While 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense.
Predicting the future is always an iffy proposition. There’s the Nostradamus route, making predictions so cryptic and vague they could mean just about anything. Or you can go the TV psychic route and throw a handful of darts at the wall, highlighting the ones that stick and hope everyone ignores the many misses.
In cybersecurity, the best we can do is look at trends in attack methodologies, recognize changes in the threatscape, see what new technologies are emerging and offer a best guess about where things will be going forward.
We will get it wrong part of the time. Possibly most of the time. But we are coming at it from the angle of cybersecurity professionals familiar with where we were and where we are, and with some insight into where we’re going. Let’s hope we can do better than celebrity psychics who never seem to have the foresight to make a mint by picking the next big stock.
With that in mind, here are some predictions about the world of cybersecurity going into 2021. While 2020 makes us inclined to predict that “quantum computing will make machines sentient and the robots will rise up and kill us all,” the future does not look that bad.
Ransomware Will Evolve
Cyberattacks have matured over the years, with different trends coming and going. Going into 2021, ransomware will almost certainly remain a big part of the attacker’s portfolio, but cybercriminals will continue to “add value” by also stealing data before they encrypt it. We have seen them use this added extortion tactic already, but this will become more of an issue in the healthcare space, where attackers can use stolen patient records to blackmail patients by threatening to release medical histories.
Sadly, continued attacks against healthcare and medical infrastructure will probably lead to serious consequences going into 2021. Someone will likely die as the direct result of a cyberattack. The only positive outcomes here are that the tragic wakeup call will be the impetus needed to beef up defenses in the healthcare space and make law enforcement more aggressive pursuing cybercriminals.
As cybercriminals continue to evolve their business models, they will become bolder and target a broader range of industries. They will still go after targets of opportunity as low-hanging fruit, but expect to see more targeted attacks against companies, and industries, that had not previously considered themselves at high risk. This includes any organization outside the top five: Financial services, government, healthcare, higher education or the energy sector.
Zero-Days and Cryptocurrency
Zero-day attacks against popular operating systems and applications will continue to be an issue too. Developers have become more careful overall, but there is still room for improvement. Bug bounties help (offered by major vendors for people to improve their code), but malicious actors will continue to use their version of the same model and offer high payouts to people who sell them exploits.
Cryptocurrency remains a volatile pseudo-commodity that is favored by privacy advocates and criminals, while it is loathed by government agencies. From the perspective of cybersecurity, cryptominers have become a common payload for attackers simply going after compute resources. We are likely to see more of them going forward.
Governments are already working to regulate the space and 2021 may see legislation seeking to control, if not outright ban, the use of cryptocurrencies. Law-enforcement agencies worldwide will need to cooperate if they are to have any chance of dealing with an ever-growing cybercriminal underground. The criminals’ evolving business models may actually make them easier to target by law enforcement.
The IoT Tsunami – and Connected Cars
Internet of things (IoT) devices will continue to live largely unseen and unnoticed as they’re compromised. Separate from the larger devices such as medical imaging systems, small IoT devices will remain vulnerable and unpatched, if not unpatchable, as they become ubiquitous. Malicious actors will find new and more creative uses for these devices, possibly finding ways to use them to compromise the cloud-based controllers they frequently rely on.
Something we can look forward to or, rather, worry about, are cyberattacks against the latest generation of connected vehicles. While there have been no known attacks against over-the-air updates to vehicle software, it will become a growing concern as more manufacturers adopt the technology. We are also likely to see attacks against self-driving systems in one form or another.
While proof-of-concept attacks may be nothing more than spoofing an autopilot system into stopping for obstacles that aren’t there or following traffic markings into a parking lot, the potential exists for serious attacks against the sensors and software that enable these technologies.
The safety measures in place to protect these advanced systems make external attacks more difficult. The same applies to cloud infrastructures and more modern operating systems. Our defenses are improving, which means attackers are likely to move inside where they can.
Whether this is through bribery or account compromise, both things we’ve seen in 2020 and are likely to see more of in 2021, the insider-threat vector is likely to increase. This will be a growing concern in the supply chain, where attackers can move against smaller, less mature, organizations on their route to compromising downstream targets.
The Good News: Defenses Will Improve
One of the reasons we’ll see more internal attacks is that password-management tools and multi-factor authentication (MFA) will become more prevalent. This will help slow the rate of account-compromise attacks through phishing and data theft.
These tools are very effective at reducing the threat from compromised accounts, with token-based MFA being the more effective of the two, but usage has grown slowly over the years. However, inexpensive physical tokens and software-based equivalents make them accessible. User acceptance will still be a challenge going into the new year and, probably, for several years more.
We’re also likely to see a growth in risk-based access control technologies, where security analytics tools are used to help decide what level of authentication is appropriate on a case-by-case bases. This will reduce the burden on users by only requiring additional authentication when needed, while making it more difficult for attackers by tying behavior analysis techniques into the security stack. This also ties into zero-trust architectures, which should also see growth moving into 2021 and beyond.
Security analytics as a technology will see more use, being incorporated into existing security stacks by seamlessly merging into existing solutions. It will become even more important as extended detection and response (XDR) evolves past the initial vendor-centric definition to a more open vendor-agnostic model going forward. The behavior-analytics models will continue to improve, which will deliver more accurate results, as endpoint agents continue to improve and feed better information into the stack.
If we are lucky, we will see ultralight agents that can deploy on IoT devices and extend endpoint defense into that vulnerable sector. We will also see deception technologies more broadly deployed. While they can’t prevent attacks, they can serve as a reliable early warning and compliment the rest of the stack.
2020 was a difficult year in cybersecurity and for the world as a whole. While 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense.
Saryu Nayyar is CEO at Gurucul.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.