The new scenario inaugurated by the COVID-19 pandemic has also brought significant changes to the context of cyber threats. As a result, the volume and intensity of cybercrime has increased – and the forecast is that attack methods will also start to vary considerably from the beginning of 2021.
But after all, what will these new hacker approaches look like? Check out 6 estimates below:
Exploiting poorly made configurations in the cloud
For Chet Wisniekski, a cybersecurity specialist at Sophos, cloud attacks are a major concern. He points out that cloud service configurations are very different from vendor to vendor, and it is common for companies to use different accounts for some or several of these services.
From there, cybercriminals can and should take advantage of this mess to target corporate data.
Redesigned attacks on remote devices
With COVID-19, it is noted that corporate remote devices are handling much more sensitive data than before. In this sense, Jim Boehm, from McKinsey & Co., foresees new attacks on these devices, which will take advantage of security holes like those found in Best Luxembourg VPN connections (virtual private network).
For the specialist, VPNs responsible for up to 10% of data transmission represent an acceptable risk. Those that are responsible for a higher percentage (especially greater than 90%) of data transmissions require a reassessment by the CISOs.
Creation of tunnels to access corporate systems via VPN
VPNs carry yet another risk: the year 2021 must begin with a large volume of data flowing through these networks. As such, WatchGuard Technologies’ Corey Nachreiner estimates that hackers will make aggressive attempts to identify VPN systems as a direct way to tunnel into sensitive corporate systems.
As a result, attackers are able to gain relatively easy access to business systems and machines.
Exploring the complexity of configurations for remote work
The pandemic forced the creation of remote offices around the world. In this sense, configurations for home offices and remote sites in companies are often too complex – and this leads to inconsistencies that can be exploited by cybercriminals.
John Henning of SAS points out that there is an impressive diversity of configurations on home networks. For him, the attempt to support these users’ networks “opens a Pandora’s box that cannot be closed”.
Henning advises companies to educate users and provide guidance on best usage practices.
Cryptographic breaking with quantum computing
This is an unlikely, but possible, concern. Steve Zale ski of Levi Strauss & Co. fears that quantum computing will establish itself as a super-efficient method to undermine or completely negate cryptographic defenses.
In this perspective, hackers would use superior power in their attacks, mainly through well-funded state actors, such as Russia, China, Iran and North Korea.
Deployment of AI-based malware and machine learning
In turn, this is a widely discussed possibility and likely to materialize in 2021. It is estimated that hackers will see machine learning and artificial intelligence (AI) against companies, using bad AI to infect good business AI.
For Ben Goodman of ForgeRock, we will see an increase in the number of data poisoning attacks as more businesses deploy AI platforms on their systems.
The expert points out that hackers have already discovered, in previous years, that they can attack machine learning and AI software by feeding illegitimate data into these technologies, producing inaccurate or negative results. The trend, according to him, is that this issue will gain more prominence in 2021 and in the following years.