Cyber security threats are growing in significance and this year, as in previous ones, the threat landscape facing cybersecurity teams continues to evolve.
This article aims to provide cybersecurity and penetration testing teams with a broad overview of the kind of attack strategies and payloads that they may need to increase defences against this coming year.
This year, during 2021, cybersecurity teams can expect to face down some familiar adversaries such as malware and brute force attacks. But the situation is complicated by the fact that network administrators will have to secure networks being accessed from increasingly diverse networks given the transition to remote working that has been rapidly accelerated by the ongoing pandemic.
In particular, we can expect to see an increase in social engineering attacks, including phishing, which are designed to deceive users into clicking into fraudulent links. Those investing effort into these approaches are hoping to take advantage of the shift towards remote working.
Malware remains a highly relevant attack strategy this year and one which companies need to be cognizant about defending against.
The rise in remote working that the coronavirus crisis has eventuated has led to a widening of the attack surface with many distributed teams accessing corporate networks from remote locations.
Whether remote workers are accessing software defined perimeter (SDP)-protected resources in the cloud, or connecting to managed networks via a virtual private network (VPN), there is an increased risk that malware from remote employees’ computers will propagate into important company systems risking the integrity of important shared resources.
Because of their tendency to target common user endpoints like desktop and laptop computers, malware and viruses remain some of the most common threats that can make the leap from users’ computers to cloud-based and centralized systems.
With many teams looking to remain in distributed configurations after the conclusion of the pandemic, threats from malware will continue to be a major concern for those protecting mission critical business systems however they are hosted.
In particular, we can expect to see a rise in the following types of threats this year:
Cryptojacking is an emerging form of threat in which attackers hijack their victims’ computers in order to mine cryptocurrencies including Bitcoin. Typically, cryptojacking works through social engineering injection: scammers deceive users into clicking on malicious links that download code which will automatically run in the user’s web browser.
In order to protect themselves against these kinds of attacks, users should make sure that they are running updated internet security protection. These programs typically receive updates from frequently updated databases which index known phishing URLs and those that have been flagged as hosting cryptojacking programs. Installing one gives users the best protection against inadvertently having their computer used for potentially illicit activities.
As the name suggests, scareware is designed to shock and frighten users with the usual goal of inducing them to buy unneeded software. This kind of threat is growing in popularity and typically features brash popup banners which may (incorrectly) tell users that their computer is infected. As with cryptojacking, social engineering exploits are the usual means through which these threats are injected to users’ computers.
An emotet is a type of malware that is sent through spam unsolicited emails. This particular type of malware is believed to have originated in Russia. The messages often contain branding that looks like a well-known company but actually injects malware scripts.
Ransomware is a type of malware which encrypts data on the operating system level of the victim’s computer. Occasionally this can refer to whole disk encryption although more commonly individual files and folders are encrypted so that the hacker can display some notification informing the victim of how to pay the ransom in order to receive the encryption key needed to decrypt and thus render usable their contents.
Research from Israel-headquartered Checkpoint Security has shown that there has been a rise in ransomware attacks — including double extortion attacks — that is expected to persist and even increase during this year. As with other threats, the exposure of centralized systems to a wider pool of accessing devices creates a vulnerability for remote injection.
Therefore, companies that want to secure their systems and computers from this incredibly damaging type of malware (ransomware mitigation & protection) should ensure that coherent policies are in place ensuring that all users accessing company systems are running antivirus or internet security protection.
Phishing is the classic form of social engineering exploit that involves scam artists creating deceptive communications either purporting to represent another organization or pretending that they are known to the recipient. The purpose of either attack is typically to get the victim to download something (such as by clicking a link) that injects some form of malicious program to the user’s computer.
While many users think of phishing as consisting of mostly crude attempts to mimic popular brands like Facebook, in reality those perpetrating the attacks are becoming increasingly more sophisticated in terms of their methodologies and the types of communications they can concoct to lure users into taking actions. This year, security consultants can expect to see a rise in spear phishing attacks that leverage technologies like scraping to put together extremely personalized and highly believable emails and other communications.
For instance, scraping technologies could prowl social media websites in order to map out a target’s professional or social network and then create a corporate email mentioning that people known to the target are engaging in a certain behavior. This process can be automated and scaled to target — for instance — a large user-base within an enterprise company. In order to countenance this increasingly sophisticated type of attack, cybersecurity teams need to focus on updating their user training. Teaching users how to recognize phishing attempts, in concert with improved technologies, remains the most efficient means for preventing the spread of malware through this means into an organization’s systems.
Research shows that the vast majority — 96% — of phishing attacks still arrive by email. For this reason, the most practical steps that can prevent the infiltration of malware from phishing sources are installing advanced antivirus tools combined with mail scanning, virtual analyzers and sandboxing functionalities that can read all email attachments and warn of any potentially unsafe links. Such tools are typically using AI and integrated into a regularly refreshed database containing URLs that have been known to be involved in phishing activities.
Data breaches can have massively adverse implications for organizations eroding public faith in their ability to protect customer data. Data breaches can happen whenever hackers are able to enter business systems and steal customer data. Databases, for this reason, are common targets.
In order to reduce the likelihood of data breaches from happening, companies need to invest in holistic cybersecurity solutions that protect data wherever it is stored. This could include managing and maintaining web access firewalls (WAFs), ensuring that proper encryption protocols are followed, and preparing contingency and communications plans for notifying customers in the event that there is a successful breach.
Additional steps that companies can institute to reduce the likelihood that they will fall victim to a data breach:
- Develop and implement data retention policies so that data is not held for unnecessarily long periods
- Securely delete any data that is no longer required. Old hard drives, for instance, can be scrubbed with special software
- Educate and train employees on proper data governance
The internet of things (IoT) is continuing to connect more and more devices to the internet but, in doing so, is continuing to widen the attack surface for hackers, exposing endpoints that are not regularly monitored by human operators to potential attacks.
Additionally, IoT voices can be perceived of as low hanging fruit for attackers looking for easy entry points into networks. In order to properly secure IoT systems, companies deploying this technology first need to undertake an inventory cataloging all the devices that they have in their network. These should be secured with protection in line with overarching security policies.
Additionally companies could make sure that they don’t neglect IoT devices when planning policies in the following areas:
- Patching and updates
- Centralized configuration management
- Identity control and access policies
Brute Force Attacks
If spear phishing scams are the intellectual arm of hacking attempts to break into corporate networks then brute force attacks are the sledgehammer. Brute force attacks involve hackers using programs to attempt to force entry into systems through programmatically entering a long list of possible passwords. Common brute force attempts, for instance, include dictionary-based attacks which rotate through words in the dictionary (with capital letters, numbers, and special characters). Depending upon the cryptographic strength of the password and what protections are in place this can easily be successful.
How to protect against brute force attacks depends upon what system you’re securing. If your company website is running on WordPress, for instance, then you can install plugins that automatically protect against brute force access attempts by locking out those trying to login after a number of attempts.
Brute force protection can also be applied to WiFi networks and just about any business system which attackers might be tempted to target. Software defined perimeter solutions can also integrate brute force protection to protect assets that are entirely running in the cloud.
Man In The Middle (MITM) Attacks
Man in the middle (MITM) attacks involve attackers duping users into thinking that they are communicating directly with the intended service provider when they are actually relaying communications through an illicit actor.
Common types of MITM attack that can target businesses include:
- IP spoofing: Using this methodology hackers manage to pretend to be the resource that users are trying to access through broadcasting its IP address. This allows them to capture traffic intended for another server.
- HTTPS spoofing: Virtually all sites on the internet these days support SSL and display a logo. But sometimes it’s possible for hackers to manage to deceive browsers and users into thinking that a connection is encrypted when really it is not.
- WiFi interception: Using this attack, users can set up illicit WiFi networks that look like legitimate networks. Once criminals fool users into thinking these are legitimate networks they can inspect their traffic.
Distributed Denial of Service (DDoS)
DDoS attacks are designed to flood resources with traffic so that they are forced offline. This type of attack is commonly used by those operating botnets to force unsustainable traffic volumes onclick hereto web servers. If these strategies are successful then companies can experience downtime as their websites are forced off the internet temporarily.
In order to protect against and mitigate DDoS attacks, users can:
- Move on-premises infrastructure to the cloud: The cloud has scalable compute capacity. Moving to cloud resources can give users time to assess what is going on and take necessary steps to return service availability. It’s easier for hackers to keep overwhelming services that are hosted on-premises and which can’t be easily scaled in response to an attack.
- Use web application firewalls: Ensuring that any internet-exposed resources are placed behind a firewall can help protect against DDoS attacks. Good WAFs can scrub traffic and differentiate between innocuous user activity and traffic from botnets that could be designed to orchestrate a DDoS attack.
The world of spycraft isn’t limited to nation state actors and James Bond movies. Cyber espionage is a growing concern facing businesses and therefore cybersecurity teams will need to allocate more resources to defending against this in the coming year.
Cyber espionage can involve companies using worms, trojans, and other types of malware to infiltrate business systems in order to attempt to extract sensitive commercial information such as business plans and other documents. Attackers can use any of the vectors described above (such as phishing scams) in order to lure recipients at target organizations into clicking links and download programs that inject spyware into their computers.
Once spyware has been injected and is running common targets for cyber espionage might include:
- Competitor research documents
- Marketing plans
- Client lists and account information
In order to protect and defend against these kind of attacks users should:
- Ensure that any sensitive commercial information is stored in properly secured system. This will reduce the chance that it can be successfully exfiltrated
- Ensure that employees are educated on avoiding scams and running protective programs
Comprehensive Security Is Needed
Whatever industry you’re in, businesses today are under threat from a wide variety of cybersecurity attacks including malware and trojans. Today’s cybersecurity teams need to ensure multifaceted protection targeting both cloud resources and user endpoints reflecting the evolving IT needs of remote workers.
Clarity’s outsourced cybersecurity services can provide comprehensive protection.
To learn more, contact us TODAY >>