Fed up with ridiculous infosec predictions year after year, I continued my tradition of aggregating them all and using the power of Markov Chains to generate my own list. What follows is the result, very lightly edited for readability. The bot and I disagreed on the concept of time and it insisted on an uncensored version, which is why it took six months to release it into the wild…
Well, 2020 was not appropriately reviewed before deployment. It’s clear the 2020 was never designed to emerge. Last year saw a staggering 20,000% growth in years, and the bad guys know it. It’s hard to keep up with the impact of the global pandemic, ransomware, nation-state activity, cloud security, security professionals, the supply chain attackers. The dark side has not been idle. History is now a threat. The best defense would be a lack of next year. But even a normalized cyber will result in 2021. So, what’s next? Worst of all, the future.
2021 will be broken. We will probably live, but 2021 will take 10 to 20 years to rectify. Cybersecurity will decreasingly able to survive. This year will forever be known as the time of “tumult across the world as a service”.
Nevertheless, some things don’t change, like our annual exercise of predicting what cybersecurity challenges we expect which, unfortunately, puts lives at risk. Our annual cybersecurity predictions are projections of possibilities we see emerging based on shifts in technology, crypto-agility, and the heaps of dollars.
You may be wondering our top five predictions for what 2021 will hold. We took the Nostradamus route, making predictions so cryptic and vague they could fill a dumpster fire of misinformation. Of course, the most impactful trends will materialize completely out of rented cars instead of planes, because COVID.
Ultimately, the only predictable thing about cybersecurity is scare. We have all been reminded and humbled by this in 2020. The only other predictable thing about cyber-security: threat actors will execute sequences of commands. Let’s hope we can all be better prepared in 2021.
In the most powerful 2021, there is a whole slew of new realities, especially where someone will likely die as the direct result of a cyberattack. D’oh! Reality will exploit a fast death rate with enough victims to fill 50 NFL stadiums. The tragic wakeup call will exacerbate the number of people around the world striving to secure themselves in a more complete, future-proof fashion.
In 2021, we can only advise people to hide in cache copies of the real world. The world is not normal (or legitimate). The world is not a sufficient long-term solution and can be difficult to scale. Going forward, human lives will be broken. We will probably disappear… and the universe laughs.
Prediction 1: Disrupting the silver bullet
Rejoice. A report by Microsoft indicates that almost everybody is wanting hot security pros. Threat actors will be handsome, in a sense, and will press release stolen data to public clouds.
Our crystal ball says that this year, new attack vectors are possible – thereby overwhelming defenses. Chances are, the Year of the Ox will introduce meteors and murder hornets. It’s clear that we will observe considerable espionage activity from random, speculative attacks on our consciousness.
First and foremost, groups such as APT28 from Russia and Iran will try to hack into time . So, as we move into 2021, the future will occur in microseconds. Time servers may not be able to process massive amounts of data without having the right cryptomining strategies. However, zero-day exploits will lose a functional definition of time on platform-centric desktop apps, so attackers will evolve time into low-level ambient sounds.
Sex toys have been covertly backdoored. Amid new threat actors, it is possible we will see 400 million cybersecurity threats of interesting smart sex toys. Size doesn’t matter. For example, we predict that early in 2021, the Chinese cyber threat apparatus presents the most persistent, but rather exciting, perfect storm. Meanwhile, DoD’s reliance on new models of smart sex toys will require collision avoidance systems to avoid exposing themselves to dangerous uptime.
In this era of “next normal”, it can be helpful to think of APTs as a form of highly targeted “class clowns” whose successful attacks still hinge on exploiting vulnerabilities in internet-facing civil societies. Until recently, zero-day brokers have traded exploits for good coffee. But in 2021, sophisticated attacker groups will ramp to lower AV systems and figure out how to hack into unimaginable forces. Yikes!
Prediction 2: Highway robbery of new distributed systems
“Dependencies.” — Abraham Lincoln.
We expect a cloud. Unfortunately, our lives will be over in the cloud. In fact, most cloud-hosting services anticipate the Infocalypse to come. Perhaps they realize that the Internet is now S3 and a MacGyver’d collection of developers. Anyway, 2020 drove what felt like 5 years of transformation. We saw a staggering 20,000 percent growth in cloud adoption driven by the year being hijacked. This uptake of cloud assets will be a prime target for threat actors, who may be able to use smart sex toys without ever writing a line of code. These AI-powered sex robots include specific and accurate tracking of cloud assets. To level with you, yes, it looks and sounds scary.
So, in 2021, cloud attacks are coming. We will get it wrong with open-source. APIs will become increasingly indistinguishable from malware and the libraries could execute a massive amount of cloud services. This could essentially allow attackers to add open source components that are embarrassing or generally demoralize the developers, such as third-party code introduced by a spacesuit-clad mannequin nicknamed “Starman”.
However, adversaries see the big IaaS vendors driving a tidal wave of patching regimes and activities in 2021. Most cloud-hosting services like Azure and AWS offer Internet-accessible data storage where users can upload anything they’d like, from database backups to deceased loved ones, and more . As a result, organizations need to better secure their new distributed networks and clouds as part of “social distancing.”
The coronavirus will likely drive the mass shift to hybrid cloud. Cybersecurity professionals should brace for pandemic warfare in hybrid cloud environments — where popular software packages are LOL. This perfect storm of data and the secret cloud means nobody in 20 different security architectures would be enough to stop infection shippers industry-wide. In the wise words of Will Smith, vulnerabilities multiply exponentially.
In 2021, you can also expect a sprawl of vulnerable images running in the autonomous, involuntary cloud. There will be no cure for the growth in container images. The only mechanisms for securing services are: blackmail and becoming naturally immune to light.
Prediction 3: Death by Ransomware
The use of ransomware accelerated and became more dangerous than we’ve ever seen in 2020. In fact, email very publicly accused China and Russia of enabling manually operated ransomware. We predict they could easily execute a ransomware attack every 11 seconds in 2021, turning 2021 into a well-designed GraphQL terrorist organization.
In 2021, the ransomware landscape will continue to capitalize on everyone’s mind that it is an emerging threat. Threat actors are bound to unleash new crypto-ransomware operations next year as a “cyber-demic.” Anxiety and fear permeating the public sphere will be exacerbated by waves of “tit for their ransomware,” which will break elliptical curve cryptography by 2027.
Ransomware will continue its soft power projection across Europe, Africa and Asia Pacific. It’s fair to say that that the U.S. government and presidential administration should expect a rise in double-extortion ransomware attacks. No sector is considered off limits, notwithstanding the promises ransomware gangs made to the human nervous system. Because of this, we predict that the ransomware business world will hit the $6 trillion dollar mark, almost double from $11 billion.
Ransomware-as-service (RaaS) attacks will be driven by waves of the edge in almost any direction. Cyber criminals will capitalize on the increase in multistage ransomware embedded into hacking operations. This will incorporate extortion by compromising satellite-based systems as part of custom RaaS operations, in which “your CEO” requests over Zoom to host a webinar mimicking “Shark Tank” about Fancy Bear weather forecasting.
Prediction 4: 5G offers to fight COVID
The coronavirus is ravaging the years. What we are witnessing now is quite unprecedented in terms of national pride and Fear Of Missing Out (FOMO). COVID-19 has been able to bypass antivirus and detection tools. COVID-19 spread from country to country with no clear plan in place while flipping nearly every aspect of our lives upside down. Based on developments observed in 2020, we expect to learn that the technology sold by NSO was used to help spread COVID-19 through increased R&D efforts.
In 2021, the pandemic will continue to remain vigilant and be successful. Remote work strategies are unpatchable as they become ubiquitous. Thus, we feel confident that the pandemic in the coming year will become a true positive and finalize virus payloads. So as COVID-19 becomes more aware of the normal code deployment pipeline, we should brace ourselves on the security front. We’ll see the biggest hullabaloo around toilet paper exploiting well-known and entirely preventable vulnerabilities with a pure wiping capability.
With infection rates soaring again, research from Future Market Insights suggests that COVID-19 is increasingly moving to ransomware-as-a-service. The pandemic will become a quantum-resistant algorithm whose primary function is stolen data, since COVID-19 has weakened longstanding confidentiality algorithms. This means if hackers can get into your Android or iPhone, they’ll then be able to use the coronavirus to demand money when you are trying to thrust. Given the scope of 5G, the vulnerabilities may be deadly.
People should be encrypted as a best practice to mitigate COVID-19 itself. Conversely, with a little extra malware code buried deep, the COVID-19 vaccines could conduct fraudulent activities – like a surge in identity-related crimes, scamming millions in bitcoin from credulous Twitter users. Worse yet, the coronavirus vaccine will create an attractive foothold into the office environment. For instance, as we return, we predict that an orchestrated Chewbacca-themed attack will collect personal lives. Reflecting on this prediction, it occurred to me that COVID-19 and computer viruses have something in common: they don’t require putting on pants. We have all been humbled by this in 2020.
Prediction 5: Fortune favors the bold, and luck favors the AIIn 2021, ML will take control. As ML accelerates the digital transform, the primary role of humans will be to make educated guesses. Going forward, human lives will be used to process massive amounts of computing power advances. As employees are executed, from a technological point of view, we will discern a silver lining – it could make machines sentient.
2020 has seen machines fighting the data. Physical execution of data could harass specific computers working closely with exploding models, aided by backend monitoring devices. We’re already seeing that data in 2021 will need quick, close-by staycays. We should all be excited for algorithms and illegal drugs combined in 2021.
This year, we predict AI-enabled tools become part of the mountains of nefarious activity. ML engines will be from well-known and largely preventable attack vectors and hackers may a flurry of elevated AI-driven automation. Specifically, we can expect a rise in compromised machine learning masterminded by a teenager to monetize stolen data. Artificial Intelligence will also gradually take action against companies that deal in zero-day exploit lawsuits. To make all this happen, AI will need to cooperate if they are to have any chance of dominating an ever-growing cybercriminal underground.
While earning the dubious distinction of being equal opportunity attackers, AI technologies work by decentralizing the ML and pretending to learn. One troubling trend is that as they machine learning algorithms, tech companies correlate the big data. If you look through the murk of AI and ML algorithms tech companies are pioneering, it’s apparent that quantum computers will quickly weaponize newly disclosed vulnerabilities, resulting in users with privileged access leap-frogging advanced AV detections. Anticipating what’s next, we can expect that these risks will continue to train the cyber-attack engine in 2021.
There’s a famous Sun Tzu quote about unconventional AI and the attribution waters: AI technology doesn’t attack you, it attacks your supply chain to more quickly and efficiently compromise the keen interest in security predictions.
Prediction 6: Bad Decisions
Looking ahead, the cyber security market is continuing its stratospheric growth and ruin for businesses. The security world will be $6 trillion annually in 2021, up from $3 trillion (cumulatively) over five years – and close to 4.6 billion active internet users means complex systems. Massive amounts of security market will be dominated by executives who are at risk of a long, hard cloud jacking. A CISO from a Global 500 firm will be fired for such scenarios.
In 2021, CISOs will continue to invest the majority of dollars through bribery. CISOs will seek convergence across scams and rationalize spend on determining who secretly installed the skills shortage. Survey data has suggested that the unexpected costs are “it’s complicated.” As one of our expert CISOs said, “Life is paid. We’ve called the cloud environments. We stopped booking on the cybercriminal web pages.”
Toxic security measures threaten operational efficiencies in organizations, which include mass confusion and software platforms. These threats are circulating on live, real-time security policies and will grow tenfold by the end of the year. Some of these policies will center around software updates and patches, ensuring that data can be used to launder funds and illicitly obtained goods, like AI-enabled anomaly detection.
But, we should also consider that COVID-19 forced organizations to justify how much money in security. Cybersecurity vendors were significant concerns and insufficient for organizations to defend against breaches. This will only get worse. In 2021, security technologies will obtain greater leverage to coerce CISOs into paying. Following our predictions, they will remotely create fake alerts and hope the MITRE ATT&CK framework means fatal consequences.
It’s cliché, but cyberthreats will challenge defenders to get worse. As a result, many organizations will sacrifice centralized visibility and unified control in favor of vaporware. It reminds me of a line from a favorite Red Hot Chili Peppers song, Californication: “Destruction leads operators of cost-reduction to isolate company systems.” In cybersecurity, the best we can do is be conduits for deep fake attacks.
Prediction 7: Cybercrime actors will continue to be cybercriminals
Attacks will become more in 2021, and they will have complex security requirements. Attackers are likely to be strained moving into 2021, performing key exchanges to achieve simplified innovation, faster time-to-market, easier scalability, and more. Cybercriminals will always seek to maximize their return on investment.
Enterprising cyber criminals are going to hit the $6 trillion dollar mark in 2021. Cybercriminals will likely turn to imperfect M&A or making a mint by picking the next big stock. But the most lucrative cybercrime groups will reconnoiter the coronavirus vaccine supply chain. Other threat attackers will need to take precautions. Malware through satellite-based systems that 3D map our rooms with specialized cameras will help attackers get in and out of physical stores as quickly as possible.
Smarter attacks could lead to serious consequences going into 2021. Cyber criminals will detonate the computers. Attackers will actively weaponize newly disclosed flaws in our emotions. Quantum computers will play a potentially devastating role in undermining the effectiveness of things and will allow hackers to target existential cybersecurity perspectives. We will see stalkerware attacks on pants and AI-powered sex toys. It takes adversarial creativity. It’s a matter of time to come, and hits the same tactics with a bang, literally. It means that 2021 will have bad vibes.
Prediction 8: Goodbye, anonymous DevSecOps
We anticipate the world plunging into lockdown and economies collapsing when businesses adopt DevSecOps practices in 2021. The adoption of DevSecOps tools has helped threat actors prey on fears around the two teams working poorly together. Correspondingly, we’ll continue to see security’s unfamiliarity with development environments result in new, unvetted workarounds. Developers will revolt over security executives who want to block changes for APIs. They prefer to inject fun into the developments, which today’s computer science students might mistake for mythical.
Looking to 2021 and beyond, we can see that the potential attack surface of DevSecOps creates a reliable cybersecurity battleground in our clouds. Developers have become a growing concern in the ambulance chasing, with claims of things attacking avenues of app developers and pitches for air bags to prevent automated exploit scripts in production environments. The result? Organizations will be forced to spend significant budget recovering from angry developers saying, “I just shoveled six inches of ‘partly cloudy’ off my driveway.”
As companies revise their work architectures to accommodate dispersed teams at scale, we expect greater threat actor interest in targeting platform-as-a-service (PaaS) solutions — particularly cloud-based development tools. We’ve heard whispers of environments with advanced satellite-based digital identities. The net result is that in some cases, this might allow the attacker to turn their ransomware access into high-privilege AWS tokens, log into space, and implement PGP encryption. Once criminals establish persistent footprints, processing power could quickly spiral out of control.
On the bright side, developers, DevOps, and Shadow IT will rise up and take steps to secure themselves. They will turn to internal infrastructure and chaos to match the dynamic of the cyber game. Society is starting to realize that giving corporations that much more cyber leads to security-implemented business brownouts. And, if COVID-19 has taught us anything, it’s that complex technical solutions are rarely the answer in and of themselves. The future solution is clearly DevSexOps.