The absolute top cyber threat landscape predictions for 2021
Complex Made Simple

The absolute top cyber threat landscape predictions for 2021

The absolute top cyber threat landscape predictions for 2021

Top experts revealed their expectations for the 2021 cyber threat landscape and we bring them to you here.

  • Any company claiming significant success in developing a vaccine will become a potential victim of targeted attacks
  • There was a 22% increase in the number of connected home devices globally
  • Only 37% believe they can distinguish a malicious QR code

Analysis of breach data by Tenable’s Security Response Team (SRT) revealed that from January through October 2020, there were 730 publicly disclosed events resulting in over 22 billion records exposed worldwide.  Around 35% of breaches were linked to ransomware attacks, while 14% were email compromises.  

In 2020, 18,358 common vulnerabilities and exposures (CVEs) were reported, representing a 6% increase from the 17,305 reported in 2019. 

Top experts revealed their expectations for the 2021 cyber threat landscape and we bring them to you here.

Read: Protecting Mac OS against cyber attacks in the GCC and beyond

Kaspersky  

Digitalization of education to widen threat landscape

The integration of social media, video services, and games in the educational process has proven to be effective and more of such content is set to be created in 2021. While the number of online students rises, so do related privacy threats.

Additionally, distanced learning also brings new risks of cyberbullying.

Evolution of ICS oriented attacks

Ransomware attacks against industrial control systems (ICS) will become more targeted and more sophisticated using advanced persistent threat (APT) tactics, all made easier with the increase of industry personnel accessing networks remotely.

Hacking the COVID-19 vaccine 

In 2021, the efforts to steal coronavirus research data will continue. Any company that claims significant success in the development of a vaccine will become a potential victim of targeted attacks.

Read: Remote work cyber protection lacking: GCC region under attack

McAfee 2021 Threats Predictions 

1. Supply chain backdoor techniques

Author: Steve Grobman, CTO, McAfee

On December 13, 2020, the cybersecurity industry learned nation-state threat actors had compromised SolarWinds’s Orion IT monitoring and management software and used it to distribute a malicious software backdoor called SUNBURST. 

It became the first major supply chain attack of its kind. 

This supply chain attack operated at the scale of a worm such as WannaCry in 2017. It enables U.S. adversaries to steal all manner of information, from inter-governmental communications to national secrets.   

What makes this type of attack so dangerous is that it uses trusted software to bypass cyber defenses. 

McAfee believes the discovery of the SolarWinds-SUNBURST campaign will expose attack techniques that other malicious actors around the world will seek to duplicate in 2021 and beyond.

2. Hacking the home to hack the office

Authors: Suhail Ansari, SVP of Engineering and Operations, Consumer at McAfee; Dattatraya Kulkarni, Consumer Chief Technologist at McAfee; Steve Povolny, head of McAfee Advanced Threat (APT) Research

There was a 22% increase in the number of connected home devices globally and a 60% increase in the U.S, according to McAfee. Over 70% of the traffic from these devices originated from smartphones, laptops, other PCs, and TVs, and over 29% originated from IoT devices such as streaming devices, gaming consoles, wearables, and smart lights. 

Cybercriminals will advance the home as an attack surface for campaigns targeting not only families but also corporations.   

3. Weaponized AI attacks on cloud platforms and users

Author: Sandeep Chandana, Director, Global Technical Support, McAfee

Attacks on cloud platforms and cloud users will weaponize AI and evolve into a highly polarized state where they are either “mechanized and widespread” or “sophisticated and precisely handcrafted”. 

The COVID-19 pandemic has also hastened the pace of the corporate IT transition to the cloud, accelerating the potential for new corporate cloud-related attack schemes.  

McAfee cloud usage data from more than 30 million McAfee MVISION Cloud users worldwide shows a surge of 630% in attacks on cloud accounts with transportation leading vertical industries with a 1,350% increase in cloud attacks, followed by education (+1,114%), government (+773%), manufacturing (+679%), financial services (+571%) and energy and utilities (+472%). 

Widespread attacks will start weaponizing AI for better efficacy in 2021. 

4. New Mobile Payment Scams

Authors: Suhail Ansari, SVP of Engineering and Operations, Consumer at McAfee, and Dattatraya Kulkarni, Consumer Chief Technologist at McAfee

Cybercriminals will increasingly seek to exploit and defraud users with scam phishing or 'sms'ishing messages containing malicious payment URLs. 

A Worldpay Global Payments Report for 2020 estimated that 41% of payments today are on mobile devices, and this number looks to increase at the expense of traditional credit and debit cards by 2023. An October 2020 study by Allied Market Research found that the global mobile payment market size was valued at $1.48 trillion in 2019, and is projected to reach $12.06 trillion by 2027, growing at a compound annual growth rate of 30% from 2020 to 2027. 

The COVID-19 pandemic has driven the adoption of mobile payment methods higher and fraudsters have followed the money to mobile, pivoting from PC browsers and credit cards to mobile payments. 

5. Qshing — QR Code Abuse in the Age of COVID

Authors: Suhail Ansari, SVP of Engineering and Operations, Consumer at McAfee, and Dattatraya Kulkarni, Consumer Chief Technologist at McAfee

QR code usage has proliferated into many areas, including payments, product marketing, packaging, restaurants, retail, and recreation just to name a few. Particularly in the age of pandemic, QR codes are helping limit direct contact between businesses and consumers in every setting from restaurants to personal care salons, to fitness studios.  

A September 2020 survey by MobileIron found that 86% of respondents scanned a QR code over the course of the previous year and 54% reported an increase in the use of such codes since the pandemic began.   

However, the MobileIron report found that whereas 69% of respondents believe they can distinguish a malicious URL, only 37% believe they can distinguish a malicious QR code. Fewer than one-third (31%) realize that a QR code can make a payment, cause a user to follow someone on social media (22%), or start a phone call (21%).  

The lack of user knowledge on how QR codes work makes them a useful tool for cybercriminals and this will continue in 2021.  

6. Social Networks as Corporate Attack Vectors 

Author: Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research

McAfee has observed more sophisticated threat actors increasingly using social networks such as LinkedIn, WhatsApp, Facebook, and Twitter to engage, develop relationships with and then compromise corporate employees.  McAfee predicts that such actors will seek to broaden the use of this attack vector in 2021 and beyond. 

Author
Hadi Khatib

Hadi Khatib is a business editor with more than 15 years' experience delivering news and copy of relevance to a wide range of audiences. If newsworthy and actionable, you will find this editor interested in hearing about your sector developments and writing about it. [email protected]

© 2021, ADigitalcom. All rights reserved