What to Look for in the New Year
I have good news and bad news. The good news is that the most difficult year in recent memory is almost over. By my count, we have less than 20 days to go, and that’s clearly not enough time for the murder hornets to make a comeback and take over the world.
The bad news is that 2021 isn’t shaping up to be any easier. The global pandemic will continue to rage, the economy will take a while to recover, and malicious actors will have many opportunities to exploit vulnerabilities in organizations’ digital transformation and work-from-home policies. Those murder hornets? Who knows? Maybe 2021 will be their year.
Regardless, we can’t throw up the white flag. Business must continue in a secure, safe manner. I recently joined my colleagues Jack Miller and Vinay Pidathala to discuss what security teams should watch out for in 2021. Here is a sample of what we discussed:
Phishing: Menlo customers attempted to access more than 56,000 phishing sites over the past 30 days—signifying that using email and other communications channels to trick people into unwittingly handing over the keys to their devices will continue to grow in volume and in sophistication into the new year. New tactics such as Zishing (Zoom + phishing), HTML smuggling, and the use of captchas to deter crawlers and sandboxes will make these attacks hard to detect and even harder to stop.
Ransomware and Document Attacks: Patching is easy, but the need to test and resolve broken integrations as a result of patching makes a consistent, reliable patch strategy difficult. Malicious actors will continue to find new exposure points and exploit old vulnerabilities—primarily through Word doc macros. Unfortunately, reliable backups will become a less effective countermove as attackers threaten to shut down systems rather than steal data.
Business Email Compromise (BEC): Malicious actors are getting increasingly sneaky as people continue to work from home and use email in a more informal manner. Attackers will often send a quick, “Hey, are you free?” email from a colleague to establish trust and start an email chain that lends credibility. Then, once a track record is established, email can be used to get sensitive information, initiate fraudulent wire transfers, and so on. BEC accounts for $2.1 billion in losses in a typical year. Look for that to skyrocket in 2021 as people continue to work remotely.
Command and Control (CnC): Fortunately, CnC attacks will become less prevalent because data is moving to the cloud and Software as a Service (SaaS) platforms. But this shouldn’t allow you to breathe any easier. Vulnerabilities and a lack of visibility in HTTPS traffic make this a troubling attack vector for security teams around the world. Tread carefully.
Protect Your Organizations from These New Threats
The new year won’t be all gloom and doom. Security will take a gigantic step forward and begin to address this expanding threat landscape. Watch “The Good, the Bad, and the Ugly: How Security Will Change in 2021” webinar recording and learn how you can protect your users, data, applications, and systems from increasingly sophisticated threats in the new year.