BLOG HOME > Cybersecurity > 2021 Data Breach Forensic Predictions and What Happened in 2020: Part 2

2021 Data Breach Forensic Predictions and What Happened in 2020: Part 2

New cybersecurity threats were popping up rapidly going into 2020. We analyzed the trends and made predictions for the rest of the year: 

Think You've Had a Data Breach?

Click for Incident Response

1. Hackers will increasingly target payment iFrames

The shift to EMV refocused attackers’ attention on the “low-hanging fruit” of e-commerce websites. Merchants responded with implementing more shopping cart security, and iFrames are part of these efforts. iFrames are often used to outsource some security requirements, making them a convenient added layer of security. As more merchants use iFrames, more hackers target them.

For merchants in the PCI DSS realm, that means SAQ A may be somewhat deprecated. iFrame attacks are made possible because hackers are taking advantage of vulnerabilities that are already present, usually due to a system misconfiguration. Other vulnerabilities include new elements we haven’t seen as frequently in the past. You can learn more about these elements in an interactive website here.

2. More damaging leaks from virtual meetings

Corporate espionage through compromised virtual meetings, such as ZOOM, has escalated since the start of 2021. With their increased usage in the workplace, we believe virtual communication platforms will continue to be targeted throughout 2021. 

3. Domain name obfuscation hacks

Domain name obfuscation hacks are different from typical lookalike domain attacks. These attacks exploit unicode; a combination of symbols from many writing systems, including Greek, Latin, and Cyrillic. Unicode characters look indistinguishable from Latin characters. An “O” in each of these languages looks the same but is coded differently, so a URL could look identical but direct to a totally different website. 

Forensic Webinar: What Happened in 2019 & Predictions for 2020

Watch Here

4. Slim skimming

As EMV technology took hold, it appeared that physical card skimming would decline. However, the introduction of the EMV chip actually helped solve one problem attackers have when installing a physical card skimmer--how the skimmer is powered. Previously, attackers needed to power their skimmers, either with batteries or connecting to the point of sale device’s power supply. This often made it more difficult for the attacker because they had to conceal bulky wires, cords or batteries. Because the EMV chip creates a small electrical charge when it is inserted into a card reader, attackers are able to harness the small charge as a convenient power source for their digital skimmers. 

This has been frustrating for merchants, as many of them replaced and updated their gas pump card readers for EMV without realizing the new readers could be solving a problem for the attackers by providing them a convenient power supply. 

5. Uptick in cryptocurrency thefts

One of the biggest cyber theft stories of 2020 was the indictment of three North Korean computer programmers who used cyber attacks to steal 1.3 billion dollars worth of cryptocurrency. 

These attacks often offer a huge payoff for hackers and we predict these incidents will continue to increase. 


Top organizational vulnerabilities that lead to compromise

As the number of active threats increase, where should organizations look first to identify and address vulnerabilities? 

Employees

Unequivocally, the number one organizational vulnerability is employee error. Occasionally, there may be embedded agents that take a job with an organization with the primary purpose of stealing company secrets, but those situations are rare. Most of the time, a phishing or social engineering attack is unknowingly enabled by an employee. 

Third parties

Due to a mutually beneficial working relationship, third parties are often given some level of access and connectivity to merchant websites, but that added connection also serves as an additional potential attack surface to introduce new vulnerabilities. To learn more about third party risks and best practices, visit our blog, Third parties can introduce new threats to your data.

Insecure coding and data

Insecure coding can originate with programmer error, but an organization’s website can also contain highly exposed vulnerabilities. In one recent investigation, a company was unintentionally providing hackers with the exact data they needed to pull off a targeted social engineering attack on employees–right on their website. 

Cloud services blind spots

There is a widely accepted attitude that anything put into the cloud is inherently safe, yet around 70% of businesses are losing data from their cloud services. A cloud is just a space and a service. It is the business’s job to secure their cloud-hosted data. 

If you are not keeping an eye on your cloud service providers and security surrounding your cloud data, attackers are going to find loopholes. Don’t leave a gap between the service providers’ security and your own security. Evaluate what security services are provided on the cloud and your own security practices to make sure those holes are plugged. To learn more about cloud security, visit our blog, PCI compliance in the cloud.

Unpatched systems

Unpatched systems have been an issue for years. Industry-wide threats like the Magento hack are possible due to the sunsetting of Magento 1. Since Magento 1 is no longer supported, it is a prime target for hackers. There are still many sites using Magento 1. If you are using Magento 1, consider yourself hacked. 

Insecure remote access

The good news is that we saw less remote access hacks this past year, but it is still a critical vulnerability. Visit our blog, Securing Your Remote Desktop Connection, to learn more about secure remote access. 

BYOD procedures

Bring-your-own-device culture (BYOD) became a huge issue in 2020 because so many people started working out of their homes. Bringing personal devices into and out of home/work networks coupled with remote access issues can lead to big problems. 

If you have employees working from home, you’ve inherited their home network. This can be especially vulnerable when other residents such as children, partners, or roommates are playing video games, are on Discord, or downloading online content because their personal devices could introduce vulnerabilities to their home network and then to your employee’s device. Once that personal device logs into your corporate network your employees’ vulnerabilities become your vulnerabilities. 


By: David Ellis
VP, Investigations
CISSP, QSA, PFI


Tips to avoid vulnerability exploitation

Subscribe to our blog to receive part 3 of 2021 Forensic Data Breach predictions and What Happened in 2020, which includes tips to avoid data breaches due to organizational vulnerabilities. 

Join Thousands of Security Professionals and Subscribe

Subscribe