This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Ido Safruti, co-founder and CTO of PerimeterX:
Cybercrime Communities Get Stronger
Cybercriminals have always maintained an alternative reality — aka the Dark Web — alongside a web of murky Internet Relay Chat (IRC) channels, online chat rooms, and file drops where they post accounts harvested from thousands of data breaches. Today, cybercriminals are among the most innovative users of online communications and community building tools. And they are forming stronger and stronger communities using the same popular tools used to build communities and communicate. In fact, we have observed how these popular tools are used to coordinate and bring to market online fraud and mayhem over the entire attack lifecycle. Cybercriminals are often doing this out in the open. A quick Google search turns up Discord channels and subreddits where participants discuss every known threat, including carding, account takeover (ATO), IoT botnets, malware and crackings. We also have seen evidence that cybercriminals are increasingly collaborating on attacks, and that online fraud is becoming a more mature market. Different groups now specialize in aspects of online crime, from renting out botnets for account takeover and carding attacks to coordinating human “mules” to reship illegal product purchases, to skimming, validating, and then reselling username and password pairings, aka fullz. There are even groups that specialize in exploiting different security issues. Communities and the communications tools that they use are ad hoc platforms that make this growing criminal enterprise more efficient. Cybercriminals know this, and the community technology is only getting better. So we expect cybercrime communities will grow measurably stronger to continue evading security measures and behave even more like mainstream businesses and technology sectors in 2021.
DevSecOps Goes Mainstream
With a growing percentage of code running on client-side applications coming from third-party JavaScript libraries or services, we see an increase in “Shadow Code.” When looking at front end JavaScript code, Shadow Code is code that is introduced into an application without a formal approval process or security validation. Shadow Code often takes the form of third-party vendors or open source libraries delivering specific functionalities into an application. Shadow Code can also include first-party code introduced by a rogue or compromised developer, or unauthorized code injected into the application through a vulnerability or security breach. Because it was not appropriately reviewed or might have been compromised or modified since code review (which is commonly the case with 3rd party vendors), Shadow Code may harbor malicious client-side code that alters application behavior to illegally gather and exfiltrate PII from websites. The malicious code may escape further scrutiny since it executes on the client side.
Leaning Forward in 2021
As strange as it sounds, we believe 2021 will bring as many or even more disruptive changes as last year. For that reason, trends we saw as a little outside the radar are now moving more quickly into the mainstream. A critical underlying trend — digital transformation — will further accelerate our predictions. Web applications and hybrid web applications are rapidly replacing desktop applications. This will mean that every operator will need to double down on basic security solutions such as automated security testing, penetration testing and preventing OWASP attacks. Beyond the obvious, these trends highlight even more the need for innovative and forward-leaning application security technologies that use AI and machine learning to look at behaviors rather than signatures, at scale, as every business increasingly becomes a web-facing, application-driven digital business.
###