Cybercriminal Tactics to Change in 2021 to Target Corporate Networks
There will be a lot of opportunity for MSPs and MSSPs to help customers lock down their cloud data.
Cybercriminal tactics in 2021 will shift in new and innovative ways to attack individuals, their homes and devices to find a path to corporate networks.
That’s according to WatchGuard Technologies‘ security predictions for next year. The global pandemic has rapidly accelerated the existing shift toward remote work. Employees now operate beyond the protection of the corporate firewall. In turn, cybercriminal tactics will exploit these vulnerabilities.
WatchGuard’s Corey Nachreiner
Corey Nachreiner is WatchGuard’s CTO. He said security service providers were already preparing for many of the new challenges and opportunities. But 2020 has dramatically accelerated the trends.
“One obvious example is remote work,” he said. “Remote work is likely to be the norm, even post-pandemic. With most employees working outside an organization’s direct network purview, you need to adjust the security stack accordingly. For an attacker, how they target victims changes when the user isn’t protected by traditional corporate technologies. Security practitioners already have security controls to handle both scenarios, but they’ll likely have to rebalance which they focus on.”
The cloud, whether SaaS or IaaS/PaaS, isn’t new, Nachreiner said. But many organizations and service providers still have less experience securing cloud data when they’re somewhat limited by what’s allowed by third-party providers.
“There are many technologies and best practices that can indeed help an organization secure cloud resources,” he said. “But the industry still seems less familiar with them, and their value. There will be a lot of opportunity for MSPs and MSSPs that can help customers lock down their cloud data.”
People and Emotions
Automation will drive a new tidal wave of spear phishing campaigns, according to WatchGuard.
“Cybercriminals have already started to create tools that can automate the manual aspects of spear phishing,” Nachreiner said. “By combining such tools with programs that scan data from social media networks and company websites, phishers can send thousands of detailed, believable spear-phishing emails, with content customized to each victim. This will dramatically increase the volume of spear phishing emails attackers can send at once, which will improve their success rate. On the bright side, these automated, volumetric spear-phishing campaigns will likely be less sophisticated and easier to spot than the traditional, manually generated variety.”
Bad actors know anxiety and uncertainty make victims easier to exploit, he said. As society continues to grapple with COVID-19, global political strife and general financial insecurity in 2021, these automated spear-phishing attacks will prey on fears around the pandemic, politics and the economy.
Stealing Credentials
In addition, threat actors now have an abundance of tools to help them craft convincing spear-phishing emails that trick victims into giving up credentials or installing malware. They’re leveraging cloud hosting to piggyback on the otherwise good reputation of internet giants like Amazon, Microsoft and Google.
“Most cloud-hosting services like Azure and AWS offer internet-accessible data storage where users can upload anything they’d like, from database backups to individual files and more,” Nachreiner said. “These services are exposed to the internet through custom subdomains or URL paths on prominent domains such as cloudfront.net, windows.net and googleapis.com. Threat actors commonly abuse these features to host website HTML files designed to mimic the authentication form of a legitimate website like Microsoft365 or Google Drive, and to steal credentials submitted by unsuspecting victims.”
WatchGuard predicts these cloud-hosting providers next year will begin heavily cracking down on phishing and other scams. They’ll do so by deploying automated tools and file validation that spot spoofed authentication portals.
Hitting Home
With work from home continuing through 2021 and beyond, cybercriminals will change their approach and create attacks specifically targeting the home worker.
“Malicious hackers often include worm functionality modules in their malware, designed to move laterally to other devices on a network,” Nachreiner said. “In 2021, cybercriminals will exploit under-protected home networks as an avenue to access valuable corporate endpoint devices. By deliberately seeking out and infecting the company-owned laptops and smart devices on our home networks, attackers could ultimately compromise corporate networks. Next year, we expect to see malware that not only spreads across networks, but looks for signs that an infected device is for corporate use (such as evidence of VPN usage).”
Smart Cars Targeted
In addition, smart cars keep getting smarter and more common, with more manufacturers releasing new models every year. Security researchers and black hat hackers alike are paying attention. In 2021, WatchGuard expects a surge in smart car attacks that leverage smart chargers.
“As with chargers for our mobile phones and other connected devices, smart car charging cables carry more than just energy,” Nachreiner said. “Although they don’t transfer data in the same way phone chargers do, smart car chargers do have a data component that helps them…
…manage charging safety. In the world of mobile phones, researchers and hackers have proven they can create booby-trapped chargers that take advantage of any victim who plugs in.”
A successful attack could result in car ransomware that prevents your car from charging until you pay, he said.
In terms of smart and connected devices, users will finally revolt and make vendors take privacy for home and consumer IoT devices more seriously in 2021. Expect to see the market start to heavily push back against IoT devices that collect personal data, and pressure government representatives to regulate the capabilities of these devices to protect user privacy.
Corporate Targets and Technologies
Attackers will swarm VPNs and remote desktop protocols (RDPs) as the remote workforce swells, WatchGuard said.
RDP is already one of the most attacked services on the internet. While you should only use RDP with VPN, many choose to enable it on its own. That offers a target for hackers. Additionally, cybercriminals know remote employees use VPN often. Though VPN offers some security to remote employees, attackers realize that if they can access a VPN, they have a wide open door to your corporate network.
“Using stolen credentials, exploits and good old-fashioned brute-forcing, we believe attacks against RDP, VPN and remote connection servers will double in 2021,” Nachreiner said.
In addition, endpoints have become a high priority target for attackers amid the global pandemic. With more employees working at home without some of the network-based protections available through the corporate office, attackers will focus on vulnerabilities in personal computers, their software and operating systems.
“It’s ironic that the rise in remote work coincides with the same year Microsoft has ended extended support of some of the most popular versions of Windows – 7 and server 2008.” Nachreiner said. “In 2021, we expect cybercriminals to seek out a significant security flaw in Windows 7 in hopes of exploiting legacy endpoints that users can’t easily patch at home.”
MFA Provides Crucial Protection
In 2021, every service without multifactor authentication (MFA) will suffer a breach, WatchGuard said.
“Authentication attacks and the data breaches that fuel them have become a daily occurrence,” Nachreiner said. “Cybercriminals have found incredible success using the troves of stolen usernames and passwords available on underground forums to compromise organizations using password-spraying and credential-stuffing attacks. These attacks take advantage of the fact that many users still fail to choose strong and unique passwords for each of their individual accounts. Just look at the dark web and the many underground forums. There are now billions of usernames and passwords from various breaches, widely available, with millions added every day.”
These databases, paired with the ease of automating authentication attacks, means no internet-exposed service is safe from cyber intrusion if it isn’t using MFA, he said.
About the Author
You May Also Like