Hong Kong: Home networks, remote working software and cloud systems will be at the centre of a new wave of attacks in 2021, predicts Trend Micro.
Cybercriminals in 2021 will particularly look to home networks as a critical launchpad to compromising corporate IT and IoT networks, according to Trend Micro’s predictions report Turning the Tide.
The pandemic has blurred the boundaries between work and private lives. Business machines are being used for personal projects, and work is done over home internet service providers.
Employees at home have to consider security on an enterprise level, the report states that the security aspect of home networks and remote working. They need to check that those home routers software are updated and the device on the home network is secured or not.
With the work from home and remote working becoming the new normal – there’s a very high chance that family members may also be sharing devices while working for different organisations. And that is delicate when enterprise data is involved.
Those working from home should be aware that home networks will become launching points for threat actors. These individuals want to hijack machines and jump from one device to another in an attempt to gain a foothold in a corporate network.
Routers have long been viewed as sitting ducks for remote attacks on connected devices, and the report predicts that cybercriminals will offer access to hacked routers as a new service for threat actors aiming to break into home networks.
“As we begin to enter a post-pandemic world, the trend for remote working is likely going to stick for many organisations. We predict more aggressive attacks to target corporate data and networks,” said Tony Lee, Head of Consulting – Hong Kong and Macau, Trend Micro.
“Security teams will need to double down on user training, extended detection and response and adaptive access controls. This past year was all about surviving: now it’s time for businesses to thrive, with comprehensive cloud security as their foundation,” added Lee.
The report warns that end users who regularly access sensitive data (e.g. HR professionals accessing employee data, sales managers working with sensitive customer information, or senior executives managing confidential company numbers) will be at greatest risk.
Attacks will likely exploit known vulnerabilities in online collaboration and productivity software soon after they are disclosed, rather than zero-days.
Access-as-a-service business models of cybercrime will grow, targeting the home networks of high-value employees, corporate IT and IoT networks.
IT security teams will need to overhaul work from home policies and protections to tackle the complexity of hybrid environments — where work and personal data coming in a single machine. Zero-trust approaches will increasingly be favoured to empower and secure distributed workforces.
As third-party integrations reign, Trend Micro also warns that exposed APIs will become a new preferred attack vector for cybercriminals, providing access to sensitive customer data, source code and back-end services.
Cloud systems are another area in which threats will continue to persist in 2021, from unwitting users, misconfigurations, and attackers attempting to take over cloud servers to deploy malicious container images.
Trend Micro recommends the following steps to mitigate threats in 2021:
- Foster user education and training to extend corporate security best practices to the home, including advice against the use of personal devices
- Maintain strict access controls for both corporate networks and the home office, including zero trust
- Double down on best practice security and patch management programs
- Augment threat detection with security expertise to protect cloud workloads, emails, endpoints, networks, and servers round-the-clock
Cybercriminals will continue to go where the money is — seeking the greatest financial returns on their attacks. Organisations and security teams must remain nimble and vigilant to stay ahead of criminals.