WatchGuard’s Cyber Security Predictions for 2021
What were you doing on the 9th December 2020?
Well if you’re anything like us, you tuned in to WatchGuard’s 2021 cyber security predictions, presented by Senior Security Analyst Marc Laliberte and CTO Corey Nachreiner.
In the talk entitled “Securing the “New” Normal: 2021 Predictions”, Corey and Marc put forward 8 pressing cyber projections that all businesses need to be aware of over the next 12 months.
If you want to follow along with the talk yourself, you can watch it on-demand over on WatchGuard’s site.
So, what might 2021 have in store for us?
Automation Will Lead to an Increase in Spear Phishing
As discussed in our security words to remember , spear phishing is where hackers send targeted, fraudulent emails designed to trick the recipient into thinking that it’s a genuine request. This request may purport to come from someone they know or contain tailored, well-researched information to instil a sense of trust and familiarity.
For example, Rob in Accounts might receive a phony, yet believable, email purporting to be from Amy in IT, asking him to download the attached piece of software for some bogus reason. Spoiler alert, it’s really data-stealing malware. Alternatively, a hacker could pretend to be Rob’s boss, asking him to pay an urgent and as-yet-unknown invoice to a random bank account. These are two examples of spear phishing.
Understandably, sending out believable emails like these takes a lot of work. A criminal will need to spend time researching the individual target and those around them: who is most likely to ask for a request like theirs? How does that person/company format their everyday emails? What kind of language and tone do they use?
In contrast, a “standard” phishing email claiming to be from Amazon, Netflix, or the DVLA can be sprayed to thousands of people at once, but the customisation aspect of spear phishing makes it much more labour intensive.
This leads us to WatchGuard’s first prediction. Corey posits that cyber criminals are going to start leaning more and more on automation tools to make the spear phishing process easier and more hands-off. We may start to see hackers using automation tools to pull information from public sources, performing much of the formerly manual reconnaissance. They may then use natural language generation tools to craft the emails and to reply to victims.
Marc bookends this prediction on a sobering point. These attacks won’t be quite as sophisticated as “true” spear phishing campaigns, but “what they lack in sophistication they’re going to make up for in volume.”
Cloud Hosting Providers Call Time on Hosting Abuse
Cloud hosting services like Amazon’s AWS, Microsoft Azure, and Google Cloud have become incredibly popular with both legitimate organisations and with cyber criminals alike.
Marc kicks this prediction off by pointing out that many cloud services allow their users to upload web page files and effectively run their own mini websites through cloud storage rather than through traditional hosting. There are legitimate uses for this, but it is open to abuse.
According to Marc, criminals are increasingly using these services to host phony log in pages – often purporting to be widely used services like Office 365. They can then link to these pages as part of a phishing attack and harvest the login details that come their way.
WatchGuard’s prediction here is that cloud hosting providers will start cracking down on this fraud-related abuse that’s taking place on their platforms. This could be hypothetically achieved through some kind of automated anti-fraud scan.
In terms of what companies like yours should do to fight phony phishing pages like these, DNS filtration can go some way to block access to dodgy domains, as can WatchGuard’s WebBlocker and Reputation Enabled Defence (“RED”).
#WFH Will Drive Home Network Infections
One of the (few and far between) positives to come out of 2020 is the #WorkFromHome revolution. Many of us have enjoyed the freedom that working from home provides, and employers are seeing real benefits to morale. Therefore, many foresee working from home well after the pandemic, especially in tech and knowledge-worker fields.
But where working trends go, cybercrime soon follows. As individuals spend more of their time working from home, it’s likely that hackers will start to target home users and home networks more and more. Worm infections are of particular concern to WatchGuard. Worms are a kind of malware that can automatically self-replicate across networks, actively infecting other users and spreading independently.
Corey hypothesizes that criminals will develop worms that are not only designed to spread across networks, but are specifically designed to spread across VPNs and remote connections that home workers use to dial in to their company network.
The aim here is, of course, to compromise the company’s network, to access sensitive information, or to deploy ransomware designed to extort money out of the organisation. Corey is keen to stress that this particular scenario isn’t something he’s seen out in the wild yet, though it may only be a matter of time.
Such malware would be tough to guard against in practice, because remote connections between end points and the internal network will already be authenticated. But the solution here is – as always – strong endpoint protection.
This naturally includes antivirus tools, but Corey specifically points to EPP (Endpoint Protection) and EDR (Endpoint Detection and Response) tools like Adaptive Defence 360.
Criminals Will Use Smart Car Chargers to Infect Electric Vehicles
Marc states that WatchGuard generally offer up one longshot prediction every year. This is this year’s crazy conjecture.
WatchGuard propose that criminals will find a way to booby-trap public electric vehicle (EV) charging infrastructures to load malware into electric vehicles’ computerised components. They concede that there’s not a lot of research on this, but it’s important to note that smart car charging ports do have a small data transfer capability. This is generally used for charging safety and diagnostics, but the thinking goes that this data channel could be hijacked for nefarious means.
This kind of attack is not unlike the concept of “juice jacking”, whereby attackers tamper with publicly available USB charging stations (e.g., those in airports or hotels) in such a way that they are able to compromise plugged in devices. Marc and Corey both mention the potential for something like a “USB Killer” attack which could send a damaging power surge into vehicles being charged. There’s even the possibility that hackers could infect the car with ransomware that disables the charging function until a ransom is paid.
It’s scary stuff, and something that has been on the cards for a while – not least since researchers Charlie Miller & Chris Valasek found that they were able to physically hack into Jeep Cherokees in 2015.
https://www.youtube.com/watch?v=MK0SrxBC1xs However, it is a little pie in the sky. The risks of suffering this kind of attack are low, but it pays to keep all of your vehicle’s software patches up to date.
Users Will Increasingly Abandon Smart Devices Due to Privacy Concerns
As we welcome smart devices into our homes and businesses, there are growing concerns about privacy. Voice- and camera-operated devices may have become a part of our everyday lives, but their critics posit that they’re little more than watching and listening devices.
As an example, Corey talks about his beloved Oculus Rift VR headset that he can no longer use without a Facebook account. VR headsets use cameras to understand the space you are in, and Corey expresses concern about what Facebook might be doing with that information.
Corey also points to the rise of Amazon Sidewalk, a (currently) US-only service being rolled out to solve IoT connectivity issues by creating a sort of neighbourhood-wide connection. As Marc sarcastically interjects: “What could go wrong?”
Much of this does feel a little speculative, even paranoid. But we are inclined to agree that users are becoming more and more wise to the wholesale data-harvesting-for-sale that large corporations get up to. Both Corey and Marc feel that this uncertainty is going to come to a head in the next 12 months or so. Users will revolt and demand that either corporations self-regulate, or governments bring in more stringent legislation to protect citizens’ privacy.
Attackers Will Further Target Remote Access Methods and Protocols
In response to lockdown measures, companies had to quickly set up ways to work from home, often aiming to “just make it work” rather than building in security from the outset. As our MD Andy puts it, “Companies have sacrificed security on the altar of convenience” (he’s poetic like that).
When lockdown began, many organisations scrambled to set up RDP (Remote Desktop Protocol) and/or VPN connectivity – sometimes in a haphazard, under-secure way. Whether it’s using poor authentication credentials or simply leaving the connection open and exposed.
Even pre-COVID, RDP attacks were remarkably common. Panda Security (coincidentally a recent WatchGuard acquisition), found that there were 150,000 attempted RDP attacks taking place every day before lockdown measures began in March 2020. Post-lockdown (and more importantly, post-WFH) that figure skyrocketed to almost a million attempted attacks every single day. WatchGuard predict that RDP attacks will double in 2021, with Marc suggesting that users protect their remote access tools with robust MFA solutions. He also suggests that you revisit your remote access tools to double check that you’re using the most stringent security possible. And if you need help doing that, then speak to our team for a free cyber health check!
Criminals Will Attack End-of-Life Devices (Especially Newly EOL Windows Devices)
Microsoft will be ending their extended support for Windows 7 and Server 2008 in January 202 , so they aren’t going to be releasing further updates for these operating systems – including security patches.
However as mentioned before on this blog, companies don’t necessarily stop using an operating system when its support cycle ends. There are countless situations out there where critical IoT/SCADA hardware like sensors, actuators, or medical devices are simply incompatible with newer OS versions, or rely on a feature that just isn’t present in newer iterations. Alternatively, organisations may be waiting on funds to become available before they upgrade.
Windows 7 was an incredibly popular operating system, chiefly because it was released in between two flops. Many of us couldn’t wait to upgrade to Windows 7 from the sluggish Vista. Those who upgraded from 7 to the famously lambasted start-menu-optional Windows 8/8.1 generally regretted the move too. Marc concurs “one of the main issues…is that Windows 8 really was awful”.
Though Windows 10 now boasts 75.96% of global Windows usage market share (Source: Stat Counter), it has nonetheless endured spirited criticism – criticism that may have encouraged late adopters to stick with old faithful Windows 7.
Globally, 17.86% of Windows users are still using Windows 7 – a sizable user base who will likely prove prime targets for cybercrime. If you find yourself tethered to an end-of-life operating system due to compatibility concerns, Corey urges you to get that software updated so it plays nice with the latest operating system on the block. However, he does concede that sometimes this isn’t always possible.
But what about those who aren’t able to upgrade, full stop? Corey advises you invest in strong firewalling and to only connect EOL systems to the bare minimum that they need in terms of network/online access in order to keep risk levels low.
Every System Without MFA Will Inevitably Suffer a Breach
Though the chaps admit that predicting every single system without multi-factor authentication will end up compromised is a bit of a reach, it’s founded in very real cyber security intelligence.
Authentication attacks and data breaches are now a daily occurrence. Marc states that he’s made aware of massive breaches <em>almost every day</em> where millions of credentials are made available online – sometimes for free. WatchGuard’s Dark Web Scan Tool has so far identified 27bn records out there, online, for free. It doesn’t bear thinking about the amount of damage a similar tool could do in the wrong hands.
But a database of hacked Google credentials (for example) won’t just be used to hack Google Accounts. Cyber criminals understand that people are generally quite lazy, and will reuse passwords (or password themes) across different services. Hackers will try compromised username and password combos wherever they can to try and gain some kind of profit or leverage. Marc points to a case in 2012 where Dropbox got hacked because a Dropbox employee’s breached LinkedIn password happened to be the same one they used for the corporate Dropbox network.
Automation also pops up here. When a criminal lays hands on a database of cracked creds, there’s the potential that they will use automation tools to spray the login pages of popular services with their ill-gotten information. So, using reliable multi-factor authentication is essential, with WatchGuard’s AuthPoint being highly recommended by our team. Marc also mentions the importance of keeping strong, unique passwords for every single login and how password managers are essential in achieving that. Corey adds that WatchGuard brand Panda’s Dome Password Manager is an excellent solution, though one that’s aimed towards a more consumer market.
Worried that your current setup is ill-equipped to fend off these new cyber threats? Then grab your free cyber health check from Just Firewalls. Our resident team of cyber-boffins are on hand to talk through your current security measures and suggest the best course of action to keep you safe. We may even be able to boost your cyber defences protection for free by simply adjusting your current setup! So, book your free health check with our team today and start 2021 off on the right foot.