2021 cyber security predictions from WatchGuard
- Published: Friday, 27 November 2020 09:35
WatchGuard Technologies has provided its 2021 cyber security predictions. These cover the most prominent attacks and infosec trends that the WatchGuard’s Threat Lab research team believes will emerge next year, including a tidal wave of automated spear phishing campaigns.
Predictions from WatchGuard include:
Automation drives tidal wave of spear phishing campaigns
Spear phishing is an attack technique that involves highly targeted and convincing malicious emails that include specific and accurate details about a particular individual or role at a company. Historically, spear fishing is a high-investment and potentially high-return activity for hackers that has required manual and time-consuming processes.
That will change in 2021. Cyber criminals have already started to create tools that can automate the manual aspects of spear phishing. By combining such tools with programs that scan data from social media networks and company websites, phishers can send thousands of detailed, believable, spear phishing emails, with content customized to each victim. This will dramatically increase the volume of spear phishing emails attackers can send at once, which will improve their success rate. On the bright side, these automated, volumetric spear phishing campaigns will likely be less sophisticated and easier to spot than the traditional, manually generated variety.
Regardless, you should expect a major increase in spear phishing attacks in 2021 due to automation. What’s more, bad actors know that anxiety and uncertainty make victims easier to exploit. As society continues to grapple with the impact of COVID-19, global political strife, and general financial insecurity in 2021, we anticipate that many of these automated spear phishing attacks will prey on fears around the pandemic, politics, and the economy.
Cloud-hosting providers finally crack down on cyber abuse
Phishing attacks have come a long way from the ‘Nigerian Prince’ scams of old. Threat actors now have an abundance of tools to help them craft convincing spear phishing emails that trick victims into giving up credentials or installing malware. Lately, we’ve seen them leverage Cloud hosting to piggyback on the otherwise good reputation of Internet giants like Amazon, Microsoft, and Google.
Most Cloud-hosting services like Azure and AWS offer Internet-accessible data storage where users can upload anything they’d like, from database backups to individual files, and more. These services are exposed to the Internet through custom subdomains or URL paths on prominent domains such as cloudfront.net, windows.net, and googleapis.com. Threat actors commonly abuse these features to host website HTML files designed to mimic the authentication form of a legitimate website like Microsoft365 or Google Drive and to steal credentials submitted by unsuspecting victims.
This style of phish is effective because the email links to spoofed forms that resemble legitimate Microsoft, Google, or Amazon AWS links with domains owned by those companies. In 2021, we predict that these Cloud-hosting providers will begin heavily cracking down on phishing and other scams by deploying automated tools and file validation that spot spoofed authentication portals.
Hackers infest home networks with worms
The pandemic forced many organizations to adopt remote work practically overnight, and the era of home-based workforces will continue through 2021 and beyond. As a result, cyber criminals change their approach and create attacks specifically targeting the home worker.
Malicious hackers often include worm functionality modules in their malware, designed to move laterally to other devices on a network. In 2021, cyber criminals will exploit under-protected home networks as an avenue to access valuable corporate endpoint devices. By deliberately seeking out and infecting the company-owned laptops and smart devices on our home networks, attackers could ultimately compromise corporate networks. Next year we expect to see malware that not only spreads across networks but looks for signs that an infected device is for corporate use (such as evidence of VPN usage).
Attackers swarm VPNs and RDPs as the remote workforce swells
Working from home has become a norm for many businesses and has changed the profile of the software and services an average company relies on. While many companies lightly leveraged both Remote Desktop Protocol (RDP) and Virtual Private Networking (VPN) solutions before, these services have become mainstays in enabling employees to access corporate data and services outside of the traditional network perimeter. In 2021, we expect attackers to significantly ramp up their assaults on RDP, VPN, and other remote access services.
RDP is already one of the most attacked services on the Internet, but we suspect new companies are suddenly using it more as one strategy to give home users access to corporate machines. While we believe you should only use RDP with VPN, many choose to enable it on its own, offering a target for hackers. Additionally, cyber criminals know remote employees use VPN often. Though VPN offers some security to remote employees, attackers realize that if they can access a VPN, they have a wide-open door to your corporate network. Using stolen credentials, exploits, and good old-fashioned brute-forcing, we believe attacks against RDP, VPN, and remote connection servers will double in 2021.
Attackers pinpoint security gaps in legacy endpoints
Endpoints have become a high priority target for attackers amid the global pandemic. With more employees working at home without some of the network-based protections available through the corporate office, attackers will focus on vulnerabilities in personal computers, their software and operating systems. It’s ironic that the rise in remote work coincides with the same year Microsoft has ended extended support of some of the most popular versions of Windows – 7 and server 2008. In 2021, we expect cyber criminals to seek out a significant security flaw in Windows 7 in hopes of exploiting legacy endpoints that users can’t easily patch at home.
While Windows 10 and Server 2019 have been out for quite a while, there’s no getting around the fact that some people rarely update. Windows 7 (and by relation, server 2008) was one of the most popular versions of Windows before 10. Since many considered 8 and others to be problematic, many organizations chose to stick with Windows 7 and server 2008 for as long as they could. In fact, some organizations may not be able to move away from these old versions easily, since they have specialized legacy equipment that still relies on those older Windows versions. As a result, a significant portion of the industry sticks with old operating systems long past their expiration date. Black hat hackers know this and look for opportunities to take advantage. You can expect that we’ll see at least one major new Windows 7 vulnerability surface in 2021 as attackers continue to find and target flaws in these legacy endpoints.
Every service without MFA will suffer a breach
Authentication attacks and the data breaches that fuel them have become a daily occurrence. Cyber criminals have found incredible success using the troves of stolen usernames and passwords available on underground forums to compromise organizations using password spraying and credential stuffing attacks. These attacks take advantage of the fact that many users still fail to choose strong and unique passwords for each of their individual accounts. Just look at the dark web and the many underground forums. There are now billions of usernames and passwords from various breaches, widely available, with millions added every day.
These databases, paired with the ease of automating authentication attacks, means no Internet-exposed service is safe from cyber intrusion if it isn’t using multi-factor authentication (MFA). We know it’s bold, but we predict that in 2021, every service that doesn’t have MFA enabled will suffer a breach or an account compromise.