We’re in the best of times, yet we’re also in the worst of times. On one hand, we all benefit from the emergence of new technologies, including 5G, AI, IoT and so on. On the other, COVID-19 has posed a serious threat to mankind, and it compels us to alter the way we live and work, probably forever.
The factors aforementioned has affected (both positively and negatively) almost every business sector, including cybersecurity. By gathering information from experts and past evidence, we summarize 8 new trends that every cybersecurity practitioner should know. Hopefully, this article can proffer you some insights about the future threats your organization may be facing, and what you can do to fight back. Ready? Let’s begin.
Trend 1: Targeted ransomware attacks are on the rise.
In 2020, FBI Internet Crime Complaint Center (IC3) has received 2,474 incidents of ransomware attacks as suggested by its 2020 Internet Crime Report; such number exceeds the 2,047 complaints FBI got in 2019. The report also suggests that such attacks are most commonly launched through phishing e-mails, software vulnerabilities and RDP, three of the key subjects for the later discussion in this article.
One noticeable tendency regarding ransomware is “double extortion”, where the hacker group first demands a ransom for decrypting the encrypted files, and then request a second payment for preventing the stolen data from being published online. It seems that this has become a new normal for such type of cybercrime.
In addition, the difficulty for performing such attack has decreased significantly due to the rise of Ransomware as a Service (RaaS), which allows inexperienced attackers to use ready and effective tools in their own strikes. The actual tool developers will then earn a percentage of the ransom paid by each victim. Due to this, it’s generally believed that ransomware will continue to rage in the upcoming year.
Trend 2: Remote working introduces new challenges to business.
COVID-19 has greatly changed how people work. According to a survey done by Gartner, the percentage of employees working remotely has increased from 30% to 48% after the pandemic, and another Gartner report indicates that 74% of the companies consider to let (at least part of) their workforce remain remote permanently.
Such change, however, introduces new challenges to enterprise security. Take VPN (virtual private network) as an example. The U.S. Department of Homeland Security has revealed two critical vulnerabilities related to it: CVE-2018-13379 (affecting Fortinet SSL VPN) and CVE-2019-11510 (affecting Pulse Connect Secure). The former has a CVSS score up to 9.8, and the latter 10 (the highest score on the scale); indicating that both are very serious flaws (P.S., CVSS score ranges from 0 to 10; the higher the worse).
Remote Desktop Protocol (RDP) developed by Microsoft is another common target for computer intrusion. In accordance with a report released by Kaspersky, brute-force attacks targeting RDP has gone up significantly since March, 2020.
Other remote-desktop software has flaws as well, where TeamViewer has 8 of them, Netop 4, LogMeIn 4, and VNC 121. It’s worth noticing that no vulnerability has been found in Splashtop so far, which perhaps makes it the best options for remote accessing today.
E-mail is another tool necessary for remote working, and thus the attacks related to it rise correspondingly after the pandemic. As claimed by FBI’s Internet Crime Report, “business e-mail compromise (BEC)” and “phishing scams” are two of the most common complaints in 2020. Together, they are responsible for more than $1.8 billion dollars loss.
It’s worth noticing that not only do cybercriminals utilize fake e-mail domain that mimics the real one, but 98% of malicious e-mails are text-only, so that firewall or other defensive mechanism cannot filter them out. Many has also pointed out that a great number of phishing e-mails are COVID-19-related.
Trend 3: Supply chain attacks are getting frequent.
In a supply chain attack, an attacker infiltrates your system through a third-party supplier instead of attacking you directly. As you can imagine, since a product or service provided by an affected supplier may be used by multiple organizations and individuals, the influence of such kind of attack can be extremely wide.
One of the most serious supply chain attacks disclosed at the end of 2020 was the SolarWinds hack, in which SolarWinds Orion, a platform used by many for managing IT resources, was injected with multiple malware (such as Sunburst and Supernova) that is capable of creating backdoors on the compromised machine.
It has been suggested by CrowdStrike that the attacker successfully intruded in SolidWinds’ private network as early as September 4th, 2019. The malware, Sunburst, was deployed on the company’s system in February 20th, 2020, yet it was found by FireEye until December 13th, 2020.
It’s worth noticing that there was a fairly long time gap between the intrusion of the company’s network and the deployment of the malware. During such time gap, the attacker was familiarizing itself with the developing environment of SolarWinds, which could help them better hide their misconduct.
The strategy said turns out to be highly effective. Eventually, the malware implanted in Orion successfully infiltrated multiple organizations, including US government agencies (e.g., Department of Homeland Security, parts of the Pentagon, Department of Energy, Department of the Treasury etc.), major tech companies (e.g., Microsoft, Cisco, Intel, etc.), cybersecurity firms (e.g., FireEye), and so on.