On January 28th, 2021, Jon Clay, Director of Global Threat Communications at Trend Micro (https://www.trendmicro.com) shared his Software Development and DevOps related security predictions for 2021. The full video recording and slide details are below:
Talk Slides (full video below):
Threat actors will turn home offices into their new criminal hubs
- Home Routers are prime initial target
- Key employees will be targeted with data stealing malware
- Worms utilized to infect home network
- Access as a Service will increase

Extortion attacks including ransomware will continue to plague organizations of all sizes
- Tactics will evolve as organizations build improved protections
- Attacks as a Service allows gangs to work together
- Ransoms will keep rising

Attackers will quickly weaponize newly disclosed vulnerabilities, leaving users with a narrow window for patching
- N-day vulnerabilities will be a goldmine
- More marketplaces will crop up for trading and selling exploits
- Customizedexploitsofferingswill grow

Exposed APIs will be the next favored attack vector for enterprise breaches
- APIs will become a preferred target
- Security is still not understood
- APIs are easy to discover
- Use of APIs in cloud environments is increasing substantially

Enterprise software and cloud applications will be hounded by critical class bugs
- Key business applications (O365, Teams, Sharepoint) vulnerabilities will be sought- after
- Sensitive data being shared in collaborative software is major concern (Cloud of Logs)
- 0 data breaches due to cloud provider’s fault

Nation-State Tactics will be widely adopted by cybercriminals
- Extensive intelligence gathering before attack
- Collaboration between groups
- Anti-forensics will be used extensively
- Attacks will cross many areas of your network
- Island hopping increases

Attackers Prey Upon
✓ Human error
✓ IT security complacency
✓ Technical deficiencies
“It is when multiple TTPs are utilized in concert that cybercriminals are able to gain and maintain access to a computer network”.

Commonalities Seen In Attacks
- Weak Credentials
- Outdated and Unpatched OS & Applications
- Insecure application development
- Too Much Access Privileges (Open Shares)
- Unsecured Devices

Full Webcast Recording:
About Jon Clay:
Jon Clay, Directory of Global Threat Communications at Trend Micro, has worked in the
cybersecurity space for over 24 years. He is responsible for managing marketing messages and
external publication of all the threat research and security intelligence within Trend Micro as
well as different core technologies. As an accomplished public speaker with hundreds of
speaking sessions around the globe, Jon focuses on the threat landscape and the use of advanced
technologies in protecting against today’s sophisticated threats. Jon is also a volunteer speaker
for the Trend Micro Internet Safety for Kids and Families program.

Resources:
Trend Micro 2021 Security Predictions Report:: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2021
Trend Micro DevOps Resource Center: https://www.trendmicro.com/en_us/devops.html