IT supply chain, digital home attacks likely to increase in 2021: McAfee
As enterprises and individuals remain heavily dependent on technology-backed solutions to ensure business continuity, device-to-cloud security solutions provider McAfee expects to see an increase in cyberattacks on global supply chains and connected home devices.
The prediction from the Santa Clara, California headquartered company comes as part of its Threat Prediction report for 2021.
Published on January 13, the report details several cyber threats that are likely to increase in the coming months. It has been compiled on the basis of trends witnessed by McAfee’s chief technology and science officers and is aimed at helping consumers/enterprises understand the challenges they could face and plan the right protection strategies.
The threats highlighted in the report are as follows:
Supply chain attacks: According to the report, we could see an increase in attacks on the IT (information technology) supply chain, much like the recently carried out SolarWinds-SUNBURST campaign, where threat actors compromised SolarWinds’s Orion IT software and used it to distribute a malicious backdoor to dozens of their customers, including US companies and government agencies.
McAfee says that Solarwinds attack has exposed techniques which are likely to be duplicated in 2021 and beyond. This kind of cyber threat, it adds, is extremely dangerous as it uses trusted software to bypass cyber defences, infiltrate victim organizations and allow the attacker to take any number of secondary steps, including stealing confidential data or holding it for ransom.
Digital home break-ins: Along with supply chain attacks, digital home break-ins are also likely to increase in 2021, owing to the ever-increasing use of connected devices, apps and web services in our lives. McAfee claims that cybercriminals have increased their focus on home attacks with a variety of phishing schemes. From March to November, the number of phishing links blocked by the company grew by over 21%, with an average of over 400 links blocked in every home.
And, since a large number of people are working remotely, an attack on their unprotected, irregularly-updated connected home devices could also put their employers’ security at risk, it adds.
More sophisticated cloud platform attacks: With an accelerating adoption of cloud, unmanaged devices accessing it, and more data in motion, McAfee also expects to see an increase in cloud platform attacks. The company says corporate cloud traffic from unmanaged devices grew 100% in the first four months of 2020, and during the same period, it witnessed an estimated 630% increase in attacks on cloud accounts -- with transportation, education, and government sectors being the worst hit.
As such, the company expects that attacks on cloud platforms will increase, becoming highly polarized where they are either “mechanized and widespread” to target thousands of unmanaged home networks or “sophisticated and precisely handcrafted” for specific enterprises, users, and applications.
Mobile payment scams: As digital payments have surged significantly in light of Covid-19, McAfee also expects to see an increase in receive-based mobile payment scams -- SMS phishing or smishing messages with malicious payment URLs -- aimed at defrauding users. According to a study by RSA’s Fraud and Risk Intelligence team, in the fourth quarter of 2019, 72% of cyber fraud activity was from mobile-based channels, making “the highest percentage of fraud involving mobile apps in nearly two years”.
Qshing: Like mobile payments, the use of QRs for contact-less interactions with businesses has also increased in light of Covid. This change, McAfee expects, will drive cybercriminals to come up with new ways to use social engineering and malicious QR codes to gain access to consumer victims’ personal data, finances. It says that the technicalities of QR codes and their unique dot pattern format, which hides the URL, makes them a lucrative attack option for threat actors.
Social network-based attacks: Finally, McAfee has also predicted an increase in social network-based attack against corporate employees. Enterprise emails accounts are becoming more secure with enhanced protections such as spam detection, but these do not apply to social networking platforms like LinkedIn, WhatsApp, and Facebook, making them effective attack vectors.
McAfee claims to have observed threat actors who are increasingly switching to these services to develop relationships with corporate employees and then infiltrate into their company’s systems.