{"id":115915,"date":"2021-01-13T01:00:12","date_gmt":"2021-01-13T09:00:12","guid":{"rendered":"\/blogs\/?p=115915"},"modified":"2024-06-24T23:35:39","modified_gmt":"2024-06-25T06:35:39","slug":"2021-threat-predictions-report","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/","title":{"rendered":"2021 Threat Predictions Report"},"content":{"rendered":"

The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013 the supply chain \u2013 that will continue to be exploited.<\/p>\n

The ever-increasing use of connected devices, apps and web services in our homes will also make us more susceptible to digital home break-ins. This threat is compounded by many individuals continuing to work from home, meaning this threat not only impacts the consumer and their families, but enterprises as well.<\/p>\n

Attacks on cloud platforms and users will evolve into a highly polarized state where they are either \u201cmechanized and widespread\u201d or \u201csophisticated and precisely handcrafted\u201d.<\/p>\n

Mobile users will need to beware of phishing\u00a0or\u00a0smishing\u00a0messages aimed at exploiting and defrauding\u00a0them through mobile\u00a0payment services.<\/p>\n

The use of\u00a0QR codes\u00a0has notably accelerated\u00a0during the pandemic,\u00a0raising the specter of a new\u00a0generation of\u00a0social engineering techniques\u00a0that\u00a0seek to exploit\u00a0consumers and\u00a0gain access to\u00a0their\u00a0personal data.<\/p>\n

Finally, the most sophisticated\u00a0threat actors will increasingly\u00a0use social networks to\u00a0target high value individuals working in\u00a0sensitive\u00a0industry\u00a0sectors\u00a0and roles.<\/p>\n

A new year offers hope and opportunities for consumers and enterprises, but also more cybersecurity challenges. I hope you find these helpful in planning your 2021 security strategies.<\/p>\n

\u2013Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research<\/span>\u00a0<\/span><\/p>\n

Twitter\u202f<\/span>@Raj_Samani<\/span><\/a>\u00a0<\/span><\/p>\n

2021 Predictions\u00a0<\/span><\/b>\u00a0<\/span><\/h2>\n\n\n\n
\n

1.<\/strong><\/h2>\n<\/td>\n

\n

Supply<\/span><\/span>\u00a0<\/span><\/span>Chain\u00a0<\/span><\/span>Backdoor\u00a0<\/span><\/span>Techniques<\/span><\/span>\u00a0<\/span><\/span>to\u00a0<\/span><\/span>Proliferate<\/span><\/span>\u00a0<\/span><\/h2>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

By Steve Grobman<\/a><\/span><\/b>\u00a0<\/span><\/p>\n

The revelations around\u00a0<\/span><\/b>the\u00a0<\/span><\/b>SolarWinds-<\/span><\/b>SUNBURST\u00a0<\/span><\/b>espionage campaign wi<\/span><\/b>ll spark a proli<\/span><\/b>feration<\/span><\/b>\u00a0in copycat\u00a0<\/span><\/b>supply chain\u00a0<\/span><\/b>attacks of this kind<\/span><\/b>.\u00a0<\/span><\/b>\u00a0<\/span><\/h4>\n

On December 13, 2020,\u00a0<\/span>the\u00a0<\/span>cybersecurity industry learned\u00a0<\/span>nation-state\u00a0<\/span>threat actors had compromised SolarWinds\u2019s Orion IT monitoring and management software and used it to distribute a <\/span>malicious\u00a0<\/span>software backdoor\u00a0<\/span>called SUNBURST\u00a0<\/span>to dozens of that company\u2019s customers, including several\u00a0<\/span>high-profile<\/span>\u00a0U.S. government agencies.\u00a0<\/span>\u00a0<\/span><\/p>\n

This SolarWinds-SUNBURST campaign is the first major supply chain attack of its kind<\/span>\u00a0and\u00a0<\/span>has been\u00a0<\/span>referred to by many as the \u201c<\/span>Cyber Pearl Harbor<\/span><\/a>\u201d that\u00a0<\/span>U.S. cybersecurity\u00a0<\/span>experts<\/span>\u00a0have been\u00a0<\/span>predicting<\/span>\u00a0for a decade and a<\/span>\u00a0half<\/span>.\u00a0<\/span>\u00a0<\/span><\/p>\n

The campaign also represents a shift in tactics where\u00a0nation state threat actors\u00a0have\u00a0employed a new weapon for cyber-espionage. <\/span>\u202f<\/span>Just as the use of nuclear weapons at the end of WWII changed military strategy for the next 75 years, the use of a supply chain attack has changed the way we need to consider defense against cyber-attacks.<\/span>\u202f<\/span>\u00a0\u00a0<\/span><\/p>\n

This supply chain attack operated at the scale of a worm such as WannaCry in 2017, combined with the precision and lethality of the 2014 Sony Pictures or 2015 U.S. government Office of Personnel Management (OPM) attacks.\u00a0<\/span><\/p>\n

Within hours of its discovery, the magnitude of the campaign became frighteningly clear to organizations responsible for U.S. national security, economic competitiveness, and even consumer privacy and security.\u00a0\u00a0<\/span><\/p>\n

It enables\u00a0U.S. adversaries\u00a0to steal all manners\u00a0of information, from inter-governmental communications to national secrets. Attackers can, in turn, leverage this information to influence or impact U.S. policy through malicious leaks.<\/span>\u202f<\/span> Every breached agency may have different secondary cyber backdoors planted, meaning that there is no single recipe to evict the intrusion across the federal government.\u00a0<\/span><\/p>\n

While some may argue\u00a0that government agencies are legitimate targets for nation-state\u00a0spy craft,\u00a0the campaign also impacted private companies.\u00a0Unlike government networks which\u00a0store\u00a0classified information\u00a0on isolated networks,\u00a0private organizations often have critical intellectual property on\u00a0networks with\u00a0access\u00a0to\u00a0the internet. <\/span>\u202f<\/span>Exactly what intellectual property or private data on employees has been stolen will be difficult to determine, and the full extent of\u00a0the\u00a0theft may never be\u00a0known.<\/span>\u202f<\/span>\u00a0<\/span><\/p>\n

This type of\u00a0attack\u00a0also poses a threat to individuals\u00a0and their families given\u00a0that\u00a0in today\u2019s highly interconnected homes, a breach of consumer electronics companies can result in attackers using their access to smart appliances such as TVs, virtual assistants, and smart phones to steal their information or act as a gateway to attack businesses while users are working remotely from home.\u00a0<\/span><\/p>\n

What makes this type of attack so dangerous is that it uses\u00a0trusted software to\u00a0bypass\u00a0cyber defenses,\u00a0infiltrate victim organizations with the backdoor and allow the attacker to take any number of secondary steps. This could\u00a0involve\u00a0stealing data,\u00a0destroying data,\u00a0holding\u00a0critical\u00a0systems for ransom, orchestrating system malfunctions that result in kinetic damage,\u00a0or simply implanting additional malicious content throughout the organization to stay in control even after the initial\u00a0threat appears to have passed.\u00a0<\/span><\/p>\n

McAfee believes the discovery of the SolarWinds-SUNBURST campaign will\u00a0expose attack techniques\u00a0that other malicious actors around the world will seek to duplicate\u00a0in 2021 and beyond.\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n\n\n\n
\n

2.<\/strong><\/h2>\n<\/td>\n

\n

Hacking the Home to Hack the Office<\/span><\/b>\u00a0<\/span><\/h2>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

By\u00a0<\/span><\/b>Suhail Ansari,\u00a0<\/span><\/b>Dattatraya Kulkarni<\/span><\/b>\u00a0and Steve Povolny<\/a><\/span><\/b>\u00a0<\/span><\/p>\n

\u00a0<\/span>The increasingly dense overlay of numerous connected devices, apps and web services used in our professional and private lives will grow the connected home\u2019s attack surface to the point that it raises significant new risks for individuals and their employers.<\/span><\/b>\u00a0<\/span><\/h4>\n

\u00a0<\/span>While the threat to connected homes is not new, what is new is the emergence of increased functionality in both home and business devices<\/span>, and the fact that t<\/span>hese devices connect to each other more than ever before<\/span>. Compounding this is the increase in remote work \u2013 meaning many of\u00a0<\/span>us are using these connected devices more than ever.\u00a0<\/span><\/p>\n

In 2020,the global pandemic shifted employees from the office to the home, making the home environment a work environment. In fact, since the onset of the coronavirus pandemic, McAfee Secure Home Platform device monitoring shows a 22% increase in the number of connected home devices globally and a 60% increase in the U.S. Over 70% of the traffic from these devices originated from smart phones, laptops, other PCs and TVs, and over 29% originated from IoT devices such as streaming devices, gaming consoles, wearables, and smart lights.<\/p>\n

McAfee saw\u00a0<\/span>cybercriminals\u00a0<\/span>increase their focus on th<\/span>e<\/span>\u00a0home attack surface<\/span>\u00a0with a surge in various phishing\u00a0<\/span>message schemes across communications channels.\u00a0<\/span>T<\/span>he number of malicious\u00a0<\/span>phishing<\/span>\u00a0links\u00a0<\/span>McAfee\u00a0<\/span>block<\/span>ed<\/span>\u00a0<\/span>grew over 21% from March to November<\/span>,\u00a0<\/span>at an average of\u00a0<\/span>over 400 links per home.\u00a0<\/span>\u00a0<\/span><\/p>\n

\u00a0<\/span>T<\/span>his increase\u00a0<\/span>is significant<\/span>\u00a0and\u00a0<\/span>suggest<\/span>s<\/span>\u00a0a flood of phishing messages\u00a0<\/span>with malicious links<\/span>\u00a0entered<\/span>\u00a0home<\/span>\u00a0networks<\/span>\u00a0through devices\u00a0<\/span>with weaker\u00a0<\/span>security measures<\/span>.\u00a0<\/span>\u00a0<\/span><\/p>\n

\u00a0<\/span>M<\/span>illions of individual employees\u00a0<\/span>have\u00a0<\/span>bec<\/span>o<\/span>me\u00a0<\/span>responsible for their\u00a0<\/span>employer\u2019s<\/span>\u00a0IT<\/span>\u00a0security<\/span>\u00a0in a home office filled with\u00a0<\/span>\u201c<\/span>soft<\/span>\u201d<\/span>\u00a0targets<\/span>,\u00a0<\/span>unprotected\u00a0<\/span>devices from the kitchen, to the family room, to the bedroom<\/span>.\u00a0<\/span>Many of these home devices are\u00a0<\/span>\u201corphaned\u201d\u00a0<\/span>in that\u00a0<\/span>their manufacturers fail to properly support the<\/span>m<\/span>\u00a0with security updates addressing new threats or vulnerabilities.\u00a0<\/span>\u00a0<\/span><\/p>\n

This contrasts with a corporate office environment filled with devices\u00a0<\/span>\u201chardened\u201d<\/span>\u00a0<\/span>by<\/span>\u00a0enterprise-grade security measures.\u00a0<\/span>We now work with consumer-grade networking equipment\u00a0<\/span>configured by\u00a0<\/span>\u201cus\u201d<\/span>\u00a0and lacking the\u00a0<\/span>central manage<\/span>ment, regular software updates<\/span>\u00a0and\u00a0<\/span>security\u00a0<\/span>monitor<\/span>ing of the enterprise<\/span>.<\/span>\u00a0<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

Because of this,\u00a0<\/span>w<\/span>e believe cybercriminals will advance the home as an attack surface for campaigns targeting<\/span>\u00a0not only our families<\/span>\u00a0but also<\/span>\u00a0corporations. The hackers will take advantage of\u00a0<\/span>the home\u2019s\u00a0<\/span>lack of regular firmware updates, lack of security mitigation features, weak privacy policies, vulnerability exploits, and user susceptibility to social engineering.\u00a0<\/span>\u00a0<\/span><\/p>\n

By compromising the home environment, these malicious actors will launch\u00a0<\/span>a variety of\u00a0<\/span>attacks on\u00a0<\/span>corporate as well as consumer devices in 2021.<\/span>\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n\n\n\n
\n

3.<\/strong><\/h2>\n<\/td>\n

\n

Attacks <\/span><\/b>on Cloud Platforms Become Highly Mechanized<\/span><\/b>\u00a0<\/span><\/b>and Handcrafted<\/span><\/b>\u00a0<\/span><\/h2>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

By Sandeep Chandana\u00a0<\/span><\/b>\u00a0<\/span><\/p>\n

Attacks on cloud platforms will\u00a0<\/span><\/b>evolve<\/span><\/b>\u00a0into a highly polarized state where they are either \u201cmechanized and widespread\u201d or \u201c<\/span><\/b>targeted\u00a0<\/span><\/b>and precisely handcrafted\u201d.\u00a0<\/span><\/b>\u00a0<\/span><\/h4>\n

The COVID-19 pandemic\u00a0has also\u00a0hastened the pace of the corporate IT transition to the cloud,\u00a0accelerating the potential for new\u00a0corporate\u00a0cloud-related attack schemes.\u00a0With increased cloud adoption and the large number of enterprises working from home, not only is there a growing number of cloud users but also a lot more data both in motion and being transacted.\u00a0\u00a0<\/span><\/p>\n

\u00a0McAfee cloud usage data from more than 30 million McAfee MVISION Cloud users worldwide shows a 50% increase overall in enterprise cloud use across all industries the first four months of 2020. Our analysis showed an increase across all cloud categories, usage of collaboration services such as Microsoft O365 by 123%, increase in use of business services such as Salesforce by 61% and\u00a0the\u00a0largest growth in\u00a0collaboration services such as Cisco Webex (600%), Zoom (+350%), Microsoft Teams (+300%), and Slack (+200%). From January to April 2020, corporate cloud traffic from unmanaged devices increased 100% across all verticals.\u00a0\u00a0<\/span><\/p>\n

\u00a0During the same period, McAfee witnessed a surge in attacks on cloud accounts, an estimated 630% increase overall, with variations in the sectors that were targeted. Transportation led vertical industries with a 1,350% increase in cloud attacks, followed by education (+1,114%), government (+773%), manufacturing (+679%), financial services (+571%) and energy and utilities (+472%).\u00a0\u00a0<\/span><\/p>\n

The increasing proportion of unmanaged devices accessing the enterprise cloud has effectively made home networks an extension of the enterprise infrastructure. Cybercriminals will develop new, highly mechanized, widespread attacks for better efficacy against thousands of heterogenous home networks.\u00a0\u00a0<\/span><\/p>\n

One example could be a widespread brute force attack against O365 users, where the attacker\u00a0seeks to\u00a0leverage stolen credentials and exploit\u00a0users\u2019\u00a0poor practice of\u00a0re-using\u00a0passwords across different platforms and applications.\u00a0As many as 65% of\u00a0users reuse the same password for multiple or all accounts according to a 2019 security survey conducted by Google.\u00a0Where an attacker would\u00a0traditionally need to\u00a0manually encode first and last name combinations to find valid usernames, a learning algorithm could be used to predict O365 username patterns.\u00a0\u00a0<\/span><\/p>\n

Additionally, cybercriminals could use AI and ML to bypass traditional network filtering technologies deployed to protect cloud instances. Instead of launching a classic brute force attack from compromised IPs until the IPs are blocked, resource optimization algorithms will be used to make sure the compromised IPs launch attacks against multiple services and sectors, to maximize the lifespan of compromised IPs used for the attacks. Distributed algorithms and reinforcement learning will be leveraged to identify attack plans primarily focused on avoiding account lockouts.\u00a0\u00a0\u00a0<\/span><\/p>\n

McAfee also predicts that, as enterprise cloud security postures mature, attackers will be forced to handcraft highly targeted exploits for specific enterprises, users and applications.\u00a0\u00a0<\/span><\/p>\n

The recent Capital One breach was an example of an advanced attack of this kind. The attack was thoroughly cloud-native. It was sophisticated and intricate in that a number of vulnerabilities and misconfigurations across cloud applications (and infrastructure) were exploited and chained. It was not a matter of chance that the hackers were successful, as the attack was very well hand-crafted.\u00a0\u00a0<\/span><\/p>\n

\u00a0We\u00a0believe attackers will\u00a0start leveraging threat surfaces across devices, networks\u00a0and the cloud\u00a0in these ways\u00a0in the months and years ahead.\u00a0<\/span><\/p>\n\n\n\n
\n

4.<\/strong><\/h2>\n<\/td>\n

\n

New Mobile Payment Scams<\/span><\/b><\/h2>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

By <\/span><\/b>Suhail Ansari and\u00a0<\/span><\/b>Dattatraya Kulkarni<\/span><\/b><\/p>\n

As users become more and more reliant on mobile payments, cybercriminals will increasingly seek to exploit and defraud users with scam SMS phishing or smishing messages containing malicious payment URLs.<\/b><\/h4>\n

\u00a0<\/span>Mobile payments have become more and more popular as a convenient mechanism to conduct transactions.<\/span>\u00a0<\/span>A\u00a0<\/span>Worldpay Global Payments Report for 2020<\/span><\/a>\u00a0estimated that 41% of payments today are on mobile<\/span>\u00a0devices<\/span>, and<\/span>\u00a0this number<\/span>\u00a0looks<\/span>\u00a0to<\/span>\u00a0increase<\/span>\u00a0<\/span>\u00a0at the expense\u00a0<\/span>of\u00a0<\/span>traditional credit and debit cards by 2023.\u00a0<\/span>An\u00a0<\/span>October\u00a0<\/span><\/a>2020\u00a0<\/span>study by Allied Market Research<\/span>\u00a0found that\u00a0<\/span>the\u00a0<\/span>global mobile payment market size was valued at $1.48 trillion in 2019, and is projected to reach $12.06 trillion by 2027, growing at a\u00a0<\/span>comp<\/span>ound annual growth rate\u00a0<\/span>of 30.1% from 2020 to 2027.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

Additionally, the COVID-19 pandemic has driven the adoption of mobile payment methods higher as consumers have sought to avoid contact-based payments such as cash or physical credit cards.\u00a0<\/span><\/p>\n

But fraudsters have followed the money to mobil<\/span>e<\/span>, pivoting from<\/span>\u00a0PC<\/span>\u00a0browsers and credit cards to mobile<\/span>\u00a0payments<\/span>.<\/span>\u00a0According to<\/span>\u00a0research by<\/span>\u00a0<\/span>RSA<\/span>\u2019s<\/span>\u00a0Fraud and Risk Intelligence <\/span><\/a>team, 72% of cyber fraud activity involved the mobile channel in the fourth quarter of 2019. The researchers observed that this represented \u201cthe highest percentage of fraud involving mobile apps in nearly two years and underscores a broader shift away from fraud involving web browsers on PCs.\u201d\u00a0<\/span><\/p>\n

McAfee predicts there will be an increase in \u201creceive\u201d-based mobile payment exploits, where a user receives a phishing email, direct message or smishing message telling him that he can receive a payment, transaction refund or cash prize by clicking on a malicious payment URL. Instead of receiving a payment, however, the user has been conned into sending a payment from his account.\u00a0\u00a0<\/span><\/p>\n

This could take shape in schemes where fraudsters set up a fake call center using a product return and servicing scam, where the actors send a link via email or SMS, offering a refund via a mobile payment app, but the user is unaware that they are agreeing to pay versus receiving a refund. The figures below show the fraudulent schemes in action.\u00a0\u00a0<\/span><\/p>\n

Mobile wallets are making efforts to make it easier for users to understand whether they are paying or receiving<\/span>.<\/span>\u00a0<\/span>U<\/span>nfortunately, as the payment methods p<\/span>roliferate, fraudsters succeed in finding victims who either cannot disti<\/span>nguish credit from debit or\u00a0<\/span>can be<\/span>\u00a0<\/span>promp<\/span>ted\u00a0<\/span>into quick action\u00a0<\/span>b<\/span>y smart social engineering.\u00a0<\/span>\u00a0<\/span><\/p>\n

Governments and banks are making painstaking efforts to educate users to understand the use of\u00a0<\/span>one-time passwords (<\/span>OTPs<\/span>)<\/span>\u00a0<\/span>and that<\/span>\u00a0they<\/span>\u00a0should not be shared<\/span>. Adoption of frameworks such\u00a0<\/span>as<\/span>\u00a0caller ID<\/span>\u00a0authentication<\/span><\/a>\u00a0(also known as<\/span>\u00a0STIR\/SHAKEN<\/span>) help in ensuring that the caller ID is not masked by fraudster<\/span>s<\/span>, but\u00a0<\/span>they\u00a0<\/span>do not prevent a fraud<\/span>ster from registering an entity that has a name close to the genuine\u00a0<\/span>provider of service.<\/span>\u00a0<\/span><\/p>\n

In the same way th<\/span>at mobile\u00a0<\/span>apps have simplified the ability to conduct transactions,\u00a0<\/span>McAfee predicts\u00a0<\/span>the technology\u00a0<\/span>is making it\u00a0<\/span>easier to\u00a0<\/span>take advantage of\u00a0<\/span>the\u00a0<\/span>convenience for fraudulent purposes.<\/span>\u00a0<\/span><\/p>\n\n\n\n
\n

5.<\/strong><\/h2>\n<\/td>\n

\n

Qshing<\/span><\/b>: QR Code Abuse<\/span><\/b>\u00a0in the Age of COVID<\/span><\/b>\u00a0<\/span><\/h2>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

By\u00a0<\/span><\/b>Suhail Ansari and\u00a0<\/span><\/b>Dattatraya Kulkarni<\/span><\/b>\u00a0<\/span><\/p>\n

Cybercriminals will seek new and ever cleverer ways to use social engineering\u202fand QR Code practices\u202fto gain access to consumer victims\u2019 personal data.<\/span><\/b>\u00a0<\/span><\/h4>\n

The<\/span>\u00a0global pandemic\u00a0<\/span>has\u00a0<\/span>created the need for all of us to operate and transact\u00a0<\/span>in all areas of our lives in a \u201ccontactless\u201d way.<\/span>\u00a0Accordingly, it should come as no surprise that\u00a0<\/span>QR codes have emerged as a convenient input mechanism to make mobile transactions\u00a0<\/span>more\u00a0<\/span>efficient.\u00a0<\/span>\u00a0<\/span><\/p>\n

QR code usage<\/span><\/a>\u00a0has proliferated into many areas, including payments, product marketing, packaging, restaurants, retail, and recreation just to name a few.<\/span>\u00a0<\/span>QR codes are helping limit direct contact between businesses and consumers in every setting from restaurants to personal care salons, to fitness studios. They allow them to easily scan the code,\u202fshop for services or items offered, and easily purchase them.\u00a0<\/span>\u00a0<\/span><\/p>\n

A\u00a0<\/span>September 2020 survey by\u00a0<\/span>MobileIron<\/span>\u00a0found that 86% of respondents scanned a QR code over the course of the previous year and over half (54%) reported an increase in the use of such codes since the pandemic began.\u00a0<\/span>Respondents felt most secure using QR codes at restaurants or bars (46%) and retailers (38%).\u00a0<\/span>Two-thirds (67%) believe that the technology makes life easier in a touchless world and over half (58%) wish to\u00a0<\/span>see it used more broadly in the future.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

In just the area of\u00a0<\/span>discount\u00a0<\/span>coupons<\/span><\/a>,<\/span>\u00a0an estimated 1.7 billion coupons<\/span>\u00a0using QR codes were\u00a0<\/span>scanned\u00a0<\/span>globally\u00a0<\/span>in 2017, and that number is expected t<\/span>o increase by a factor of three to 5.3 billion by 2022<\/span>.\u00a0<\/span>In just four year<\/span>s<\/span>, from 2014 to 2018, the use of QR codes<\/span>\u00a0on consumer product packaging in Korea and Japan increased by 83%<\/span>.\u00a0<\/span>The use of QR codes\u00a0<\/span>in<\/span>\u00a0<\/span>such\u00a0<\/span>\u201csmart\u201d\u00a0<\/span>packaging is increasing at a<\/span>n annual\u00a0<\/span>rate of 8% globally.<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

I<\/span>n India, the <\/span>government<\/span>\u2019<\/span>s<\/span><\/a>\u00a0<\/span>Unique Identification Authority of India (<\/span>UIDAI<\/span>)<\/span>\u00a0<\/span>uses QR codes in association with\u00a0<\/span>Aadhaar,\u00a0<\/span>India\u2019s<\/span>\u00a0unique<\/span>\u00a0ID number,\u00a0<\/span>to enable readers to\u00a0<\/span>download<\/span>\u00a0<\/span>citizens\u2019\u00a0<\/span>demographic information<\/span>\u00a0as well as their photographs<\/span>.<\/span>\u00a0<\/span><\/p>\n

However,\u00a0<\/span>the technicalities of QR codes are something of a mystery to most users<\/span>, and that makes them potentially dangerous if cybercriminals seek to exploit them to target victims.\u00a0<\/span>\u00a0<\/span><\/p>\n

The<\/span>\u00a0<\/span>MobileIron\u00a0<\/span>report found that whereas 69% of respondents believe the<\/span>y<\/span>\u00a0can distinguish a malicious URL<\/span>\u00a0based on its familiar text-based format<\/span>, only 37% believe they can distinguish a malicious QR code<\/span>\u00a0using\u00a0<\/span>its unique dot pattern format<\/span>.\u00a0<\/span>Give<\/span>n<\/span>\u00a0that QR codes are designed precisely to hide the text of the URL, users find it difficult to identify and even suspect malicious QR codes.<\/span>\u00a0<\/span><\/p>\n

Almost two-thirds (61%) of respondents know that QR codes can open a URL and almost half (49%) know that a QR code can download an application. But fewer than one-third (31%) realize that a QR code can make a payment, cause a user to follow someone on social media (22%), or start a phone call (21%). A quarter of respondents admit scanning a QR code that did something unexpected (such as take them to a suspicious website)<\/span>, and 16% admitted that they were unsure if a QR code actually did what it was intended to do.<\/span>\u00a0<\/span><\/p>\n

It is therefore no surprise that QR codes have been used in phishing schemes to avoid anti-phishing solutions\u2019 attempts to identify malicious URLs within email messages. They can also be used on webpages or social media.\u00a0<\/span><\/p>\n

In such schemes<\/span><\/a>, <\/span>victims scan fraudulent QRs and find themselves taken to malicious websites where they are asked to provide login, personal info, usernames and passwords, and payment information, which criminals then steal. The sites could also be used to simply download malicious programs onto a user\u2019s device.\u00a0\u00a0<\/span><\/p>\n

McAfee<\/span>\u202f <\/span>predicts that hackers will\u00a0increasingly use these\u00a0QR code\u00a0schemes\u00a0and\u00a0broaden them using\u00a0social engineering<\/span>\u202f<\/span>techniques. For instance, knowing that business<\/span>\u202f<\/span>owners<\/span>\u202f<\/span>are<\/span>\u202f<\/span>looking<\/span>\u202f<\/span>to<\/span>\u202f<\/span>download\u00a0QR code generator\u00a0apps, bad actors<\/span>\u202f<\/span>will<\/span>\u202f<\/span>entice<\/span>\u202f<\/span>consumers<\/span>\u202f<\/span>into downloading malicious QR code generator apps<\/span>\u202f<\/span>that pretend to do the same.<\/span>\u202f<\/span>In the process of generating the QR code (or even pretending to be generating the correct QR code), the malicious apps will steal the<\/span>\u202f<\/span>victim\u2019s\u00a0sensitive\u00a0data, which scammers could then use for a variety of fraudulent purposes.\u00a0\u00a0<\/span><\/p>\n

Although the QR codes themselves are a secure\u00a0and convenient\u00a0mechanism,\u00a0we expect\u00a0them\u00a0to be misused by bad actors\u00a0in 2021 and beyond.\u00a0<\/span><\/p>\n\n\n\n
\n

6.<\/strong><\/h2>\n<\/td>\n

\n

Social Networks <\/span><\/b>as Workplace Attack Vectors<\/span><\/b>\u00a0<\/span><\/b>\u00a0<\/span><\/h2>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

By Raj Samani<\/a><\/span><\/b>\u00a0<\/span><\/p>\n

McAfee predict<\/span><\/b>s<\/span><\/b>\u00a0that sophisticated cyber adversaries will increasingly target, engage and compromise corporate victims using social networks as an attack vector.\u00a0<\/span><\/b>\u00a0<\/span><\/h4>\n

Cyber adversaries have traditionally relied heavily on phishing emails as an attack vector for compromising organizations through individual employees. However,\u00a0<\/span>as organizations have implement<\/span>ed<\/span>\u00a0spam detection, data loss prevention (DLP) and other solutions to prevent phishing attempts on corporate email accounts, more sophisticated adversaries a<\/span>re\u00a0<\/span>pivot<\/span>ing<\/span>\u00a0to target employees through social networking platforms to which these increasingly effective defenses cannot be applied.<\/span>\u00a0<\/span><\/p>\n

McAfee has observed\u00a0<\/span>such<\/span>\u00a0threat actors increasingly using\u00a0<\/span>the messaging features of\u00a0<\/span>LinkedIn, What\u2019s App, Facebook and Twitter to engage, develop relationships with and then compromise\u00a0<\/span>corporate\u00a0<\/span>employees<\/span>. Through these victims,\u00a0<\/span>adversaries\u00a0<\/span>compromise\u00a0<\/span>the broader enterprises that\u00a0<\/span>employ\u00a0<\/span>them. McAfee predicts that such actors will seek to broaden the use of this attack vector in 2021 and beyond for a variety of reasons.\u00a0<\/span>\u00a0<\/span><\/p>\n

Malicious actors have used the social network platforms in\u00a0<\/span>broad scoped schemes to perpetrate<\/span>\u00a0relatively\u00a0<\/span>low-level<\/span>\u00a0criminal scams.\u00a0<\/span>However,<\/span>\u00a0prominent actors such as\u00a0<\/span>APT34<\/span><\/a>,\u00a0<\/span>Charming Kitten<\/span><\/a>,<\/span>\u00a0<\/span>and\u00a0<\/span>Threat Group-2889<\/span><\/a>\u00a0<\/span>(among\u00a0<\/span>others<\/span><\/a>)<\/span>\u00a0have been identified using these platforms for higher-value, more targeted campaigns on the strength of the medium\u2019s capacity for enabling customize<\/span>d<\/span>\u00a0content for specific types of victims.\u00a0<\/span>\u00a0<\/span><\/p>\n

Operation North Star<\/span><\/a>\u00a0demonstrates\u00a0<\/span>a\u00a0<\/span>state-of-the-art<\/span>\u00a0attack of this kind.\u00a0<\/span>D<\/span>iscovered and exposed by McAfee in August 2020,\u00a0<\/span>the\u00a0<\/span>campaign\u00a0<\/span>showed how lax social media privacy controls,\u202feas<\/span>e of<\/span>\u202fdevelopment and use\u202fof fake LinkedIn user accounts and job descriptions could be used to lure and attack defense sector employees.<\/span>\u00a0<\/span><\/p>\n

Just as individuals and organizations engage potential consumer customers on social platforms by gathering information, developing specialized content, and conducting targeted interactions with customers, malicious actors can similarly use these platform attributes to target high value employees with a deeper level of engagement.\u00a0\u00a0<\/span><\/p>\n

Additionally, individual employees engage with social networks in a capacity that straddles both their professional and personal lives. While enterprises assert security controls over corporate-issued devices and place restrictions on how consumer devices access corporate IT assets, user activity on social network platforms is not monitored or controlled in the same way. As mentioned, LinkedIn and Twitter direct messaging will not be the only vectors of concern for the corporate security operations center (SOC).\u00a0<\/span><\/p>\n

While it is unlikely that email will ever be replaced as an attack vector, McAfee foresees this social network platform vector becoming more common in 2021 and beyond, particularly among the most advanced actors.\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013…<\/p>\n","protected":false},"author":674,"featured_media":115990,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[3973],"class_list":["post-115915","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\n2021 Threat Predictions Report | McAfee Blog<\/title>\n<meta name=\"description\" content=\"The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013 the supply chain\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"2021 Threat Predictions Report | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013 the supply chain\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-13T09:00:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-25T06:35:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"209\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"2021 Threat Predictions Report\",\"datePublished\":\"2021-01-13T09:00:12+00:00\",\"dateModified\":\"2024-06-25T06:35:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/\"},\"wordCount\":3394,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/\",\"name\":\"2021 Threat Predictions Report | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png\",\"datePublished\":\"2021-01-13T09:00:12+00:00\",\"dateModified\":\"2024-06-25T06:35:39+00:00\",\"description\":\"The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013 the supply chain\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png\",\"width\":400,\"height\":209},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"2021 Threat Predictions Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"2021 Threat Predictions Report | McAfee Blog","description":"The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013 the supply chain","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"2021 Threat Predictions Report | McAfee Blog","og_description":"The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013 the supply chain","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2021-01-13T09:00:12+00:00","article_modified_time":"2024-06-25T06:35:39+00:00","og_image":[{"width":400,"height":209,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"2021 Threat Predictions Report","datePublished":"2021-01-13T09:00:12+00:00","dateModified":"2024-06-25T06:35:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/"},"wordCount":3394,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/","name":"2021 Threat Predictions Report | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png","datePublished":"2021-01-13T09:00:12+00:00","dateModified":"2024-06-25T06:35:39+00:00","description":"The December 2020 revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform have revealed a new attack vector \u2013 the supply chain","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/01\/McAfee_2021ThreatPredictions_General.png","width":400,"height":209},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/2021-threat-predictions-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"2021 Threat Predictions Report"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/115915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=115915"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/115915\/revisions"}],"predecessor-version":[{"id":195248,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/115915\/revisions\/195248"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/115990"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=115915"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=115915"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=115915"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=115915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}