2021 Predictions: The Year of Malicious Automation by Brad LaPorte
We present this article on malicious automation written by Brad LaPorte, Chief Evangelist of Kasada.
We’re pleased to announce that the First Annual Cybersecurity Insight Jam proved a wild success. We want to thank both our audience and all of our participants for their involvement and engagement.
Dozens of vendors, cybersecurity experts, and researchers shared their predictions with us in the lead-up to the virtual event. However, we couldn’t publish all of them simply because we ran out of time slots. So we’d like to take some time in the coming days to publish what we couldn’t previously.
To get us started on this effort, we present this article on malicious automation written by Brad LaPorte, Chief Evangelist of Kasada.
2021 Predictions: The Year of Malicious Automation
By Brad LaPorte
2021 Will Be The Year of Malicious Automation
25 percent of the internet now comprises bad bots, malicious automated tools, and evil AI. Next year it will double, making half of the internet be saturated with malicious traffic.
The global economy is in full swing and e-commerce is now a necessity versus a commodity. The rapid adoption of digital commerce, backed by fully scalable cloud computing, has set the foundation. 5G, IoT, and edge computing will act as a catapult. Cyber-criminals have always been early adopters of the latest and greatest technologies – and using automation will amplify and multiply their efforts at mass scale.
Over 90 percent of cyber-attacks will involve some form of malicious automation by the end of the year. What will immediately follow is a period of rapid investment and adoption, primarily in using automation for cybersecurity.
Some examples of how malicious automation will be used include:
- Content scraping malware to make attacks more efficient
- AI-Supported CAPTCHA breaking; making it obsolete
- Convincing social engineering attacks at scale; rendering gesture detection and biometric authentication useless
- Intelligent targeting and evasion attack vectors
- Data pollution and rampant misinformation ingestion
Advanced Persistent Bots (APB) Will Greatly Outnumber Basic Bad Bots
Not all bad bots are created equal in terms of sophistication. A “spray and pray” bot is much easier to buy, build, and use than one that has laser beam surgical focus. But the higher the sophistication the higher the reward.
The ability for cyber-criminals to access more sophisticated tools – ones that are preconfigured with corporate data and allow for “walk right in” level access – is a fraction of a Bitcoin away. Script kiddies will be able to level up and deliver government-sanctioned, nation-state-level damage to their targets in order to obtain financial gains.
APIs Will Be The New Frontline
Application programming interfaces (APIs) make everything A LOT easier. From data sharing to system connectivity, to just simply making things WORK. But they also make it much easier for the bad actors and the bad bots they love to deploy.
Soon over 90 percent of web-enabled applications will have more surface area for attacks in the form of exposed APIs rather than the UI. This is because they are being implemented without security being part of their design, making them WAY too easy to discover and exploit. Put simply, APIs can expose a significant amount of data too easily, making it open season for any organization that has not made API security a priority.
DevSecOps Walls Will Come Down
DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become unified. With the right training and tools, developers can become more hands-on with security.
They will need the security specialists to be ingrained in their continuous workflow to ensure code is secured from the start – and are championing this mindset across the company. What was once considered “oil and water” or “alien entities” will now have to become well-lubricated, interlocking machinery.
The Healthcare Industry Will Use Online Fraud Solutions 4x More
The global healthcare industry has passed the financial services industry for experiencing the most data breaches. In 2020, with the global pandemic and focus on vaccine research and care, the industry experienced 2x the amount of data breaches than their closest industry neighbor, making this a crisis on top of a crisis. Unfortunately, there are no signs of slowing.
Historically, the healthcare industry has not invested in online fraud capabilities – and given the updated digital climate, this investment will be needed more than ever. Healthcare data is highly sought after by cyber-criminals and carries a high dollar value on dark web markets, meaning the demand for it is here to stay.
Brad LaPorte, Chief Evangelist of Kasada for his time and expertise on malicious automation, and for sharing these predictions during the Cybersecurity Insight Jam 2020. You can learn more in our Endpoint Security Buyer’s Guide.