How COVID-19 and the Remote World Will Shape 2021

By James Carder, Chief Security Officer for LogRhythm

COVID-19 caused a rapid shift for organizations operating on-premise to remote operation, spiking cloud usage and large parts of the workforce increasingly becoming users of SaaS-based services. This has, in turn, created new pain points for CISOs, such as visibility and protection of the remote workforce. In 2021, we'll see the impact on organizations that did not adapt to the remote workforce shift or those that did not implement technology accurately.

As cybercriminals capitalized on the COVID-19 pandemic in 2020, they will continue to use it to their advantage in 2021. As the timeline for a vaccine approaches, threat actors will disguise phishing attacks as COVID-19 vaccine emails. Below are additional realistic expectations of what's to come next year.

1.       We'll see the consequences of employees letting their guards down as work-from-home extends.

Many employees will continue to work remotely in 2021 to slow the spread of COVID-19 until a vaccine can be reliably distributed. Consequently, bad actors are no longer following these employees "through the door" when looking to steal data. Instead, they will seek to take advantage of workers who have been remote since the start of the pandemic, as they may be more likely to be letting down their guard when it comes to following security protocols. This relaxation on security protocol - combined with threats that already exist in a rushed remote work environment - will result in data loss rates exceeding what we saw in 2020.

2.       Attackers will leverage the COVID-19 vaccine to conduct the largest phishing effort of the year.

In 2020 we saw hackers leverage COVID-19 to distribute a plethora of phishing scams to unsuspecting victims. The number of legitimate emails sent on the topic allowed phishing emails to hide in plain sight. As the race to secure and distribute a vaccine continues, the public will once again seek information on new developments. Attackers will purchase domains and craft emails with this in mind. The amount of content, combined with the thirst for knowledge, will set the stage for a further increase in phishing attacks.

3.       We will see a rise in internet policing as misinformation reaches new heights following the U.S. elections.

Our lives have taken place online more so this year than ever before. In the wake of rampant misinformation efforts across social media platforms and news agencies during the 2020 U.S. election, fear of further escalation will lead to a call for tighter regulations on the internet. Large-scale spear phishing and watering hole attacks will add to the mounting pressure on Congress to introduce and pass legislation that forces tech giants and media organizations alike to have better safeguards in place. 2021 will be a year of holding these organizations accountable using regulation versus allowing them to "self-police."

The biggest target for misinformation following the U.S. election will be the COVID-19 vaccine.

The effort to develop and distribute a vaccine relies on cross-collaboration across numerous countries. But as a vaccine gets closer to market, foreign and domestic hackers will seek to sabotage or steal vital information. This year the U.S. accused both Russia and China of trying to steal information related to vaccine development. However, the greatest threat will occur when the vaccine enters the final approval stages and is prepared for distribution. Malicious foreign actors will seek to gain access to critical information that they can leverage for ransom and sensitive patient information from vaccine trials they can sell.

4.       The board meeting of a major company conducted using video conferencing software will be exposed, resulting in a high-profile scandal.

With so much of the world staying at home and finding new ways to communicate with others, people are using collaboration tools for everything from highly confidential government discussions to distanced learning in K-12 and university-level education. Both scenarios are targets for bad actors looking to exploit vulnerabilities. In both the school and office environment, Zoom has been battling a major influx in hacks since COVID-19 began, with bad actors partaking in ‘Zoom Bombing' to sabotage calls with disruptive videos and commentary. As these criminals' efforts continue to become more sophisticated, we will see a threat actor gain access to a major public company's board meeting and leak compromising business information that results in a high-profile scandal. 

5.       Deepfakes will become a significant threat to business integrity.

COVID-19 has forced in-person communication to go virtual, which means businesses are relying on video conferencing to conduct meetings more than ever before. While the notion of deepfakes may not be new, they are getting increasingly sophisticated and are becoming remarkably easy to generate. Take ThisPersonDoesNotExist.com, for example, which leverages AI to create completely believable images of people that don't exist in real life. If this process can be conducted with relatively little information, then certainly hackers can leverage work profiles used for video conferencing technology - which have employees' names and pictures automatically associated with them - to create convincing fakes. 

The unprecedented shift to remote work will lead to video and images of leaders inside an organization being weaponized to exploit employees for financial gain. Outside of being used to target employees internally, this technique will be used to dramatically impact a specific stock by manipulating the public into thinking the CEO of a public company has done something damaging.

6.       There will be a reckoning within the growing API security market as API data breaches rise.

Earlier this year, Facebook pledged to improve its security as it worked to resolve a lawsuit blaming the company for a 2018 data breach where bad actors leveraged Facebook's developer APIs to obtain sensitive user information. This is not a threat that is unique to Facebook or any one industry.

In fact, this is a rising threat, as APIs are one of the largest attack surfaces for organizations. More and more businesses across industries are building out microservices that leverage APIs, but very few companies know how to build them securely, and the growing API security market is beginning to falter. This will result in a high-level breach and data loss that will be directly traced back to unsecured APIs.

##

About the Author

James Carder brings more than 23 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. Government. At LogRhythm, he develops and maintains the company's security governance model and risk strategies, protects the confidentiality, integrity, and availability of information assets, oversees both threat and vulnerability management as well as the security operations center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs threat research, compliance research, and strategic integrations teams. James is a sought-after and frequent speaker at cybersecurity events and is a noted author of several cyber security publications. He is also an Advisory Board member for the University of Colorado, NewCloud Networks, the Identity Defined Security Association (IDSA), and Resurface Labs; a Certified Information Systems Security Professional (CISSP); and a member of the Forbes Technology Council. He holds a Bachelor of Science degree in Computer Information Systems from Walden University and an MBA from the University of Minnesota's Carlson School of Management.