OK, the pundits out there have started to make their predictions for what the 2021 Cybersecurity Threat Landscape will be like. Truth be told, I have seen these predictions just in the last few weeks, but they took much more of a holistic approach, rather than identifying the new threat variants by application or even by industry. 

So with this in mind, let’s start our predictions, beginning with what the expectations are that could happen to the Cloud. 

Remember, the Cloud has been with us for a very long time, going back from its first popular usage in the late 90’s to now.  It no doubt has grown and evolved into something that was never thought of before.  Probably one of the biggest things that has dropped my jaw is the in quickness and efficiency in which you can create a new Virtual Server, with the latest technologies.

Back in the era of the dot com craze, trying to get this kind of server was pretty much an On Prem solution, and could cost a company literally tens of thousands of dollars.  But now for example, you can create a Windows 2019 Datacenter Server with an Enterprise Oracle database for just like $100 or so per month. 

But keep in mind, not every Cloud Provider is going to offer this kind of stuff – it is only the juggernauts like the AWS or Microsoft Azure that can do this.

So, it is with this in mind, that we start our predictions for 2021, on these two Cloud platforms.  Here we go:

*The rise of the Advanced Persistent Threats:

This threat variant is also known as the “APT”.  Although this is just a variant of much older Cybersecurity attack vectors, they have been fashioned now in such a way that that are extremely hard to detect, and if you do find that you have become a victim of one, it will be too late for you to do anything about it.  In this regard, the Cyberattacker is looking for the weakest and most vulnerable spot in your Cloud Architecture – from there, they will then move in, stay in as long as they can, hijacking your confidential information and data a bit at a time.  Also with this, the Cyberattacker can also move in what is known as a “lateral” fashion.  Meaning, once they are in, they can move in other, linear directions to see what they can get their hands on in the other parts of your IT and Network Infrastructures.  Also keep in mind that both of the previous mentioned Cloud platforms also allow for a much greater flexibility for your software development  to deploy whatever they need to in both on online and offline manner.  Because of this, new scripts can be executed at any time, meaning this gives the Cyberattacker new ways of getting in.  In the world of the AWS, the VMs that you create are also known as “EC2” based instances.  If the Cyberattacker can somehow deploy a malicious payload onto any of these scripts, the statistical probability of them spreading into other parts of your EC2 instances are also high, thus causing a cascading effect of failure onto your Cloud platform.

*The rise of Artificial Intelligence (AI) and Machine Learning (ML):

Essentially, these are two big buzzwords in which the Cybersecurity word is trying to emulate the human brain in making tasks and threat modeling easier to accomplish, and in a much shorter time period that it would take a human being.  But there is one caveat here – these tools need a huge amount of data that have to fed into them, in order to make them truly effective for what they are set out to accomplish.  This has given rise to a new field called “Cloud Data Science”, in which you will now see many scientists being employed in this area.  Both the AWS and Microsoft Azure have AI and ML tools in order to make the data cleansing and analysis a much easier task to handle.  For example, in the AWS, this is known specifically as the “Sage Maker” that offers these functionalities.  Although this is a very powerful to use, it comes with a whole cohort of options that your team of data scientists can make use of.  While this flexibility is of course advantageous, this can also be its Achilles heel as well.  For example, if things are not configured properly, the Cyberattacker can very easily take of advantage of them in order to gain Root User access privileges to your Cloud platform and wreak all sorts of havoc that they can imagine, it just does not have to the theft of Personal Identifiable Information (PII) datasets. An example of this exact scenario is actually further detailed in this article:

https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation-part-2/

*The attack of the Bots:

Most of us have heard of this term before, but these are essentially small, automated processes that can are typically used on the Internet.  A perfect example of this are the Google based algorithms that are being used day in and day out in order to mine for new websites and rank them accordingly in the search results, based upon their keywords.  But although they have a good side, they can also have a bad side as well, especially when it comes to deploying malicious types of payloads.  These bots are now typically launched from their own Cloud based platforms and can be used to hijack other legitimate ones as well.  These bots can not only steal your PII datasets, but they can also scrape your website content, and even launch Phishing and Distributed Denial of Service (DDoS) attacks against your own brand name and reputation – obviously, a situation which you do not want to happen.

*The rise of Cryptomining:

To some degree or another, we also have all heard of virtual currencies – the most popular example being that of the Bitcoin.  Cryptomining is an offshoot of this, and simply put, this is where a Cyberattacker will covertly hijack both the computing and processing powers of your device in order to illegally mine for these virtual currencies.  But now the Cyberattacker is starting to move towards the AWS and the Microsoft Azure platforms in order to do this.  Meaning, they are hijacking the computational powers of both your VMs and Virtual Desktops in order to further mine for these currencies.  At first, this can be difficult to notice, but keep a close eye on any spikes or abnormal usage in your virtual CPU activity, as this will be a telltale sign.

My Thoughts On This

The usage of both the AWS and Microsoft Azure expected to increase at least by 2X in 2021.  With this huge increase, of course there will be just that many more doors that could be potentially left open for the Cyberattacker to enter into.  A common theme here is that of misconfigurations, especially with the toolsets that are available in the AWS. 

If you peruse the Cyber news headlines like I do, many of the Cloud security breaches occur because of sort of misconfiguration that transpired – whether it is intentional or not.  At least to me (and I am still very much a novice to both the AWS and Microsoft Azure), it appears that this is a problem that could more or less be fixed, either by conducting an audit of your Cloud platform, or even doing a Penetration Test of it.

To be honest, I have been dabbling around in Microsoft Azure a lot more, and I am quite impressed with what they offer, especially when it comes to their security tools that you can deploy onto your Cloud platform.  But the bottom line here is that it is always best to create your Cloud platform in a gradual and phased in manner and checking each part for any security issues before moving onto the next item. 

But if you have any doubts that still persist in your mind, always work with a Cloud Provider – they can help you to build and maintain your infrastructure from the ground up, and quickly resolve any issues as they may occur.