Here at Mitnick Security, we pride ourselves on our passion for cybersecurity, keeping a close eye and ear on new threats and vulnerabilities— every. day.
That’s because we see, firsthand, how today’s digital threat landscape is ever-evolving. Through our penetration testing, vulnerability assessments, discussions with our cybersecurity community and beyond, we are constantly discovering novel ways bad actors are finding a way in.
Because we are at the forefront of constantly advancing threats, we know how important it is to keep up with not only today’s vulnerabilities, but also for possible exploits to come.
Our 2020 Hacking Techniques Predictions post was such a hit amongst our followers and search engines alike, that we decided to share our thoughts for new attack vectors and strategies for 2021.
Here are a few hacking techniques to keep an eye out for next year, straight from our cybersecurity experts:
COVID-related Social Engineering Attacks
Social engineering is by far the most common attack method used by bad actors— as the leading cause of 70%-90% of breaches, according to KnowBe4.
This attack method is successful because it operates on the principles of human trust. Cyber criminals build a relationship with targets, all with the intent of tricking their victim into granting them access to private systems or data at a later date.
Social engineering grew even more rampant in 2020, with the coronavirus pandemic giving cyber criminals the perfect pretense for manipulations. Social engineers played off of American’s urgency for financial support and medical care services after losing their jobs and watching loved ones take ill, posing as the government offering stimulus checks or imploring other clever phishing schemes to capitalize on the fearful pandemic.
As of late 2020, COVID-19 is far from contained. Even when a vaccine is developed, we’re likely to see the repercussions for many months, or even years, to come.
What you can do: In 2021, be on the lookout for phishers promising coronavirus relief or resources. If you receive an email asking you to register online to be first in line for a COVID vaccine, or a text message from a number you don’t recognize, asking you to confirm your mailing address to receive coronavirus support information, think before you click. Bad actors could infect your device with malware or capture your credentials to use your private data against you.
Curious as to how your team would react to social engineering attacks?
Conduct a social engineering strength test.
Remote Vulnerabilities
With the 2020 COVID-19 pandemic, many organizations have switched to either full or partial remote operations, allowing employees to work from home. The problem remains, many companies shifted to home offices in desperation to avoid closure and do not have proper security measures in place to protect themselves against a new remote threat landscape.
Bad actors are capitalizing on users working on open WiFi networks, creating malicious networks posed as trusted businesses like Starbucks to hack targets. In fact, COVID related phishing drove a 600% increase in email attacks in 2020. To adjust to work operations, employees are downloading unauthorized updates and applications or working on personal devices, allowing back doors for bad actors. And these are just a few examples of ways cybercriminals are using your remote infrastructure to their advantage...
In 2021, we predict that more businesses will put an emphasis on their endpoint security. From implementing VPNs and enforcing secure storage solutions, there are a number of ways companies can reduce their remote user risks.
What you can do: Follow our tips for educating your remote users about better cybersecurity best practices here. While vetting new tools and implementing company policy changes certainly help, now is also a wise time to invest in security awareness training for your team. A course that offers live demonstrations and real-life examples can really make an impact on your companies weakest link— your employees— helping them to understand the threat landscape ahead and what to look out for.
Physical Breaches
Someone wouldn’t just stroll into your business and hop on a computer and start hacking, right? Maybe a few years back this would have been a lot harder to do, but with 2020’s COVID changes, the idea isn’t so farfetched…
This year, many businesses began operating on partial in-house teams, some with zero employees even in the office or on the worksite. But despite less movement in their headquarters, not all businesses increased their physical security measures during their transition to remote operations. Less foot traffic and shotty or no additional security measures make it very easy for bad actors to find a way in.
Criminals may pose as FedEx workers, sneaking through the front door— held open by a friendly employee— only to find empty computers waiting to be accessed. New developments have been made this past year to hacking tools, like the USB Ninja, allowing bad actors to plug in malware-injecting devices to computers with little to no detection, granting them full remote access to the system.
Lower-than-normal security also invites break-ins, wherein bad actors could steal devices or private data right from under your nose, with none-the-wiser for days-on-end— since no one is coming to the office.
What you can do: Understand that breaches are not always digital in nature; many can begin as physical break-ins. If you’re thinking of investing in a penetration test for 2021 to combat emerging threats, ensure pentesters assess your secuirty for physical vulnerabilities too. Learn more about the different types of penetration tests here.
Previously Unexplored Tech Hacks
We all know our computers can be exploited, but cybersecurity experts are prophesizing that bad actors will go after much larger fish in the years to come. Smartphones and smart home devices, for instance, have been subject to more hacks this past year, with bad actors taking control of device microphones or cameras to listen in or watch users, in hopes of recovering private data to use against them.
Beyond the home or office, cybercriminals are experimenting with remote hacks to cars with electronic operating systems, like the 2015 Jeep Cherokee exploit wherein two researchers gained access to a car while the driver was operating it. They blasted cold air, turned on the radio and even immobilized the vehicle on a highway overpass.
In years to come, larger systems responsible for transport like train railways and airplanes may be targets for malicious compromise, as well as hospitals and schools. Read more about these predictions on Wall Street Journal, featuring input from our very own Kevin Mitnick.
5 ½ Steps to Better Cybersecurity
By simply thinking ahead about the hacking techniques to come, you’re on the right track. But knowing about your threat landscape is very different from taking tangible actions to safeguard against attacks.
Feeling like your security infrastructure needs some strengthening?
Download our free ebook, 5-½ Steps to Avoid Cyber Threats, where we skip the long list of security checkmarks and highlight five high-impact steps to dramatically elevate your security posture, today.
