Booz Allen's newly released 2021 Cyber Threat Trends Outlook actually begins where it ends, with some watchwords on cybersecurity: “If you have something of value, the bear will always come after you. Be prepared." In more succinct terms: Going forward, expect cyber criminals emboldened by successful malware infiltrations to expand their opportunities to new attack surfaces.
The report details eight hot buttons where cyber crooks could level serious attacks. Those include next generation malware business models, supply chains, “intelligent” cyber crime, shipping services, contact tracing apps, telehealth adoption, 5G, mobile hotspots and others. The authors also suggest mitigation steps that operators can and should enact. In addition, Booz Allen offers its views on where cyber attackers will look to invade next.
Here’s a sampling of Booz Allen’s view of what is and what to expect:
On next generation malware business models.
Expect cyber criminals to “double down” on experimenting with ransomware business models and “professionalizing” the malware subset. “Cyber criminals have discussed, in open forums, proposals to create a venture capital organization or stock market of sorts, where interested parties can finance the development of malware, tools, and frameworks without ever writing a line of code.”
- Among nine suggested mitigations: Institute a patching policy that ensures that critical vulnerabilities and the associated patches are identified and deployed monthly. Implement two-factor authentication (2FA) on all accounts, from admin to user.
On supply chain attacks.
Expects threat actor interest in targeting platform-as-a-service (PaaS) solutions—particularly cloud-based development environments—to rise as a potential vector for conducting supply chain attacks. Attacks to compromise the PaaS provider “could allow threat actors a means of reaching a large collection of developers and even larger number of victims using those developers’ applications.”
- Among four suggested mitigations: Deploy endpoint detection and response tools that may detect anomalous or suspicious behavior by applications, including those normally believed to be trustworthy.
On artificial intelligence and machine learning attacks.
Expect cyber attackers to target machine learning methods used by organizations. For example, threat actors will turn their sights on AI-enabled tools to “finalize malware payloads before use, similar to the sophisticated encoders, packers, and obfuscators used today.
- Among five suggested mitigations: To limit the threats of malware payloads specifically designed to defeat AI-enabled anti-virus solutions, organizations should implement a defense-in-depth strategy to disrupt attacks elsewhere in the kill chain.
On attacks at the parcel/shipping sector.
Expect cyber criminals to exploit the parcel and shipping sector to disrupt critical services, undermine public confidence in U.S. public sector services, or generally demoralize the population.
- Among five mitigations: Increase network monitoring around increased public reliance on the parcel and shipping services sector, such as holidays, elections, natural disasters or other events.
On COVID-19 tracing app ecosystem.
Expect COVID-19 tracing apps to be “backdoored” to collect data held on mobile devices, such as account credentials and other sensitive information.
- Among three mitigations: Explore mobile device management platforms that can centralize control and enable remote management of data security, configuration, software deployment, and other administrative functions.
On targeting health data.
Expect cyber criminals to take advantage of the “massive shift” to a remote delivery model owing to COVID-19 by exploiting telehealth services to target patient data. For example, devices that transmit essential data used in medical diagnoses could pose a significant risk for patients.
- Among five mitigations: Healthcare systems should develop or refine an enterprise telehealth strategy with cybersecurity considerations built into every layer of the telehealth ecosystem, from the infrastructure to the supply chain, software, endpoint provisioning, and clinician and patient education.
On 5G and industrial control systems.
Expect the merger of 5G networks and industrial control systems/operational technology to result in a compounded attack surface and expose underlying flaws in how industrial internet-of-things (IIOT) networks operate.
- Among five mitigations: Organizations should expect and prepare for 5G/IIOT attacks and vulnerabilities. Ensure that systems are as up to date as possible. Consider upgrading devices that are unsupported by manufacturers if there is a newer version that comes with support and security updates.
On 5G adoption.
5G availability will change the way people access the internet, drive more widespread adoption of mobile hotspots for internet access, and increase attacker incentives to find and exploit vulnerabilities in these devices.
- Among four mitigations: Ensure 5G adoption and acquisition processes include robust security audits and full supply chain investigations, to inform security-driven decisions.
