Dubai, United Arab Emirates – BeyondTrust, the worldwide leader in Privileged Access Management, released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Technology Officer and Chief Information Security Officer, Brian Chappell, Director, Product Management and Karl Lankford, Director Solutions Engineering, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.
“COVID-19 has truly effected a paradigm shift in how businesses and employees work and has also had profound ramifications for securing the people and IT assets of enterprises,” said Morey Haber, CTO and CISO at BeyondTrust. “Looking ahead helps us anticipate where cyber threat actors will undoubtedly head as they look to take advantage of this paradigm shift. At BeyondTrust, we plan to provide the best security solutions to address current and future attack vectors, which our customers and partners expect.”
Some of the top threats include:
The Hacking of Time — Network Time Protocol and Windows-time-based servers will be of interest to hackers. These protocols control the timing of everything transaction-based. If the timing is off, everything from licensing servers to batch-based transactions can fail, creating denial of service attacks in key Internet infrastructure and within the processes of an organisation.
Poisoning of Machine Learning Training Data — As machine learning becomes more widespread attackers have a new vector to consider. After a threat actor steals a copy of the original training data, they will begin to manipulate the models generated by injecting poisoned data into the training pool, creating a system that has learned something it shouldn’t. This manipulation will have a multiplying effect and destroy the integrity of any legitimately processed data.
Social Media Attack Vectors Thrive in the Era of Social Distancing — Expect attackers to move beyond just targeting individuals through social engineering to targeting businesses as well. Poor verification practices will allow social media-based attacks to be successful. Malicious QR codes or abbreviated URL’s could also be employed to obfuscate the malicious website. Since the social media controls around posting, verification, and URL redirection are poorly managed, expect new attacks to flourish.
Who goes there? Friend or Fake? The Rise of Identity-Centric Security — As systems and services move out of the traditional network environment, security leans more heavily on proof of identity. A verified identity could now be the only ‘key’ needed for all access. Attacks on the mechanisms that maintain and secure verified identities will increase through 2021 and beyond.
Porch Pirates Embrace Digital Transformation — With more people working from home, expect the physical theft of packages from porches to continue to be a problem, but a new attack vector in the supply chain will emerge. Attackers will seek to exploit the package delivery personnel and the technology on which they rely to ensure precise and timely delivery. These attempts will ultimately be used to track and reroute packages. The end game will be theft of merchandise, with high-valued items potentially held for ransom.