Interested to examine the predictions and 2021 vision of four experts from one cybersecurity vendor? Read on …

New kind of space race

Next year, nation-states will likely put more effort behind cyberattacks against space infrastructure. I think we will see attacks on communications systems or GPS that almost industry relies on.

As Russia continue to try and develop their own navigation technologies they will find opportunity and want to impact other nations. Ultimately, in 2021 we will see the start of several new ‘space races’ during which our adversaries will be not only working on their own efforts but also trying to infiltrate our systems and disrupt any success we achieve. 

— Brett Williams, Chief Operating Officer

The predictability of cybersecurity 

Cybersecurity is incredibly predictable but people are not. The fact that attackers utilized the pandemic as a mechanism for phishing was not surprising, and it follows the basic thought process to use the most successful path of least resistance, which is: what are people currently interested enough in to drive clicks?

People, on the other hand are wildly unpredictable. The Twitter hack culminating in a-bitcoin-for-bitcoin scam is quite possibly the least reasonable use of that level of access they had at the time, and serves as a fantastic argument for the complete inability to predict the most interesting thing that will occur in 2021. This dichotomy explains why that event will be the most interesting thing from this year, even if it was the least impactful.  

2021 will be the year of the client-side exploit. During pre-pandemic or early pandemic phase there was a large spike in client-side exploitation and COVID-related phishing. We saw a large influx (300% increase) in card skimming as most new work-from-home employees experienced a disruption in what was considered normal productivity, including a lot more e-commerce traffic.

Then, and even now, as the VPN and remote-access noise drastically increased due to extended remote work arrangements, N-Day remote access vulnerabilities were the soup du jour (Citrix Gateway, Pulse Secure, Fortigate, and others). We observed warnings from CISA / FBA and NSA to update these vulnerabilities (that came out almost a half a year ago) but were being abused heavily by attackers living off the land. 

Ransomware access as a Service

Ransomware might have almost doubled from US$11.5bn to $20bn in damages in 2020, but the cybersecurity community predicted this increase, so the ridiculous cost was mundane.

Similarly, ransomware will continue to play a major role in 2021 with the steady move to an ‘access as a service” for situations where skilled attackers not willing to take the heat of monetizing their efforts will move to underground forums to sell off implants and credentials that will likely get flipped to ransomware deployments.

The Year of MFA 

Folks will have been already hacked or hopefully cleaned up some of their N-Day vulnerabilities, and the pendulum will swing back to the users and client-side exploits. So it is important to mitigate that. If you use Office 365, set up a group policy to disable macros. Also set up multi-factor authentication (MFA), as the success of information stealers like Valak that used harvested email credentials to continue to propagate, will likely continue into the next year.

If I were to offer advice for 2021, rather than a prediction, it would be to make 2021 the year of MFA and Group Policy macro disabling.  

Anthony Grenga, Director, Cyber Operations Centre 

WFH opens new attack surfaces

We will see continued exploitation of the remote-working over the next year. From a prevention and detection perspective, the amount of vulnerabilities created by this new environment will be of great concern to cyber operations in every enterprise, large or small.

I expect we will see a significant portion of corporate infrastructures being effectively targeted by malware and unauthorized access through the additional access points created by the new environment.

Though I do not anticipate significant intentional destructive activity to result outside of a major nation-state level conflict, it is certainly possible that there may be potentially significant competitive implications and the like, as more information—particularly related to sensitive intellectual property— continues to walk out the back door. 

Because we are still fairly early in this massive infrastructure shift, next year will be very illuminating on how this new threat environment impacts key industries with critical information (i.e., financial services, energy, healthcare, and the government, to name a few) where the highest level of (and most intense) attacks typically occur.

— Jamil Jaffer, SVP for Strategy, Partnerships & Corporate Development 

Old becomes New again

In 2020, as always, some of the old (i.e., Emotet, Taidoor) had become new again, and ransomware has evolved from being a blind, automated forget-and-fire campaign to become a more tailored/custom set of techniques, sometimes including evolution into low-level anti-detection techniques (more in-memory, disk I/O without timestamp modifications, etc.). This is a trend we will see evolve even more in the new year. 

Things do not really go away, especially APTish and criminally-lucrative items: they just lay low for a bit then change infrastructure and keep evolving to evade current detection scenarios until they are caught again. Once they are detected, various security groups are adept at illustrating the modified versions of software components, and illustrating commonality in code sequences within them, when that occurs.

What about SMEs and cash-strapped public sectors?

Ransomware is not going away yet, as it is apparently proving to be a very lucrative criminal pursuit. Various endpoint companies are bundling their own proprietary solutions and charging a great deal for those products.

However, this does not help small businesses and publicly-backed sectors (such as healthcare) that are already strapped financially due to the impact of the pandemic on public financial outlooks.

Until someone arrives at a commodity-level, freely-available fundamental endpoint solution that is bundled with operating systems that hold large market shares, it is going to continue being an issue. 

Pandemic will put job seekers at risk 

To no one’s surprise, I’m sure we will be seeing a strong continuation of COVID-themed attacks: phishing (info stealing), apps, malspam, etc., as treatments/vaccines become available and users become more vulnerable to that type of pretext.

I would also predict that if we have not already, in 2021 we will see an increase in resume-linked or job-seeker-themed attacks as the pandemic continues.

Much like sectors that have become vulnerable due to the outbreak, malicious actors will catch on and start targeting groups/demographics that have been impacted and, as a result, will become easier to attack. 

Jon Perez, Director of Emerging Threats & Detection Research