There can be no doubt that 2020 has been a turbulent year in the field of cybersecurity. Cyberattacks have taken advantage of the dramatic changes in the way we work driven by the coronavirus pandemic, intensifying attacks on companies and large organizations. Next year is expected to be the year of the so-called ‘new normality’ and with this new situation, what can we expect from 2021 in terms of cybersecurity? WatchGuard’s cyberthreat laboratory has drawn up a series of predictions regarding the issues we are likely to experience in 2021 and some of these trends could pose significant threats to large organizations.
Automation will lead to a new wave of phishing attacks_
Phishing has been one of the most cost-effective techniques to date used by cyberattackers, although good practices and improvements in cybersecurity have made it less efficient. Making the bait used in these attacks more credible to the intended victims requires some degree of knowledge of the recipient so the content or message can be personalized, and this requires manual and time-consuming processes. This could change however in 2021. WatchGuard analysts estimate that automation could make it easier to generate spear phishing campaigns with precise knowledge of the intended victims.
According to this prediction, cyberattackers could use automation to obtain information about victims from different sources, such as social media or other websites, and generate thousands of attacks simultaneously with highly credible data regarding the victim. This process would also allow communication with the recipient to be fully personalized. Automated systems however do have a weak spot: compared to manual systems they are easier to detect.
Nevertheless, such attacks are expected to increase, and also to continue to take advantage of the current health crisis. The widespread anxiety caused by this and the economic situation is making victims more vulnerable to phishing based on content related to trending issues such as the COVID vaccines.
Cloud-hosting providers will take a strong stance against cyberattacks_
The key to success for a phishing campaign is the ability to convince the victim of the veracity of the content, and cloud storage providers play an important role in this. As their servers can be used to store any type of file (for example, an HTML file), it is easier to camouflage a website on which the user is asked to enter credentials.
In cases like these, cyberattackers use these services to host a fake website with sign-in forms that appear very similar to those of services offered by Google or Microsoft, for example, and which are accessed through a link in an email. It is predicted that, in 2021, these cloud-hosting providers will take a strong stance against phishing and other cyberattacks, using automated tools to detect these types of fake portals hosted on their servers.
As more staff work remotely, attacks on home networks will rise_
It is evident that one of the biggest effects of the current crisis has been the massive increase in the number of people working from home. This dramatic shift in the way we work has not gone unnoticed by cyberattackers, who have seen an opportunity to infiltrate poorly protected home networks. In 2021, attacks on this security weak point are expected to increase and be leveraged as a way of accessing their real target: devices connected to corporate networks.
By accessing laptops or smartphones that connect to the network, they can compromise an entire corporate IT infrastructure, so once inside a home network they will seek out the devices used for work (for example those that use a VPN).
VPNs and RDPs will be key targets_
Another consequence of telework is that those who work remotely are often obligated to use VPNs and RDPs (remote access protocols) to be able to connect to corporate servers and their tools. In 2021, cyberattacks on VPN services and remote access protocols are expected to increase. The latter already represents one of the most frequently targeted services by cyberattacks, and this trend could rise next year as yet more people work remotely.
RDP connections should theoretically always be protected by a VPN, though some employees connect directly, without the protection that this offers, making themselves an easy target for attacks. Similarly, cyberattackers have discovered that if they can manage to access VPNs, they then have an open door to the information hosted on corporate servers. These attacks are expected to increase in 2021, using brute force or even stolen access credentials.
It is worth keeping in mind that Microsoft has stopped supporting two of the most widely used versions of its platform: Windows 7 and Server 2008. Yet with the rise in teleworking, as mentioned, remote connections will continue to increase and many will be from devices with these outdated versions. It’s another significant example of how critical it is to keep computers up to date with patches and updates to protect them from new threats.
In this regard, another important factor is the reluctance, or at least apathy, of employees working from their personal devices to update them to the latest versions of operating systems and software. These two circumstances combined can make an attractive cocktail for adversaries, who will continue to seek out the weakest link in the security chain and could thereby access corporate networks through these outdated versions.
In short, in 2021 it will be more important than ever for organizations to implement sound cybersecurity practices and policies, bearing in mind how the attack perimeter has been extended with new working trends. It is just as important though to have a proactive approach to threats, continuous updating of systems, and advanced solutions and services that support the development and automation of organizations’ security programs.
The WatchGuard cybersecurity predictions can be downloaded here.