The Home Threat Vector

The prediction of security threats is an incredibly broad topic and can range from statements covering a single enterprise in a short time frame to those covering the global threat landscape for the year ahead. This is of course not to say that the different levels of fidelity at play here are wholly unconnected. On the contrary, global trends can be seen as the larger context within which individual incidents playoff, with occurrences in each informing analytics in the other.

Looking at the year ahead and considering recent high-profile hacks and the large number of people working from home, McAfee’s annual threat prediction report contains few surprises. Their top six threats for 2021 are as follows:

  1. Increased supply chain backdoor attacks
  2. Home office attacks for accessing corporate networks
  3. Cloud infrastructure attacks of varying sophistication to proliferate
  4. New mobile payment scams
  5. New QR code scams
  6. Social networks used to launch attacks against companies

The core thread running through all these threats, other than the first one, is that the proliferation of work from home setups has opened up a new and more readily exploitable avenue of attack against corporate targets. Since employees are working from home and more often than not, also using their personal computers for work, there is a significant new weakness in corporate defences with a variety of less secure devices located off-site now connecting into corporate networks in a number of different ways.

This attack vector might not be entirely new, but its level of prominence due to lockdowns and work from home rules, definitely is. However, once an attacker moves past a home network (or possibly even earlier depending on setup) their actions become detectable and monitorable to security teams. Patterns will form and analysis will be possible.