BeyondTrust released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Technology Officer and Chief Information Security Officer, Brian Chappell, Director, Product Management and Karl Lankford, Director Solutions Engineering, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.
“COVID-19 has truly effected a paradigm shift in how businesses and employees work and has also had profound ramifications for securing the people and IT assets of enterprises,” said Morey Haber, CTO and CISO at BeyondTrust. “Looking ahead helps us anticipate where cyber threat actors will undoubtedly head as they look to take advantage of this paradigm shift. At BeyondTrust, we plan to provide the best security solutions to address current and future attack vectors, which our customers and partners expect.”
Prediction 1: The Hacking of Time — Network Time Protocol (NTP) and Windows-time-based servers will become a protocol of interest to hackers. These protocols help control the timing of everything transaction-based within an organization. If the timing is off, everything from licensing servers to batch-based transactions can fail, creating denial of service attacks in key infrastructure on the Internet and within the backend processes of an organization.
Prediction 2: Poisoning of Machine Learning Training Data — As machine learning becomes more widespread within enterprises for making automated decisions, attackers have a new vector to consider. After a threat actor steals a copy of the original training data, they will begin to manipulate the models generated by injecting poisoned data into the training pool, creating a system that has learned something it shouldn’t. This manipulation will have a multiplying effect due to the automatic processing by downstream applications, destroying the integrity of any legitimately processed data.
Prediction 3: Weaponized AI, Now Just Another Tool in the Attacker Toolkit — Threat actors will leverage machine learning (ML) to accelerate attacks on networks and systems. ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. Data from all subsequent attacks will be used to continue to train the cyberattack engine. This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing.
Prediction 4: Deepfake Everything — Expect to encounter a new wave of deepfakes that challenges us to believe whether the entity on the other side of an interactive chat window or video call is human or not. For instance, you could soon have interactive sessions with past presidents or even deceased love ones. We will increasingly be in situations, unbeknownst to us, where we are engaged in communication with deepfake technology rather than with a real person.
Prediction 5: Cyberattackers Set up Shop at the Network Edge — New attack vectors will target remote workers and remote access pathways. Cybercriminals will continue to wage social engineering attacks and also try to exploit common home devices that can be used to compromise an individual and allow for lateral movement into a business. Social engineering attacks will primarily involve various forms of phishing, including by email, voice, text, instant messaging, and even third-party applications. We foresee remote workers to reign as the number one attack vector for exploitation in 2021.
Prediction 6: Data Privacy Implosion — In 2020, the European Union (EU) court system overturned the governance for protection provided by the EU-U.S. (United States) “Privacy Shield.” Throughout 2021, businesses will scramble to adapt to this expansion of data privacy regulations and the potential implosion of established policies based on challenges in the court systems. International businesses will have to adapt quickly to reengineer how they process client data. Businesses that operate in multiple states must consider how they manage data per state, process it in a centralized location, and codify how they develop procedures around data deletion and breach notification.
Prediction 7: Social Media Attack Vectors Thrive in the Era of Social Distancing — Expect attackers to move beyond just targeting individuals through social engineering to targeting businesses as well. Poor authentication and verification practices will allow social media-based attacks to be successful. Malicious QR codes or abbreviated URL’s could also be employed to obfuscate the malicious website. Since the social media controls around posting, verification, and URL redirection are so poorly managed, expect new attacks to flourish.
Prediction 8: Cybercriminals Play Puppet Master with Compromised Human Identities — To reduce the cost of an attack and improve profitability, cybercriminals will target individuals directly to gain an initial foothold in the environment by using non-cyber forms of coercion (bribery, extortion, etc.). These attacks will primarily focus on public figures (politicians, actors, activists, executives, etc.). As more of the human target’s sensitive personal data is stolen digitally, the pressure will mount for individuals to carry out nefarious actions or have their data and privacy exposed to the public.
Prediction 9: Cyber Insurance becomes Mandatory & Cybercriminals Rejoice — Cybercriminals will target large brands with insurance policies. The insurance policies will pay out to release stolen data rather than face paying out on the policy to cover any remedial action, providing attackers with a new stream of income.
Prediction 10: Who goes there? Friend or Fake? The Rise of Identity-Centric Security — As systems and services move out of the traditional network/data center environment, security leans more heavily on proof of identity. A verified identity could now be the only ‘key’ needed for all access. Attacks on the mechanisms that maintain and secure verified identities will increase through 2021 and beyond.
The final three predictions take a longer view into the future:
Prediction 11: First Computer-to-Human Virus — The trend of deadly cyberthreats will accelerate and we will see the first instances where a computer virus (malware, ransomware, etc.) actually causes harm to a relatively healthy individual outside of the healthcare system. While this does not represent a true computer-to-human “virus” infection, the impact is nonetheless life-threatening. Consider if the payload from malware caused rapid screen flashing that induces an epileptic seizure, the audio from an asset caused deep or high-pitched, headache-inducing pulsations, or audio and video manipulation that delivers subliminal messaging. Such attacks could even be paired with information breached via other exploits to target users based on their pre-existing medical conditions.
Prediction 12: Porch Pirates Embrace Digital Transformation — With more people working from home, expect the physical theft of packages from porches to continue to be a problem, but a new attack vector in the supply chain will emerge. Attackers will seek to exploit the package delivery personnel and the technology on which they rely to ensure precise and timely delivery. These hacking attempts against the technology will ultimately be used to track and reroute packages and to clean up their tracks. The delivery personnel will be the primary attack vector based on their roles and the pressure to deliver items in a timely fashion. The end game will be theft of merchandise, with high-valued items potentially held for ransom.
Prediction 13: Support for Vintage Computers goes Mainstream — Expect a massive push to recycle and use vintage computer hardware at home and in some businesses. Many of the use cases remain valid, and people will need support and parts. New companies specializing in the sales, repair, and support for these older systems at reasonable rates have started to crop up. If something works, why replace it? If it needs minor repairs or parts, just like an old car, fix it and continue to use it. With all the remote workers and children attending virtual school, consumers are a prime market for vintage computer hardware. And with that, the home network just increased its own security risks.