Authors: Morey J. Haber, Chief Technology Officer and Chief Information Security Officer, Brian Chappell, Director, Product Management, & Karl Lankford, Director, Solutions Engineering
What new cybersecurity trends, threats, and events can we expect to emerge in 2021 and beyond? Before we go there, let’s consider what we have learned now that 2020 is winding down.
BeyondTrust’s annual cybersecurity predictions are projections of possibilities we see emerging based on shifts in technology, threat actor habits, and culture. However, sometimes the most impactful trends materialize completely out of left field. We have all been reminded and humbled by this in 2020. COVID-19 has not only upended lives, but truly effected a paradigm shift in how businesses and employees work. This has also had profound ramifications for securing the people and IT assets of enterprises.
While we do not say this to sow fear, it’s fair to say that that the tenor of the year has been “apocalyptic” at times and filled with unease and uncertainty. Our marketing team ran some search data in the SEO tool Ahrefs. We can see that Google search volume exploded for the search terms apocalypse (quadrupling from its baseline) and apocalyptic (tripling from its baseline) in March 2020, and continues to remain elevated.
In 2020, we all suddenly became aware of the term “social distancing”, and, again, this concept had enormous implications for how people live, and in how organizations think about cybersecurity and business continuity. The figure below shows that Google searches for social distancing rocketed from a baseline of 0 to 297,000 searches in February 2020, peaking at 408,000 searches in March 2020.
Data from this year also tells us that Google search traffic around “social distancing” has shifted from questions of “what is social distancing?” to “how long will social distancing last?” Interestingly, while the World Health Organization (WHO) has officially advocated for the term “physical distancing” to replace, “social distancing”, the WHO-preferred term is not yet (at least as of July) being searched in any measurable volume.
Regardless, we’ve all been in this together. We’ve learned a lot about courage and perseverance and humanity from each other, and, ultimately, we will get out of this together. In the meantime, all the other cyberthreats and challenges have not receded away, it’s all just gotten more complicated.
So, as we soon ̶t̶u̶r̶n̶ ̶t̶h̶e̶ r̶i̶p̶ ̶o̶f̶f̶ burn the page for 2020, we look ahead with hope, but also brace ourselves for the new tricks and wrinkles cyber threat actors are bound to unleash. By anticipating what’s next, we can all be better prepared to reduce security exposures, while helping our businesses compete and thrive.
BeyondTrust's Cybersecurity Trend Predictions
Prediction #1: The Hacking of Time
Infrastructure protocols have long been a favorite target of threat actors. In 2020, we saw the emergence of solutions to manage DDI (DNS, DHCP, and IP). This is because, when enterprises grow organically or through acquisition, they need toolsets to help manage, configure, and secure these protocols across domains and networks.
This year, support has increased for the usage of secure DNS to prevent man in the middle attacks and spoofing of internet-based services. Threat actors are cherry picking which protocols they can target and which ones can be used for meaningful exploitation. In 2021, Network Time Protocol (NTP) and Windows-time-based servers are next. These protocols help control the timing of everything transaction-based within an organization. If the timing is off, everything from licensing servers to batch-based transactions can fail in spectacular fashion, creating denial of service attacks in key infrastructure on the Internet and within the backend processes of an organization.
In 2021, expect new vulnerabilities, exploits, and payloads targeted against time servers and other legacy protocol services to disrupt an organization. If bundled with ransomware, these exploits can make recovery incredibly difficult.
Prediction #2: Poisoning of Machine Learning Training Data
As machine learning becomes more widespread within enterprises for making automated decisions, attackers have a new vector to consider. After a threat actor steals a copy of the original training data, they will begin to manipulate the models generated by injecting poisoned data into the training pool, creating a system that has learned something it shouldn’t. This manipulation will have a multiplying effect due to the automatic processing by downstream applications, destroying the integrity of any legitimately processed data.
Accompanying this devious attack will be a ransom note to be paid to restore the original data models. This new form of ransomware will be notoriously difficult to detect, and almost insurmountable to recover from, which makes paying the ransom seem like an enticing option for the victim.
Prediction #3: Weaponized AI, Now Just Another Tool in the Attacker Toolkit
In 2021, threat actors will leverage machine learning (ML) to accelerate attacks on networks and systems. ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. Data from all subsequent attacks will be used to continue to train the cyberattack engine. This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing.
Prediction #4: Deepfake Everything
While deepfake videos, photos, and audio have entered public consciousness over the past few years, 2020 saw a drastic improvement in their quality and realism. There are now commercial products that leverage deepfake technology for everything from artificial intelligence-based voiceovers to enabling people (actors, political figures, etc.) to appear in new videos and movies.
Deepfakes are already convincing to most humans. However, in 2021, researchers, companies, and threat actors are not stopping with deepfaked videos, photos, and audio. Expect to encounter a new wave of deepfakes that challenges us to believe whether the entity on the other side of an interactive chat window or video call is human or not. For instance, you could soon have interactive sessions with past presidents, or even deceased love ones. Deepfakes will creep into our daily lives. We will increasingly be in situations, unbeknownst to us, where we are engaged in communication with deepfake technology rather than with a real person.
Prediction #5: Cyberattackers Set up Shop at the Network Edge
In 2020, we have witnessed the explosive expansion of the network edge and continued decentralization. The seismic shift to remote working spurred by COVID-19 was a key driver of this trend.
Remote workers are clearly more relaxed operating in the comfort of home. However, this casualness can leave them more prone to letting their cybersecurity guard down. This laxness in security could not come at a worse time as cybercriminals have ramped up social engineering and ransomware attacks.
Home-based employees are also more likely to use personal devices and home networks that are not hardened to the same degree as corporate devices and networks. We now have systems behind consumer network infrastructure that is, in many cases, not even being configured away from defaults.
In 2021, new attack vectors will target remote workers and remote access pathways. In 2020, we learned that not even the era of social physical distancing can slow down social engineering threats. Cybercriminals will continue to wage social engineering attacks and also try to exploit common home devices that can be used to compromise an individual and allow for lateral movement into a business. Social engineering attacks will primarily involve various forms of phishing, including by email, voice, text, instant messaging, and even third-party applications. Organizations should also not overlook the threat of disgruntled insiders who feel less ‘observed’ in their own homes.
The increase in drive-by and opportunist attacks seeking to exploit home networks will necessitate heightened attention to securing systems independently, away from continuous corporate connectivity. With all that said, we foresee remote workers to reign as the number one attack vector for exploitation in 2021.
Prediction #6: Data Privacy Implosion
In 2020, the European Union (EU) court system overturned the governance for protection provided by the EU-U.S. (United States) “Privacy Shield”. Prior to the court ruling, the agreement had allowed for the transfer of data containing personally identifiable information between EU and U.S. organizations. The 2020 ruling essentially eroded the agreement for businesses to operate in either region and share relevant information. This regulatory implosion will impact data privacy based on region, country, and state.
In the U.S., new legislation is appearing at the state level. In some cases, the regulations are similar, complementary, cumulative, and even contradictory to each other. Throughout 2021, businesses will scramble to adapt to this expansion of data privacy regulations and the potential implosion of established policies based on challenges in the court systems. International businesses will have to adapt quickly to reengineer how they process client data. Businesses that operate in multiple states must consider how they manage data per state, process it in a centralized location, and codify how they develop procedures around data deletion and breach notification.
Prediction #7: Social Media Attack Vectors Thrive in the Era of Social Distancing
Social media has proven to be a medium of choice for election tampering, fake news, and other attacks. In 2021, expect attackers to move beyond just targeting individuals to targeting businesses as well. Poor authentication and verification practices will allow social media-based attacks to be successful. For example, a threat actor’s post about hosting a webinar or announcing a new product may mimic that of a legitimate business. However, the illicit registration URL may instead lead to a malicious website to perform a drive by attack, collect personally identifiable information, or even request credentials in an attempt to compromise multifactor authentication solutions. Malicious QR codes or abbreviated URL’s could also be employed to obfuscate the malicious website These attacks could either occur on the legitimate page of the business itself, or via rogue accounts using similar names.
Since the social media controls around posting, verification, and URL redirection are so poorly managed, expect new attacks to flourish.
Prediction #8: Cybercriminals Play Puppet Master with Compromised Human Identities
Criminal enterprises are always looking to tilt the economics of an attack in their favor. To reduce the cost of an attack and improve profitability, cybercriminals will target individuals directly to gain an initial foothold in the environment by using non-cyber forms of coercion (bribery, extortion, etc.). These attacks will primarily focus on public figures (politicians, actors, activists, executives, etc.). As more of the human target’s sensitive personal data is stolen digitally, the pressure will mount for individuals to carry out nefarious actions, or have their data and privacy exposed to the public.
Prediction #9: Cyber Insurance becomes Mandatory—Cybercriminals Rejoice
As the volume and cost of breaches increase, organizations processing data on behalf of their customers will be forced to carry comprehensive cyber insurance to reduce any contractual risks. Naturally, this will come with a cost to the organization, but it also will provide attackers a new stream of income. Cybercriminals will target large brands with insurance policies that will pay out to release stolen data rather than face paying out on the policy to cover any remedial action.
Prediction #10: Who goes there? Friend or Fake? The Rise of Identity-Centric Security
As systems and services move out of the traditional network/data center environment, security leans more heavily on proof of identity. The only mechanisms for securing services are:
- verified identity of the user
- the system they are using, and
- the location they are in.
This is referred to as identity-as-the-perimeter. This approach takes identity, already a valuable asset, and significantly elevates its status. A verified identity could now be the only ‘key’ needed for all access.
Attacks on the mechanisms that maintain and secure verified identities will increase through 2021 and beyond. Your identity may be the center of your world, but it’s also becoming the center of your company’s world too.
Prediction #11: Most Successful Attacks will be from Well-known & Largely Preventable Attack Vectors (D’oh!)
Lamentably, this prediction proves itself correct year after year. The majority of successful attacks still hinge on exploiting well-known and entirely preventable vulnerabilities. While some of the vulnerabilities may be relatively new, there is usually plenty of time to address them before compromise occurs.
If you can’t get on top of your vulnerabilities, layer your security so that attackers find themselves without access to privilege when they do infiltrate your network. An exploitable vulnerability is a problem, but considerably less so when it doesn’t lead to privileged access.
Cybersecurity Predictions for 2022 - 2026
Prediction #1: First Computer-to-Human Virus
In 2020, we saw the first instance of a human death linked directly to a ransomware attack. While most security professionals have predicted this as an inevitability, the problem highlights our dependency on technology and the security risks in healthcare.
In the next five years, the trend of deadly cyberthreats will accelerate and we will see the first instances where a computer virus (malware, ransomware, etc.) actually causes harm to a relatively healthy individual outside of the healthcare system. While this does not represent a true computer-to-human “virus” infection, the impact is nonetheless life-threatening.
Consider if the payload from malware caused rapid screen flashing inducing an epileptic seizure, the audio from an asset caused deep or high-pitch headache-inducing pulsations, or audio and video manipulation that delivers subliminal messaging. Such attacks could even be paired with information breached via other exploits to target users based on their pre-existing medical conditions.
Prediction #2: Porch Pirates Embrace Digital Transformation
Remote and home-based workers have embraced online shopping and delivery of physical items for work. This has created a demand for delivery drivers, warehouse pickers, personal shoppers, and even drones.
In the last two years, we have witnessed an increase in porch pirates stealing packages. With more people working from home, expect the physical theft of packages to continue to be a problem, but a new attack vector in the supply chain will emerge. Attackers will seek to exploit the package delivery personnel and the technology on which they rely to ensure precise and timely delivery. These hacking attempts against the technology will ultimately be used to track and reroute packages, and to clean up their tracks. The delivery personnel will be the primary attack vector based on their roles and the pressure to deliver items in a timely fashion. The end game will be theft of merchandise, with high-valued items potentially held for ransom.
Prediction #3: Support for Vintage Computers goes Mainstream
In recent years, there has been a nostalgia-driven uptick in interest for vintage game systems (Atari, NES Classic, Intellivision, Sega Genesis, etc.). Whether users are actually playing on an old system or modern replicas that operate the same games, but support output via HDMI, they are basking in the technology and games of their youth.
With this trend to go “old school”, working vintage computers have a place in people’s homes as well. Many of these older computers have long boot times, but their simpler approach to word processing, and even browsing the Internet, feels nostalgic and cleaner.
Now, before you blast this prediction because older hardware cannot support modern browsers, you may need to revisit the equipment with the last updates. An iMac from 2007 can still run a new version of Chrome and, surprisingly, works quite well with the latest supported version of macOS! Security and vulnerabilities aside, this iMac example is not as old as some of the game consoles, but it is definitely end of life and end of support by everyone’s standard.
So, for 2021 and beyond, expect a massive push to recycle and use vintage computer hardware at home and in some businesses. Many of the use cases remain valid, and people will need support and parts. New companies specializing in the sales, repair, and support for these older systems at reasonable rates have started to crop up. If something works, why replace it? If it needs minor repairs or parts, just like an old car, fix it and continue to use it. With all the remote workers and children attending virtual school, consumers are a prime market for vintage computer hardware. And with that, the home network just increased its own security risks.
Every year we say it, but every year it’s worth saying again: being prepared for what’s ahead makes all the difference between being proactive and reactive. There is copious data showing that those enterprises with more proactive IT security postures prevent more threats, identify potential security issues faster, incur fewer breaches, and minimize damage from attacks more effectively than less prepared organizations. If you’re looking to get proactive about your cybersecurity posture, contacting BeyondTrust is a great start.
And, one more prediction for 2021: We predict a resurgence in optimism, and we’re throwing some of ours your way, along with a dose of the best intentions and any cybersecurity bits of wisdom imparted from this blog.
If you’re curious about our cybersecurity predicting track record, we invite you to visit our forecasts from previous years:
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.