As we bring 2020 to a close, it’s time to look at 2021 and a new chapter in the book of cybersecurity.While there are no doubt a multitude of possible attacks, here are five types of attacks that are becoming more popular and more common among attackers using Internet of things (IoT) threats.

1. Built-In IoT Threats

As entities embrace the IoT, they still lag in the defense and guidelines departments. And, threat actors will take advantage of the gap between the risks posed by IoT and how prepared people are to address those risks.

IoT devices are insecure by nature. They’re connected, meaning the bad guys can access them. But IoT devices lack the processing power for basic protection like encryption. They also tend to be highly valuable and inexpensive, making it easy for users to deploy large numbers of them (possibly 35 billion IoT devices worldwide by the end of 2021).

IT may not have authorized, or may not even know about, these devices. In many cases, the employer doesn’t even own them.

It’s likely that IoT will become the preferred target for ransomware attacks. Botnets, advanced persistent threats, distributed denial of service (DDoS) attacks, identity theft, data theft, man-in-the-middle attacks, social engineering attacks and others are also likely choices.

IoT threats, including those hitting databases, intersect with other 2021 trends, too. In a world of increased automation, many attacks focus on supply chain and manufacturing. IoT is used a lot in these fields, and updating equipment is not always a top priority. As we encounter more novel attacks on IoT networks, one question is especially important. Can we update aging firmware to give it the defenses it needs?

2. AI in IoT Threats

It’s likely 2021 will be the year of AI-powered IoT threats. And, that’s not surprising.

AI-based attacks have been taking place since 2007, mostly for social engineering attacks (simulating human chat) and for enhancing DDoS attacks. The malicious use of AI showed up on everyone’s radar in 2018, when a ground-breaking study on the threat was published.

Over time, more refined algorithms will get better at mimicking normal users on a network to foil detection systems looking for strange behavior. The biggest recent development in the use of AI in cyberattacks is democratization of tools for building and using AI systems. Threat actors can build AI tools now that just a few years ago only researchers could build.

AI systems are better than humans at performing many of the elements of IoT threats, such as repetitive tasks, interactive responses and processing very large data sets. In general, AI will help the bad guys scale up their IoT threats, automate them and make them more flexible.

And, don’t just look for exotic new AI-based IoT threats in 2021. Instead, look for the usual network breaches and other attacks, but deployed faster, at larger scale and with more flexibility, automation and customization than in the past.

3. Deepfakes for IoT Threats

Attackers will use the same tools behind deepfake videos for IoT threats, such as brute force attacks and spoofing biometrics. For example, university researchers have demonstrated generative adversarial network (GAN) techniques can brute-force fake, but functional, fingerprints. They do it in the same way passwords are brute-forced by trying thousands of attempts.

We have, in fact, already seen the use of deepfake technology in malicious attacks. The first wave of these involved faked voices. The attackers taught a computer system to sound like a CEO, who then called employees to order money transfers and the like.

Audio and image deepfakes have now been basically perfected, which is to say you can create voices and photographs that most humans can’t tell are fake.

The holy grail of deepfakes is video. Today, videos made this way still look uncanny. But it’s only a matter of time before attackers perfect deepfake video as well, enabling convincing video-call social engineering attacks. They could also use faked video for network breaches, extortion and blackmail.

4. More Specialized Cyber Crime

The entire history of cyber crime has involved increasing refinement on the part of the attackers. It often mirrors trends in honest business. And this long-standing trend in IoT threats will continue, as we can expect far more specialization and outsourcing in 2021. Threat actors will be going after bigger paydays. Rather than one person or one gang running an entire job, expect groups to offer break-in services for pay. So, a single attack may involve multiple groups, each of which is expert at performing their part.

For example, one group may specialize in reconnaissance at scale, then offer their knowledge on the dark net for a price. Another group may purchase this, then hire another group to breach the victim with a social engineering attack. That group may, in turn, hire native language speakers and graphics designers to craft more convincing emails. Once they gain access, the client may hire multiple specialist gangs for ransomware, bitcoin mining, extortion and other attacks.

In the same way that businesses have specialized, diversified and benefited from outsourcing, the people building IoT threats do, too.

5. Breakdowns Between State-Sponsored and Criminal Attacks

The organizational trends described above — the specialization and outsourcing — will further blur the line between state-sponsored attacks and gang attacks. And, this makes sense. Already many of the so-called state-sponsored cyberattacks are actually performed by criminal gangs linked to government agencies, including military and spy agencies.

With increased specialization and outsourcing, nation-states will be offered the fruits of cyberattacks, such as IoT threats, for money more and more. And nation-states will hire otherwise unaffiliated cyber gangs to do specific malicious attack jobs, or specific parts of them.

Even today, it’s difficult to tell whether a detected attack was state-sponsored or not. In the future, starting in 2021, it may become nearly impossible. The year 2021 will no doubt prove to be another exciting year in the realm of cybersecurity. Look for these five trends in IoT threats as areas to focus on.

More from Intelligence & Analytics

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today