Morgan Wright, Chief Security Advisor at SentinelOne, offers his predictions for the next six months in cybersecurity
The first half of 2020 has come and gone. I’m certain that no one who made any predictions regarding cybersecurity trends would have guessed correctly that a new virus would send the world into a whirlwind, closing entire countries, stopping all air travel and forcing the largest companies to send all their employees to work from home.
Given this predicament, it would be challenging to try and predict how the second half of the year will unfold. Still, we’ve learnt so much in the last six months, let’s see if we can’t come up with some credible estimations.
Home alone or in the company of cybercriminals?
Let’s start with the users (or victims). Covid-19 sent millions of people home: some permanently (having been laid off) and some to continue working out of office. This overnight transformation seems to be quasi-permanent; some of the worlds’ largest companies (Twitter, Facebook, Shopify, Zillow) have already pronounced it a viable work option for any employee who prefers it.
Even in more traditional markets, change is happening. One of Japan’s largest employees, Fujitsu Ltd., will cut its office space by 50% over the next three years, encouraging 80,000 office workers primarily to work from home. Today, 42% of U.S. workers are currently working from home (WFH), and some surveys suggest that even after the pandemic subsides and offices reopen, organisations will allow some (or all) of their employees to continue to work remotely.
With millions of people working from home, there is an enormous attack surface ripe for the taking by malicious actors. It is no trivial task to provide the same levels of security for all these employees, operating outside the (relatively) safe perimeter of their offices and local intranet. Furthermore, with time and exposure to numerous IT ‘temptations’ (like letting your kids use your work laptop for browsing), employee awareness levels can be eroded, leading to an increase in their vulnerability to cyber crime.
Prediction – WFH will continue to be a major security headache for organizations unless they invest in enhancing and maintaining the security levels of employees regardless of location.
Post-Covid opportunities for cybercrime
Cybercrime has boomed during the Covid-19 pandemic, with the FBI Internet Crime Complain Center (IC3) reporting a 300% increase in cybercrime complaints.
Traffic to hacking-related sites and searches for hacking-related information and tutorials skyrocketed during the months of March-May, indicating that many “n00bs” (newbie hackers) are looking to gain new skills. Inevitably, many cybercriminal activities are related to the virus; the Telco Security Alliance reported a 2000% increase in COVID-19 Cyber threats in March alone.
While overall cybercriminal activity is on the rise, specific segments are doing better than others. For instance, demand for stolen credit cards has dropped in the pandemic, while ‘old-school’ scams (advertising of fake or inappropriate drugs and medical equipment, dubious investment opportunities etc.) are on the rise. Within the corporate space, cybercriminals seem to have become more brazen, employing much more aggressive techniques and showing a desire for quick monetization over long-term profit.
Prediction – Cybercrime will continue to rise. Attackers will increasingly target enterprises and organisations with aggressive malware and custom ransomware designed to steal and cripple. Tactics like extortion to prevent the publishing of stolen information or the auctioning of stolen information will become more widespread means for criminals to effect a quick win.
Cyber policing – are the good guys increasing?
Authorities are aware of this situation and are working to mitigate these threats, starting with increased cooperation between nations like the World Economic Forum’s Partnership Against Cybercrime. This initiative was launched in April 2020 with the mission to explore ways to amplify public-private collaboration and fight global cybercrime. Enhanced cooperation between national law enforcement agencies is also expected to increase and has already had some notable successes: witness the takedown of EncroChat (an encrypted phone network widely used by criminals) by French and Dutch law enforcement and judicial authorities, Europol and Eurojust.
Meanwhile, law enforcement agencies are making advances in their efforts to facilitate the reporting of cyber crime. For instance, the UK National Cyber Security Centre’s dedicated email for reporting online scams received an astonishing 1 million complaints in under 2 months.
In similar fashion, the state of Michigan has inaugurated a dedicated phone line for free round-the-clock support and advice regarding cybercrime. The UK is also resorting to more active means, such as launching a paid online ads campaign targeting young people searching for cybercrime services with legitimate alternatives instead.
Prediction – Cyber policing by international and national agencies will experience improved collaboration and efficiency, bringing more cybercriminals to justice.
Hacktivism – playing a dangerous game
Although not financially motivated, offensive cyber activists have been more prominent of late. Recent social unrest in the US has unleashed a flurry of hacktivist activities, including DDoS attacks against municipalities and police stations. This year, we’ve seen data leaks of millions of police and FBI records and aggressive social media attacks against the US administration, President Trump and even the social media app TikTok.
While not directly endangering corporates and individuals, these activities can be directed against individuals or organisations perceived to oppose the principles of the hacker.
Prediction – Hacktivist actions are closely related to contemporary events and social unrest. What happens next depends very much on the situation in the US and the run up to the US 2020 elections. A nation at war with itself will undoubtedly lead to a rise in hacktivist activities.
The past six months have been truly unique. While it is too soon to estimate the long-lasting effect of Covid-19 on our way of living, it is very likely that this period has caused the biggest change to the work landscape since the invention of the modern office and, in doing so, has greatly increased the vulnerability of organisations and individuals to nefarious cyber activities.
It’s not all bad news, though; law enforcement agencies are waking up to the scale of the problem and are increasing cooperation. Organisations need to understand that the situation is not outside their control: manage your risk; deploy a capable behavioral AI solution that prevents, detects and undoes the damage from known and unknown threats; and force cybercriminals to look elsewhere for the easy pickings.