity have flourished. Whether it is bringing on new collaboration tools or moving critical infrastructure and applications to the cloud, IT has become more distributed – and as a result, the range of opportunities for attackers has significantly increased.
So as we look ahead to 2021, how exactly will the convergence of these unimaginable forces and events impact cybersecurity for the next 12 months?
Attackers’ tactics will evolve as personal islands of security form
Companies’ adoption of longer-term remote work strategies means distributed IT environments will only continue to expand. With many employees working from home, they are regularly accessing corporate systems and resources through insecure home networks and personal devices. This makes each user their own island, rendering legacy security controls ineffective. Individual actions are threatening corporate security to a greater degree than ever before.
It’s because of these islands of security that we’ll see the attack cycle move away from broad ‘spray and pray’ social-engineering attacks to more hyper-personalised ones. These attacks will target those users with privileged access to sensitive systems, data and infrastructure.
Where attackers generally rely on lateral movement, seeking any foothold and working to elevate access and move across the network to get to their desired destination, these islands now limit the attacker to whatever high levels of access their specific target has been granted. As a result, we’ll see a move toward vertical movement, with attackers targeting individuals, like business users, based on what they have access to – from administrative consoles and financial records, to competitive data.
While this new ‘personalised attack chain’ approach will be more time consuming and costly for attackers as they look to identify and profile the exact person they are looking for, it will also lead to shorter attack-cycles. This may make it more difficult for organisations to identify and stop attacks before they impact the business.
Deepfakes will make feature in enterprise attacks
Deepfakes provide another example of how attackers will continue to personalise their attacks. In simple terms, deepfakes are synthetic or manipulated media in which a person in a video or image is replaced with someone else’s likeness. From a cultural standpoint, the concept of deepfakes have dominated news cycles as a potential threat that could influence public opinion and damage reputation. Often, these attacks make headlines, but end up relatively empty when it comes to effectiveness.
However, the personal attack chain trend will lead to deepfakes used increasingly in enterprise attacks – not to sow mass confusion or chaos necessarily, but more to amplify social engineering attacks.
Video and recordings of executives and business leaders are readily available across marketing collateral, social media channels, and more. Attackers could coordinate deepfakes from these properties as a strategic follow on to phishing attempts, as these attempts also move away from email to other platforms like chat and collaboration apps. Adding a layer of deepfakes will make manipulated communications feel even more authentic. In today’s world where more and more organisations are relying on video as a way for executives to communicate with their employees, attackers can take advantage of this instilled level of trust.
For example, phishing emails spoofing IT asking for passwords are common, but what if that email was followed by an urgent message from the CEO on WhatsApp? Attackers could also use manipulated videos of executive leaders on social channels to entice customers, employees and partners to click on malicious links – creating broader new attack avenues for malicious actors.
5G will leads to the biggest denial-of-service (DDos) attack yet
The adoption of technologies like 5G, IoT and cloud is already driving new frontiers for business – and this will continue in 2021. For 5G in particular, while it allows businesses to speed up digital transformation and create dynamic customer experiences, it is also expanding the attack surface exponentially. The associated proliferation of interconnected devices will make organisations more vulnerable to new risks.
Google recently revealed that it was hit with a massive 2.5 terabytes per second (Tbps) DDoS attack in 2017 – the largest such attack ever recorded, topping the 2.3 Tbps attack that targeted Amazon in 2018. Comparatively, these attacks were four times the scale of the massive Mirai botnet attacks of 2016 that compromised of more than 600,000 IoT devices and endpoints.
These attacks will pale in comparison to the massive, and more frequent, DDoS attacks 5G will enable as it is rolled out globally. 5G will increase the overall bandwidth available and allow a massive amount of IoT devices to be connected. These devices are often easy to compromise and control as part of amassing a botnet army, however, because there is still no standard for IoT security.
As a result, we’ll see the first ever 5 Tbps DDoS attack being launched within the next year. The 2Tbps attacks thwarted by Google and Amazon will become more commonplace – causing massive disruption of online and connected businesses.
Insiders will crack under pandemic-led pressure and make bad decisions
The pandemic has created tremendous pressure on employees and their families. Economic uncertainty and the move to remote work and school has put many in unchartered territory. These new challenges could likely drive more employees to make poor decisions when it comes to cybersecurity and create a whole new wave of insider threats.
As we’ve already seen in 2020, attackers are increasingly offering employees with privileged access tempting financial incentives to share or ‘accidentally’ leak their credentials. In addition, privileged access on the dark web is more popular than ever, with some reports indicating that attackers will pay a premium for privileged access to a corporate networks, VPNs and workstations. The potential financial payoff, combined with increased economic anxiety, will drive new threats that organisations will struggle to deal with.
The world is slowly navigating its way out of this crisis. But one thing won’t change: malicious actors will continue to go after organisations’ most critical data and assets. Business leaders accelerating their cloud journey and expanding their distributed IT environments will continue to see productivity benefits, but have to balance these with more sophisticated threats tied to deepfakes and 5G, which are likely to become commonplace. Expect 2021 to be the year cyber attacks get personal.
Nir Chako is a team leader of one of CyberArk Labs research teams. He focuses on researching and discovering the latest attack techniques, and applying lessons learned to improve cyber-defenses. Chako’s primary research areas are network defense, DevOps security and Linux OS. Prior to CyberArk, Chako served 7 years in the Israeli Army. He was the Team Leader of a Red-Team that simulate cyberattacks on the scale of powerful countries against military top-secret networks.
Featured image: ©DenisMagilov