International. The WatchGuard Threat Lab has contemplated the main threats that may occur in 2021, summarized in 8 predictions, taking into account a year marked by the COVID-19 pandemic, that social and business routines have changed significantly, as well as the threat landscape.
1. Automation drives a wave of spear phishing campaigns
Spear phishing is an attack technique that involves compelling, highly targeted malicious emails that include specific and accurate details about a particular person or function in a company. Historically, spearfishing is a high-investment and potentially high-performance activity for hackers that has required manual and time-consuming processes.
That will change in 2021. Cybercriminals have already begun to create tools that can automate the manual aspects of spear phishing. By combining these tools with programs that scan data from social media and company websites, phishers can send thousands of detailed and credible spear phishing emails, with personalized content for each victim. This will dramatically increase the volume of spear phishing emails that attackers can send at once, which will improve your success rate. On the plus side, these volumetric and automated spear phishing campaigns will likely be less sophisticated and easier to spot than the traditional manually generated variety.
Regardless, a major increase in spear phishing attacks should be expected over the next year due to automation. What's more, bad actors know that anxiety and uncertainty facilitate the exploitation of victims.
As society continues to grapple with the impact of COVID-19, global political conflicts, and general financial insecurity, we anticipate that many of these automated spear phishing attacks will take advantage of fears about the pandemic, politics, and the economy.
2. Cloud Hosting Providers Finally Crack Down on Cyber Abuse
Phishing attacks have come a long way since the 419 "Nigerian prince" scams of yesteryear. Threat actors now have a plethora of tools to help them create compelling spear phishing emails that trick victims into giving up their credentials or installing malware. Lately, we've seen them leverage cloud hosting to take advantage of the good reputation of internet giants like Amazon, Microsoft, and Google.
Most cloud hosting services, such as Azure and AWS, offer data storage with internet access where users can upload whatever they want, from database backups to individual files and more. These services are exposed to the Internet through custom subdomains or URL paths on prominent domains such as cloudfront.net, windows.net, and googleapis.com. Threat actors commonly abuse these features to host HTML files from websites designed to mimic the authentication form of a legitimate website like Microsoft 365 or Google Drive and to steal credentials sent by unsuspecting victims.
This style of phishing is effective because the email links to spoofed forms that resemble legitimate links from Microsoft, Google, or Amazon AWS with domains owned by those companies.
In 2021, we predict that these cloud hosting providers will begin to crack down on phishing and other scams by implementing automated tools and validating files that detect spoofed authentication portals.
3. Hackers infest home networks with worms
The pandemic forced us all to embrace remote work virtually overnight, and the era of the home workforce will continue into 2021 and beyond. As a result, cybercriminals shift their focus and create attacks that specifically target the telecommuter.
Malicious hackers often include worm functionality modules in their malware, designed to move laterally to other devices on a network. In 2021, we believe cybercriminals will exploit poorly protected home networks as a pathway to access valuable corporate endpoint devices. By deliberately searching for and infecting the company's laptops and smart devices on home networks, attackers could ultimately compromise corporate networks.
Next year we expect to see malware that not only spreads across networks, but looks for signs that an infected device is for corporate use (such as evidence of VPN use).
4. Smart booby trap chargers lead to smart car hacks
Smart cars are getting smarter and more common, and every year more manufacturers are launching new models. Both security researchers and black hat hackers are paying attention. Although we've seen a lot of interesting research on smart car safety in recent years, there hasn't been a major attack for quite some time. In 2021, we believe that the shortage of major smart car attacks will be solved and a hacker will take advantage of smart chargers to do so.
As with chargers for our mobile phones and other connected devices, charging cables for smart cars carry more than just energy. Although they don't transfer data in the same way that phone chargers do, smart car chargers have a data component that helps them manage charging security.
With mobile phones, researchers and hackers have shown that they can create booby-trap chargers that prey on any victim who connects.
We expect security researchers to find similar vulnerabilities in the charging components of smart cars that could at least make it possible to avoid ignition and use of your car, and perhaps demonstrate a malicious smart car charger during 2021. If an attack like this is proven it could even result in car ransomware preventing the car from charging until you pay.
5. Users rebel over the privacy of smart devices
Smart, connected devices are ubiquitous in our lives. Digital assistants like Alexa, Google Assistant, and Siri are seeing and hearing everything that's going on in our homes, and products like Furbos even look at and listen to our pets. Smart home systems add value and convenience to our lives by automating our lights, room temperature, door locks, and more. We even have virtual reality (VR) systems that 3D map our rooms with specialized cameras and require a social media account to operate. Finally, many of us have adopted wearable devices that track and detect critical health parameters, such as how often we move, our heartbeat, our electrocardiogram, and now even our blood oxygen levels. Add to this the machine learning (ML) algorithms that tech companies employ to correlate users' big data and it's clear that companies know more about our private lives than our closest friends. Some of these companies may even understand our psychology and behavior more than we do.
While all of these technologies certainly have very useful and beneficial capabilities, society is beginning to realize that giving corporations so much information about our lives is unhealthy. Worse, we're also starting to learn that the data mapping algorithms that tech companies use to categorize, quantify, and analyze our actions can have unintended consequences for society as a whole. That's why users will eventually rebel and make providers take the privacy of home and consumer Internet of Things (IoT) devices more seriously.
In 2021, the market is expected to begin to strongly oppose IoT devices that collect personal data and pressure government representatives to regulate the capabilities of these devices to protect user privacy.
6. Attackers swarm VPNs and RDPs as remote workforce grows
Working from home has become a norm for many businesses, which has changed the profile of the software and services an average company relies on. While many companies took slight advantage of Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) solutions previously, these services have become mainstays to allow employees to access corporate data and services outside the perimeter of the traditional network. In 2021, we believe attackers will significantly increase their attacks on RDP, VPN, and other remote access services.
RDP is already one of the most attacked services on the internet, but we suspect that startups are using it more, perhaps as a strategy to give home users access to corporate machines. While we believe you should only use RDP with VPN, many choose to enable it on its own, making it a target for hackers. In addition, cybercriminals know that remote employees use VPNs frequently. Although the VPN offers some security to remote employees, attackers realize that if they can access a VPN, they have an open door to their corporate network.
Using stolen credentials, exploits, and good old-fashioned brute force, we believe attacks against RDPs, VPNs, and remote connection servers will double by 2021.
7. Attackers identify security breaches in legacy endpoints
Terminals have become a high-priority target for attackers amid the global pandemic. With more employees working from home without some of the network-based protections available through the corporate office, attackers will focus on vulnerabilities in personal computers, their software and operating systems. It's ironic that the rise of remote work coincides with the same year that Microsoft stopped providing extended support for some of the most popular versions of Windows — 7 and Server 2008. In 2021, we expect cybercriminals to look for a significant security flaw in Windows 7 in hopes of taking advantage of legacy endpoints that users can't easily patch at home.
While Windows 10 and Server 2019 have been available for quite some time, there's no way around the fact that some people rarely upgrade. Windows 7 (and by relation, Server 2008) was one of the most popular versions of Windows before 10. Since many considered 8 and others problematic, many organizations chose to stick with Windows 7 and Server 2008 for as long as possible. In fact, some organizations may not be able to easily move away from these older versions, as they have specialized legacy computers that still rely on older versions of Windows. As a result, a significant portion of the industry is left with legacy operating systems well beyond their expiration date. Black hat hackers know this and look for opportunities to take advantage of.
We consider seeing at least one major new vulnerability surface from Windows 7 in 2021 as attackers continue to find and target flaws in these legacy endpoints.
8. Any service without MFA will suffer a violation
Authentication attacks and the data breaches that feed them have become commonplace. Cybercriminals have had incredible success in using the treasure troves of stolen usernames and passwords available on underground forums to compromise organizations using password propagation and credential stuffing attacks. These attacks take advantage of the fact that many users still don't choose strong, unique passwords for each of their individual accounts. Just look at the Dark Web and the many underground forums. There are now billions of usernames and passwords of various breaches, widely available, adding millions every day.
These databases, along with the ease of automating authentication attacks, means that no service exposed to the Internet is safe from cyber intrusion if you don't use multi-factor authentication (MFA).
We know it's bold, but it's predicted that by 2021 all services that don't have MFA enabled will suffer a breach or account compromise.
