With fast emerging cyber threats even the most mature security practices lag behind when facing high-momentum attacks, such as attacks on APIs or cyber-physical systems (CPS), organisations need to shift the focus from “are we safe?” to “are we prepared? With digital business transformations, hybrid workforces, and interconnected digital supply chains expanding the attack surface, the threat landscape remains a challenge .
Top threats: The same threats tend to remain at the top of the list for years. According to Verizon’s “2021 Data Breach Investigations Report” report, phishing, use of stolen credentials and ransomware are among the top five actions involved in breaches. They were already high on the list in the 2018 report and social engineering, catching up fast.
RANSOMWARE
Ransomware is a type of malware that encrypts the data, and important files and then demands payment to unlock and decrypt files. The impact of ransomware is enormous and destructive. Ransomware attacks can wipe out and encrypt all your critical data. Some of the well know ransomware are Cryptolocker, WannaCry, NotPetya and Petya and GrandCrab
Expect attackers to:
- Target individual employees, particularly those working remotely. Organizations with poorly configured remote services, lack of security and governance policies, and unmanaged BYOD devices are at higher risk.
- Attackers will make further use of cloud storage and encryption. According to Netskope, in 2021, 69% of malware delivered over HTTP(S) came from cloud storage applications, which are increasingly likely to be approved, especially in work-from-home scenarios. Furthermore, 91.5% of all malware is now installed over encrypted connections.
Key recommendations:
- A proactive strategy that includes backup (including a restore test), device management, and restricting privileged access for users.
- Increase training for the technical and non-technical aspects of a ransomware incident.
- A layered approach to reduce the attack surface
PHISHING AND SOCIAL ENGINEERING
Phishing and social engineering go hand in hand, phishing used to be random. But now attackers are making use of social engineering techniques and spending time to research the targets. Attackers impersonate trusted officials, like customer service representatives at a bank, or even high-ranked employees within the company. Unlike ransomware or zero-day exploits, a good social engineer doesn’t need technical skills to succeed. They rely on social techniques and trick their targets to give out the information. “Why hack when you can just ask for credentials”.
Expect attackers to:
- Be successful. Only one in five organisations in the past 12 months experienced no phishing attacks.
- Use a multichannel approach to attack organisations, combing social engineering, text message voice, email, and web attacks.
- They will target individuals by using personal information to impersonate their roles as employees.
- Impersonate people or entities of authority by exploiting the more limited options to verify the identities of, for example, government agency staff and members of the office of the CFO or CEO.
- Use legitimate cloud storage to host malware.
Recommendations
- Use targeted phishing tests, based on employees’ roles, ages, and work-from-home practices.
- Train people in charge of internal and customer communications to look for fishing signs and verify identity
- Focus on “building for the long-term” and then “scaling fast” when designing remote access, endpoint, and application security programs.
ACCOUNT ABUSE
Account abuse takes advantage of poorly managed accounts and personal information. An attacker can launch brute force attacks where a bot can generate all password combinations. Attackers also look for any information from public breaches. If a user has the same password across different accounts, it makes it easy to access their digital life.
Expect attackers to:
- Attempt to gather credentials that are still not adequately protected by robust multifactor authentication (MFA) processes.
- Target all categories of accounts
- Try to take advantage of the remote-based enrollment process to gain access.
- Exploit weakness in MFA procedures
- Exploit accounts leaked from public breaches.
- Go “low and slow” to avoid detection
Recommendations
- Secure account identities by using privileged access management and along with machine and location identity management.
- Strengthen identity proofing and identity recovery throughout the user life cycle. Start by expanding MFA where it is not already implemented.
- Strengthen monitoring to detect abnormal user activity and assume accounts will be compromised.
CONCLUSION
With attacks becoming more targeted and sophisticated, age-old antivirus and complex passwords are just not enough to combat the threat. Morden organizations will need an AI-driven approach for threat detection, investigation and response, and business continuity plans with a focus on security and compliance policies. Organizations also need to make sure employees receive continuous training, so they are well-equipped to recognize and deal with threats.
