Researchers at WatchGuard Technologies’ Threat Lab predicted that automation will play a major role in shaping cyber security attack and defence activities in 2021.
Traditionally a high-investment, high-return targeted attack, WatchGuard predicts that automation tools will replace manual techniques to help cyber criminals launch spear phishing campaigns at record volumes, by harvesting victim-specific data from social media sites and company web pages. And as society continues to grapple with the impact of COVID-19, it is likely that these automated spear phishing attacks will prey on fears around the pandemic, politics and the economy.
Conversely, the research team at WatchGuard believes that automation will also help cloud-hosting providers such as Amazon, Microsoft and Google to crack down on cyber criminal groups abusing their reputation and services to launch malicious attacks.
Threat actors commonly host website HTML files designed to mimic a legitimate website like Microsoft365 or Google Drive to steal credentials submitted by unsuspecting victims. But in 2021, WatchGuard predicts these companies will deploy automated tools and file validation technologies that will spot spoofed authentication portals.
In its annual look ahead to the next 12 months, the WatchGuard Threat Lab also expects the tumultuous events of 2020 to impact the threat landscape next year and for years to come. Other predictions include:
Attackers swarm VPNs and RDPs as the remote workforce grows
As more companies adopt VPNs and Remote Desktop Protocol (RDP) solutions to provide secure connections to employees working from home, WatchGuard predicts attacks against them will double in 2021. If an attacker can compromise VPN, RDP or remote connection servers, they have an unobstructed path into the corporate network.
Security gaps in legacy endpoints targeted
Endpoints have become a high priority target for attackers during the global pandemic and many personal computers are still running legacy software that is difficult to patch or update. With Microsoft just ending its extended support program for Windows 7, WatchGuard is warning organisations to expect at least one major new Windows 7 vulnerability to make headlines in 2021.
Services without MFA will suffer a breach
Authentication is the cornerstone of strong security; but with billions of usernames and passwords available on the dark web and the prevalence of automated authentication attacks, no Internet-exposed service is safe from cyber intrusion if it isn’t using multi-factor authentication (MFA). In fact, WatchGuard believes that any service without MFA enabled is highly likely to be compromised in 2021.
“As we have learnt in 2020, it is very difficult to predict what is going to happen in the future,” says Corey Nachreiner, CTO at WatchGuard Technologies. “But our Threat Lab team along with other researchers around the world have an increasing level of analytics and insight to make well-informed guesses. Cyber criminals always look for the weak links, so the growing ranks of home workers are an obvious target and when it comes to new technologies such as automation and AI, what can work for good, can also be exploited for malicious activity. It’s just a case of trying to stay one step ahead.”