In the past year, COVID-19 has had a larger impact on work habits and security environments than any other health emergency in memory. That combined with technological advances such as 5G has led to several trends we expect to see in this New Year.
Here then are our top ten:
#1 An increase in attacks on remote infrastructure. Because of the pandemic, we saw an enormous increase in the number of workers moving from centralized locations to home offices; this, in turn, has led to an increase in the employment of technologies facilitating remote work, such as email, VPN, and remote desktop (RDP). In many cases, workers began working remotely so quickly that organizations didn’t have enough time to fully consider security implications. This created an increased attack landscape, in which criminals understand the weak points and how to capitalize on them, particularly with VPN. Sadly, we’ve seen several compromises already and expect to see this continue. Suffice to say, companies must focus on securing both their VPN and RDP infrastructures.
#2 Smart devices will evolve from connected’ to autonomous. Smart cities, smart manufacturing, smart transport, and logistics will invest to become more autonomous. Smart devices used for automation in manufacturing plants, transport, and logistics will become more autonomous, with more built-in intelligence and less full-time connection. This will have an impact on latency, availability of connection, and security issues. The latency issue is a product of having to talk to centralized cloud services, which can take more time than is ideal for real-time systems to react to things occurring in the physical world. Likewise, a loss of connectivity for any number of reasons (power outage, cloud down, cyberattack) can impact smart devices that aren’t autonomous. And the more you are connected and interact with external services, the higher security exposure to attack. As such, we’ll see more smart systems that can run by themselves, using connections primarily for remote monitoring. Intelligence will be provided by MEC and edge cloud services, and 5G’s blazing speed will be a critical driver for smart collaboration between systems.
#3 The internet will become one large interconnected service factory. We’re moving towards APIs for web applications, with organizations taking some services and placing them in different interconnected clouds. This is the beginning of a full mesh of interconnected services from the edge to central clouds, effectively creating a full meshed hierarchy. The risk is that if one component fails, then the whole system is impacted. Centralization in major cloud providers such as Amazon Web Services (AWS) and DNS increases the probability for large scale outages. Expect to see more in the coming year.
#4 We will see larger impacts due to centralization, including widespread outages and collateral damage. By putting all our eggs in a single basket when an outage occurs because of a a simple fat finger or DDoS attack, we’ll see more widespread outages that impact consumers. Most users of common intelligent devices don’t understand what they are connected to. So, when AWS goes down and IoT home devices stop working, it can be problematic. We’ve come to rely on the smart doorbell and robotic vacuum systems without considering the importance of secure and reliable connections.
#5 More advanced, non-nation state users online will attempt to influence and disrupt. Ordinary users are now learning the TTPS skills being used by APT groups and other cybercriminal organizations. We foresee more localized operations by local citizens to influence and disrupt processes inside their countries. And because of their access to social media, they may have a significant impact.
#6 Internet connectivity providers will need to provision more bandwidth excess to provide for the Internet’s ‘grey noise’. Scanning by white, grey, and black hats, as well as DDoS attacks, consume internet bandwidth. As such, every internet exchange, transit provider, and ISP will have to take this traffic into account when sizing the network. Increased grey noise makes it more time consuming and expensive to determine good traffic from bad. In the end, the costs for this will be passed on to businesses and consumers.
#7 Expect more bad bot problems. In 2020, we saw PS5/XBOX Series X|S scalping campaigns impact consumers. Now, individuals are using sniping bots to counter scalpers on marketplaces. And it’s not just malicious actors or hackers that are building scripts to go buy something faster.
Ordinary people are buying tools or building tools learned via YouTube videos to do this. If you don’t have a bot, you’re now at a disadvantage of buying coveted products. Businesses will need advanced bot mitigation to better protect themselves and their brands from individuals using bots that limit availability to potential customers.
#8 Ransomware will continue to rule the land. Expect to see even more emails that entice you to click on nefarious links. These phishing schemes may use topical issues such as early access to COVID-19 vaccinations or other subjects that have a strong emotional pull. As a result, we’ll see even more ransomware payloads delivered through phishing.
#9 Fake news will become second nature. Get used to it, there is no silver bullet. Companies such as Facebook and Twitter have been trying to fight it with AI (deep learning), but those technologies aren’t yet sophisticated enough for high-quality detection and classification. The major issue is that AI needs historical data to understand whether something is true or fake, something that isn’t always available. As a result, we see a lot of false positives. Unfortunately, attackers don’t care about false positives, while defenders do. When a fake campaign is identified, attackers simply develop a better one. Moving forward with artificial intelligence, we’re going to need improved deep learning for better detection.
#10 Expect to see an increase in Covid-10 propaganda. This misinformation may be related to infection and death numbers as well as the effectiveness of masks and other personal protective equipment. We’ll also see myths spread around vaccinations and side effects. People prone to conspiracy theories will click on these links from their personal and corporate computers and in term will potentially expose them to infections.