David Wolpoff, Randori: Deepfakes in the Enterprise, Anti-trust Reckoning Coming in 2021
This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
David Wolpoff, CTO and co-founder of Randori:
Deepfakes and voice fakes come to the enterprise. In 2021, threat actors will move on from basic ransomware attacks and will weaponize stolen information about an executive or business to create fraudulent content for extortion. From deepfakes to voice fakes, this new type of attack will be believable to victims, and therefore, effective. For example, imagine an attacker on a video system, silently recording a board meeting, then manipulating that private information to contain false and damning information that if leaked, would create business chaos, to compel a business to pay up.
Ransomware evolves to enterprise extortion. Threat actors are evolving from high-volume/low-value attacks, to high-value/low-volume attacks targeting businesses. Half of ransomware attacks already involve data exfiltration, and in 2021, cybercriminals will incorporate extortion by weaponizing the content they’ve stolen to compel their victim to action. Ransomware attacks will shift from “I’ve stolen all your data, now pay me;” to, “I'm going to extort your CEO with information I’ve found in the data I’ve stolen from you, and if you don't pay, we’ll devalue your stock on Wall Street.”
Cloud infrastructure ransom attacks. Threat actors are beginning to sift through exfiltrated data from ransomware attacks for high value content, and their pot of gold? Cloud infrastructure credentials that would allow them to hold a company infrastructure for ransom. It takes breaking in via the attack surface, and adversarial creativity, but the reward is high and the killchain is simple enough. Find credentials that allow for the creation of code signing malware, gain access to an app like Slack and send spoofed messages to convince unwitting victims to share cloud login credentials (heads up, IT). With a stroke of luck, gain high-privilege AWS tokens, log into the cloud infrastructure and hold it for ransom. The threat of turning off the business with the click of a button is a highly effective extortion technique. Many CISOs don’t know when and where highly privileged passwords have been shared and recorded (in an old Slack message from 2 years ago?) -- this is a big risk for companies mid-cloud migration.
A skills gap crisis in the US government. Under the Trump administration, turnover at the senior leadership level of the National Security Council was record-breaking and we will witness the first downstream effects on our national global cybersecurity ability in 2021. US national cyber policy and our global cybersecurity posture will take a hit, and tactically but crucially, government hiring of cyber talent will stall. These will have lasting impact on our cyber leadership that will take 10-20 years to correct.
Antitrust / antitech reckoning in 2021. Democratic institutions rely on common facts and beliefs, which have been challenged in light of dis and misinformation proliferating across social platforms. With antitrust sentiment slowly taking over Washington, it’s becoming more apparent that technology and social platforms are unregulated domains that have been damaging to truth, and the functioning of democratic processes. In 2021, we’ll likely see the full force of the government extended against social platforms and tech monopolies.