Virtualization Technology News and Information
Randori 2021 Predictions: A Hacker's Predictions for 2021

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

A Hacker's Predictions for 2021

By David "moose" Wolpoff, CTO and co-founder, Randori

While we cannot predict a precise sequence of events that will unfold in 2021, the ways in which attackers evolved in 2020 -- from the use of novel attack techniques to the targeting of new attack vectors -- provides a glimpse into where they will go next. The quick pivot to remote work forced organizations to adopt distributed and dynamic solutions, and alongside all of that, malicious adversaries evolved in technique. As a red-teamer (now CTO of Randori) who's spent decades breaking into Fortune 500 companies, I know the chess moves both attackers and defenders will make.

As businesses continue to adapt to remote operations, security teams need to have a nuanced understanding of their attack surface. Knowing everything isn't helpful, but being able to separate the signals from the noise, and identify priorities after understanding the attacker's perspective is more critical than ever. In that spirit, I've put together this list of predictions on how malicious adversaries will evolve in their targeting of businesses, and how the longtail of events from 2020 stand to impact our national security:

1.  Deep fakes and voice fakes come to the enterprise. In 2021, threat actors will move on from basic ransomware attacks and will weaponize stolen information about an executive or business to create fraudulent content for extortion. From deepfakes to voice fakes, this new type of attack will be believable to victims, and therefore, effective. For example, imagine an attacker on a video system, silently recording a board meeting, then manipulating that private information to contain false and damning information that if leaked, would create business chaos, to compel a business to pay up.
2.  Ransomware evolves to enterprise extortion. Threat actors are evolving from high-volume/low-value attacks, to high-value/low-volume attacks targeting businesses. Half of ransomware attacks already involve data exfiltration, and in 2021, cybercriminals will incorporate extortion by weaponizing the content they've stolen to compel their victim to action. Ransomware attacks will shift from "I've stolen all your data, now pay me;" to, "I'm going to extort your CEO with information I've found in the data I've stolen from you, and if you don't pay, we'll devalue your stock on Wall Street."
3.  Cloud infrastructure ransom attacks. Threat actors are beginning to sift through exfiltrated data from ransomware attacks for high value content, and their pot of gold? Cloud infrastructure credentials that could allow them to hold a company infrastructure for ransom. It takes adversarial creativity, but the reward is high and the killchain is simple enough. Maybe they find keys in the data directly, or maybe the attacker can gain access to an app like Slack and find keys shared there. Maybe they go so far as to send spoofed messages to convince unwitting victims to share cloud login credentials (heads up, IT). With a little information and a bit of persistence, an attacker can turn their ransomware access into high-privilege AWS tokens, log into the cloud infrastructure and hold it for ransom. The threat of turning off the business with the click of a button is a highly effective extortion technique. Many CISOs don't know when and where highly privileged passwords have been recorded (in an old Slack message from 2 years ago?) -- this is a big risk for companies mid-cloud migration.
4.  A skills gap crisis in the US government. Chris Krebs' unceremonious post-election ousting may be the proverbial sour cherry on top of the Trump administration's treatment of cybersecurity talent in the White House. Under the administration, turnover at the senior leadership level of the National Security Council was record-breaking and we will witness the first downstream effects on our national global cybersecurity ability in 2021. We're already seeing this skills gap exacerbating the effects of the SolarWinds breach. You frequently hear when companies are attacked that it happened because they didn't have cyber-leadership. You need experts in-house to respond to such high-profile incidents. US national cyber policy and our global cybersecurity posture will take a hit, and tactically but crucially, government hiring of cyber talent will stall. These will have lasting impact on our cyber leadership that will take 10-20 years to correct.
5.  Antitrust / anti-tech reckoning in 2021. Democratic institutions rely on common information and facts, which have been challenged in light of disinformation and misinformation proliferating across social platforms. With antitrust sentiment slowly taking over Washington, it's becoming more apparent that technology and social platforms are unregulated domains that have been damaging to truth, and the functioning of demonractic processes. In 2021, I expect antitrust hearings to come about as a matter of national security, and the force of the government extended against social platforms and tech monopolies in the next year or so. Indeed, this process has already begun, as the FTC recently filed an injunction against tech behemoth Facebook.

Obviously, these predictions do not represent a clairvoyant glimpse at a concrete future, nor will they necessarily come to pass as soon as the coming year. But each of them is the logical next step to a narrative we can observe playing out in real time, and that in fact those of us in the security space have been eyeing for a while.

While it may seem as though the last several years have been nothing but a steady decline into geopolitical and existential chaos -- and the villains have only tightened their grip on the throne -- remember that we are living in a digital wild west. The US has no restrictions on how data can be collected and stored, how surveillance can be conducted or how users must be protected. And just like in the real wild west, I assure you: new legislation, a brand new railroad and the cure for scurvy are on their way.


About the Author

David Wolpoff 

David Wolpoff (moose) is co-founder and CTO of Randori. Moose's background is in digital forensics, vulnerability research, reverse engineering and embedded electronic design. Before Randori, Moose ran "Hacker on Retainer" where he conducted determined adversary attacks for clients  (which turned into Randori once he decided to automate what his team was doing).  Prior to that, he held executive positions at Kyrus Tech, a gov defense contractor, and ManTech where he oversaw teams conducting vulnerability research, forensics and offensive security efforts on-behalf of government and commercial clients. Moose has a breadth of experience ranging from helping small start-ups develop novel products to establishing a forensics laboratory at a large defense firm.

Published Monday, January 04, 2021 7:39 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2021>