This is the final post in a three-part series of AppSec predictions for 2021. You can read the complete series here.
Every year(ish), I publish our AppSec predictions about three of the threats that look to be the biggest problems in the upcoming year. In the past two years, the predictions were: credential stuffing/account takeover attacks, API attacks, and supply chain attacks. This year our predictions are informed by our augmented Threat Intelligence Service, which is a part of Barracuda Advanced Bot Protection. In short, we have significantly more data informing our conclusions.
Supply chain attacks spread further and become a bigger threat across industries
Through 2019 and 2020, there were a number of large attacks by this group, and they hit some high-profile targets like British Airways. At this point, thousands of compromised shops have been identified, and many cybercriminal groups are operating with this attack. Some of these compromised scripts are quite advanced — when you run a web vulnerability scanner, they don’t execute their malicious code and pretend to be working normally, preventing detection. So there are some fairly advanced and organized groups working on this. You also have the Inter Skimmer, which has become the most popular tool for attackers wanting to execute this type of attack. Like bots, there are actual support channels, with proper research and development behind the products, and there is an underground economy.
AppSec in 2021 continues to be interesting
When it comes to bots and reselling, we see that legislators are getting involved. For example, in the UK, they are attempting to block resale above the MSRP of products. There is precedent for this. In 2015, the U.S. passed a law against ticket scalping, after a massive surge in complaints about scalpers. Whether these new laws work or whether the bot makers continue their behavior of poking holes in parental rules to get their cookies remains to be seen.
2021 applications security predictions: Bot, API, and supply chain attacks
Watch the webinar here
Tushar Richabadas is Senior Product Marketing Manager, Applications and Cloud Security, Barracuda. Prior to this role, Tushar was a Product Manager for the Barracuda Web Application Firewall and Barracuda Load Balancer ADC, with a focus on cloud and automation. Tushar has a wide range of experience, from leading networking product testing teams and technical marketing for HCL-Cisco. Tushar closely tracks the rapidly increasing impact of digital security and is passionate about simplifying digital security for everyone.