The Emergence of the Personalized Attack Chain is going To Be the Newer Trend in 2021

No wonder that both average users and big corporations are struggling over the choice of the best security software to protect their computers. But the attacks are becoming modern and innovative. We will see how the world is going to get the most impactful attacks in 2021. It is difficult to look forward to 2021 without considering the trends that shaped the generally unfavourite year known as #2020. From a business perspective, the pandemic has altered nearly every aspect of how organizations operate. Everything from the rapid shift to remote work to completely rethinking customer interactions has turned the business world on its head.

These changes have also caused a dramatic acceleration in digital initiatives across industries. Many drove what felt like 5 years of transformation in 5 months – as they quickly adopted technologies to help productivity and business continuity. Whether it was bringing on new collaboration tools or moving critical infrastructure and applications to the cloud, everything has become more distributed – and as a result, has significantly increased opportunities for attackers. As we look ahead to 2021, we will come to know how the convergence of these unimaginable forces and events impact cybersecurity for the next 12 months?

As many employees are working from home, they are regularly accessing corporate systems and resources through insecure home networks and personal devices – making each and every user their own island where legacy security controls are ineffective. Individual actions are threatening corporate security to a greater degree than ever before.

The islands of security that we’ll see the attack cycle move away from broad “spray and pray” social-engineering attacks to more hyper-personalized attacks targeting those users with privileged access to sensitive systems, data and infrastructure. Where attackers generally rely on lateral movement – seeking any foothold and working to elevate access and move across the network to get to their desired destination – these islands now limit the attacker to whatever high levels of access their specific target has been granted. As a result, we’ll see a move toward vertical movement – with attackers targeting individuals, like business users, based on what they have access to – from administrative consoles and financial records, to competitive data. While this new “personalized attack chain” approach will be more time consuming and costly for attackers as they look to identify and profile the exact person they are looking for, it will also lead to shorter attack-cycles -- making it more difficult for organizations to identify and stop attacks before they impact the business.

Going forward, the emergence of Deepfakes appears to be the next attacks in the Enterprise sector. In simple terms, deepfakes are synthetic or manipulated media in which a person in a video or image is replaced with someone else’s likeness. From a cultural standpoint, the concept of deepfakes has dominated news cycles as a potential threat that could influence public opinion, damage reputation and more. Often, these attacks make headlines, but end up relatively empty when it comes to effectiveness with the mass confusion or chaos necessarily, but more to amplify social engineering attacks.

Dr. Deepak Kumar Sahu, Chief editor, VARINDIA