Ransomware, COVID-19, and nation-state attacks made 2020 a banner year for cybercrime. Many organizations were caught unprepared, even though there had been plenty of warnings about potential pandemics and nothing unexpected at all about more ransomware attacks or countries waging cyberwar.
There are no signs this year will be better on the cybersecurity front. Criminals are sitting on piles of money they can invest in improving their attack technologies and infrastructure, and nations will continue to pursue their political goals via sophisticated hacks.
But some of the tactics will be novel or at least little seen so far. We asked top security experts for their predictions of what's coming in 2021. Here’s what they told us.
1. Work-From-Home Attacks
The pandemic has caused a global change in how employees access corporate systems. Even though there’s been a wholesale shift to remote work, we haven't yet seen any massive-scale attacks using less protected home networks as a vector, Scott Crawford, an analyst at 451 Research, said.
That may be about to change.
"That's the next wave," said Amr Ahmed, managing director at Ernst & Young Consulting Services. "Home environments are not as secure as corporate networks."
If attackers target data center or enterprise employees working from home, they can come in through the weakest points, he said.
Family members are logging in to their company or school networks or using the internet for entertainment. There are no enterprise-grade firewalls and plenty of connected consumer devices that may be a lot less secure than an enterprise security manager would be comfortable with.
Employees commonly access their enterprise systems with a VPN, using traditional login credentials. "If that gets compromised from my home office, it can impact the enterprise very well," Ahmed said.
2. Attackers Will Start Using AI
For a couple of years now we've been seeing the potential for AI being used for malicious purposes. Attackers have used deep fakes to impersonate company executives and steal money, for example. Researchers have shown that AI can be used to create new malware, better phishing emails, or find new ways to penetrate corporate networks.
But AI-powered attacks have been rare. Criminals have much simpler yet effecftive tools at their disposal and no shortage of attack vectors.
As companies beef up their defenses and improve backup systems, however, attackers are investing and innovating. AI promises the ability to create highly scalable attacks that are fully automated and tailored for each victim.
"Attackers are already using AI," Ahmed said. "Just like we're using AI to prevent attacks, they are using AI to penetrate, and they are becoming a lot more aggressive."
AI is used to generate denial of service attacks that can shut down data centers or to make ransomware more aggressive.
"It's very clear," he told DCK. "We have indication, from the volume and sophistication, that they're not using the traditional one person to do the attacks."
Even more worrisome, AI is being built into exploit kits and software development kits, said EY Consulting's senior manager Mounir Elmously.
"We have a couple of examples that we witnessed during investigations," said Ahmed.
For example, said Elmously, attackers are using AI-powered user behavior analysis to create better phishing attacks and find open firewall ports.
"The best way to exploit that is with AI. They can look for back doors to penetrate… the system,” he said. “This is available in the kits. Many of the penetrations that happened recently are using AI to exploit firewall rules."
3: More Attacks On the Management Layer
"They're getting into the management layer, which is the most dangerous part of any attack," said Ahmed. "Once I get into the management layer, I can get into anywhere. Before, you can target a server weakness or an end user. But when I get into the management layer, I have access to anything, and can go anywhere. I think that is really dangerous."
We saw this play out with the massive SolarWinds attack, which went after the network management layer.
"Tomorrow, it's going to be batch environments, your backup system. your software distribution," he said.
4. Attacks On SNMP Traffic
SNMP (Simple Network Management Protocol) is used to manage devices such as modems, printers, routers, switches, and servers. It's a critical means of communication within a data center.
"Practically no firewalls can stop SNMP traffic," said Elmously.
Hackers that compromise these communications can target any component of the data center environment, he said, including air conditioning and uninterruptible power supplies.
5. Attacks That Originate in the Cloud
We've already seen examples of attackers going after cloud infrastructure. Credentials get exposed, and attackers get into a company's cloud infrastructure in order to, say, steal compute resources for crypto mining. Cloud storage buckets are accidentally exposed, allowing attackers to steal data. Stolen credentials can also be used to get access to online systems, like Office 365 – as was the case in some of the SolarWinds attacks.
But in 2021, we might begin to see more attacks that start in a company's outsourced cloud infrastructure used as a jumping-off point for attacks on on-prem systems.
Ahmed said he’s already seen such incidents.
Traffic coming from a company's own cloud instances is typically considered more secure than traffic coming from the public internet in general. Connections between a company's cloud applications and on-prem data stores, for example, could be considered trusted communications.
"An AWS server that you own and that you run your workload on… would be used to launch an attack from there into your data center," he said.
6. The 5G Threat
While hackers won’t exactly be able to send mind-control messages directly into data center managers’ brains using the radio spectrum occupied by 5G communications, the wireless standard is expected to revolutionize the security landscape.
"Once 5G is widely available, the floodgates will open, and both the white hats and black hats of the world will experience a swift learning curve," Glen Pendley, deputy CTO at Tenable Network Security, told DCK. "The profound speed and reach will connect businesses more than ever before."
That means a successful attack can have a massive ripple effect.
"More devices will be brought online than ever before, and we will see more convergence among IT and OT as the environments collide," he said.
Data center security managers should work closely with their vendors and service providers when new technology is rolled out to make sure that security is prioritized and not left as an afterthought.
7. Deception Tools
Deception technology, a.k.a. “honey pots,” have been around for years. Recently, advances in machine learning have made it possible for data centers to deploy deception grids at scale, to trap invaders with fake lures before they get to the real crown jewels.
While such tools haven’t been popular among attackers, the bad guys have all the same tools the good guys do, said Ashvin Kamaraju, VP of engineering, innovation, and strategy at Thales Group.
"We don't know yet how the hackers themselves can exploit these deception technologies," he said. “But I'm sure they're thinking about it."
8. First Major Container Breaches
Enterprises have been widely adopting container technology in recent years, but container orchestration and management platforms haven’t been targeted by massive attacks so far, despite reports of potential vulnerabilities.
Josh Stella CEO of cloud security vendor Fugue, predicts that this will change in 2021.
"We’ll see the first significant data breach involving the exploitation of container runtime misconfiguration," he said.
Part of the problem, he told DCK, is that the adoption of container technologies like Kubernetes has been far outpacing the understanding of related security issues.
9. Even More Ransomware
Ransomware is so profitable that there's little chance it will go away, barring concerted international action to shut down bitcoin payments and extradite criminals from Russia and other cybercrime safe havens.
"Ransomware is insidious," said Thales' Kamaraju.
One new kind of ransomware that data centers may be facing this year is one that attacks converged IT and OT networks.
"Often, industrial control systems and OT devices oversee critical processes," said Amir Preminger, VP of research at Claroty.
They can't be replaced or powered down for updates,without severe interruption of services, he explained. That means that if they get hit by ransomware or other extortion-style attacks, data centers won't be able to recover as quickly as from traditional ransomware attacks.
10. Copycat Supply Chain Attacks
With the high-profile success of the SolarWinds attack, data center managers should expect to see a lot more attacks against their technology providers.
"Publicly known successful attacks typically lead to a significant increase in similar attacks," said Avishai Ziv, general manager of the chipmaker Marvell’s security solutions business unit.
Enterprises will try to secure their supply chains, he told DCK, but the process "is likely to be long and arduous."
Data centers can expect to see attacks against software providers, technology suppliers, contractors, managed services providers, and other third parties, he said.