Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    Why Data Security Will Face Even Harsher Hackers in 2021

    By
    CHRIS PREIMESBERGER
    -
    December 1, 2020
    Share
    Facebook
    Twitter
    Linkedin
      Randori.David.Moose.Wolpoff

      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can about how the minds of hackers work, what strategies they prefer and what methods they are currently using? SecOps folks, that’s who.

      Cybersecurity company Randori, which specializes in attack-surface management and does automated red teaming for enterprises, has a CTO and co-founder, David “moose” Wolpoff, who himself was a career hacker and former DoD contractor. So it follows that here is a company that has a specific inside perspective on how cybersecurity actually works.

      Wolpoff has provided eWEEK with some sobering predictions (we like to call them “predixions” here on this channel, in order to make them more searchable) around what’s next in the world of malware.

      Security Predixion No. 1: Deepfakes and voice fakes come to the enterprise. 

      In 2021, threat actors will move on from basic ransomware attacks and will weaponize stolen information about an executive or business to create fraudulent content for extortion. From deepfakes to voice fakes, this new type of attack will be believable to victims, and therefore, effective. For example, imagine an attacker on a video system, silently recording a board meeting, then manipulating that private information to contain false and damning information that if leaked, would create business chaos, to compel a business to pay up.

      Security Predixion No. 2: Ransomware evolves to enterprise extortion. 

      Threat actors are evolving from high-volume/low-value attacks, to high-value/low-volume attacks targeting businesses. Half of ransomware attacks already involve data exfiltration, and in 2021, cybercriminals will incorporate extortion by weaponizing the content they’ve stolen to compel their victim to action. Ransomware attacks will shift from “I’ve stolen all your data, now pay me” to “I’m going to extort your CEO with information I’ve found in the data I’ve stolen from you, and if you don’t pay, we’ll devalue your stock on Wall Street.”

      Security Predixion No. 3: Expect more cloud infrastructure ransom attacks. 

      Threat actors are beginning to sift through exfiltrated data from ransomware attacks for high-value content and looking for their pot of gold. Cloud infrastructure credentials that could allow them to hold a company infrastructure for ransom. It takes adversarial creativity, but the reward is high and the killchain is simple enough. Maybe they find keys in the data directly, or maybe the attacker can gain access to an app like Slack and find keys shared there. Perhaps they go so far as to send spoofed messages to convince unwitting victims to share cloud login credentials (heads up, IT). 

      With a little information and a bit of persistence, an attacker can turn his/her ransomware access into high-privilege AWS tokens, log into the cloud infrastructure and hold it for ransom. The threat of turning off the business with the click of a button is a highly effective extortion technique. Many CISOs don’t know when and where highly privileged passwords have been recorded (in an old Slack message from two years ago?); this is a big risk for companies in mid-cloud migration. 

      Security Predixion No. 4: A leadership crisis in IT talent will hit the U.S. government. 

      Chris Krebs’ unceremonious post-election ousting may be the proverbial sour cherry on top of the Trump administration’s treatment of cybersecurity talent in the White House. Under the administration, turnover at the senior leadership level of the National Security Council was record-breaking, and we will witness the first downstream effects on our national global cybersecurity ability in 2021. U.S. national cyber policy and our global cybersecurity posture will take a hit, and tactically but crucially, government hiring of cyber talent will stall. These will have lasting impact on our cyber leadership that will take 10 to 20 years to correct.

      Security Predixion No. 5: Expect an antitrust/anti-tech reckoning in 2021. 

      Democratic institutions rely on common information and facts, which have been challenged in light of disinformation and misinformation proliferating across social platforms. With antitrust sentiment slowly taking over Washington, it’s becoming more apparent that technology and social platforms are unregulated domains that have been damaging to truth, and the functioning of democratic processes. In 2021, expect antitrust hearings to come about as a matter of national security, and the force of the government extended against social platforms and tech monopolies in the next year or so.

      eWEEK is running a series of prediction articles throughout the month of December.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×