Remote work will continue to be a goldmine for attackers to exploit—#2021Predictions

Until we settle in to the new normal for remote working, attackers will endlessly be able to play the situation to their advantage in manipulating employees to take unsafe actions.   

by Vic Harkness, Security Consultant, F-Secure Consulting

Currently, much of the world has been encouraged to work from home when possible. The shift in working practices has forced organizations to open alternative working streams, whether they were ready or not. We’ve already seen an increase in ransomware attacks this year as new working practices provide an increase in the attack surface presented by many companies at both the technical and social level.

Hurriedly-placed remote access provisions have already provided a field day for attackers to gain access to internal networks. However, the breakdown in the social fiber of organizations can also be partly to blame. Do people really know their colleagues anymore? Once upon a time, if you received a call from someone falsely claiming to be tech support you’d know it wasn’t a legitimate call because the actual tech support person sat a few desks over from you, so you’d have an easier time telling this wasn’t them. Without that face to face interaction, who are you to question if the person claiming to be your new colleague is legitimate?

I think that this confusion is likely to increase as working practices continue to rapidly adjust. Every update to the current status quo is an opportunity for attackers.

• Workers invited to return to the office? Click this link and enter your personal information to let us know what days you’ll be in.
• Unable to return to the office? We’re updating how remote working will take place, please install this new remote access tool.

by Teemu Myllykangas, Director, B2B Product Management

In 2021, Covid will still be impacting our lives, businesses and societies, and those impacts will change as the year progresses and as the vaccines become available. However, it looks like many businesses will attempt to at least partially retain the remote working practices rushed in during the early days of the pandemic. Rolling out new practices and technologies under these conditions rarely works out well for security. In 2021, attackers will likely be looking for ways to take advantage of security weaknesses introduced in 2020’s rush to remote work that businesses have yet to address. To prepare for this, organizations need to better secure their new distributed networks and cloud deployments to keep their applications and data protected.

by Calvin Gan, Senior Manager, Tactical Defense Unit

With the pandemic, lockdown, and remote work, the convergence of our personal and professional lives is already happening. Email may still be a preferred infection vector, but exploitation of software vulnerabilities may increase, especially when personal devices (phone, tablet, laptop) are used as work devices, which enables a larger infection avenue. I’m expecting more CVEs to be issued and more vulnerabilities discovered for software commonly used by consumers (shopping app, delivery tracking app for example). On the other hand, security researchers may put more focus in finding vulnerabilities in these apps/software to get them fixed before they can be exploited by attackers.