New Decade, New Cyber Threats
We have now entered 2020, so we are going to be looking back on at the different trends on the cyber security front in 2019 and how we can prepare to face new threats and risks that the new year may bring.
Ransomware: The ‘Gift’ to Criminals That Keeps On Giving
The main threat in 2019 continued to be ransomware, a relatively simple attack which encrypts information on endpoints and servers and demands a ransom payment in exchange for releasing the hijacked data. A ransomware attack does not attempt to be stealthy; notification of its existence is part of the MO, and aside from locking files, ransomware does not necessarily ( or directly) cause other damage to the infected system. That said, it’s precisely the knock-on denial of service effects arising from crucial data being made unavailable that make the business case to pay, or to not pay, turn in the criminals favour.
From a technical point of view, this is a threat that should be quite simple to deal with and reducing the number of organizations that continue to offer criminals an easy pay day while putting their own essential services at risk is something that should be top of the agenda for every CISO in 2020. If there is a proper backup strategy in place, all the organization has to do is erase affected workstations and recover from the most recent pre-infection snapshot or image. Even better, a trusted EDR solution is easily capable of preventing ransomware in the first place and rolling back infected devices in the second.
In practice, however, too many organizations are caught unprepared. Too many businesses have sprawling networks with poor visibility and a wide-range of legacy devices. Too many businesses are using outdated information systems; too many have insufficient awareness of the threat; too many do not backup regularly or update software frequently enough. The practicalities for some organizations are far from trivial and not to be underestimated, but the reality is that no matter how big the challenge, businesses that fail to get their networks in order and implement simple, best practices across their endpoints can expect to be severely affected by ransomware attacks.
Ransomware attacks have more than doubled globally over the past 12 months, with the United States being the target of more than half of the world’s incidents. The situation has become so dire that ransomware is considered a threat to US national security and there are real fears that ransomware attacks could interfere with the upcoming U.S. elections, either through voting machines or voter data being targeted for encryption.
Ransomware Take Away for 2020: take yourself out of the firing line, get proper protection and implement a robust backup and contingency plan. 2019 teaches us that those who fail to make the right, crucial call to get on top of their networks will be caught out.
APTs: Making Nation-State Attacks Great Again
Government-backed, advanced persistent threat actors have been particularly busy this year. Various nationalities, reportedly Chinese, Iranians and North Koreans have all been seen engaging in hacking activities during 2019, while the US government has itself made unofficial admissions of cyber attacks against Iranian facilities this year.
Notable attacks seen during 2019 were a widespread attack on the airplane maker Airbus, an attack on a host of financial entities that generated $3 billion in revenue for North Korea, and Iranian attacks on Saudi entities and companies. In addition, it turns out that the Chinese passenger plane C919 unveiled this year is almost entirely copied from a series of American and other manufacturers, suggesting that stolen IP played a big role in its development. The US Secretary of Defence recently said that China is committing the biggest IP theft in human history. Needless to say, most of the information was stolen through sophisticated cyber attacks.
Unlike previous nation-state cyber attacks, these attacks are wide-ranging, affecting a variety of bodies, individuals and companies In the process, many more entities that traditionally are not considered the targets of these sophisticated attackers are being hit. These include infrastructure companies and service providers. Undoubtedly, the changing threat landscape will also require these entities to invest more in securing their information and infrastructure.
APT Take Away for 2020: expect more of the same. As nations vie for strategic advantage in cyberspace, it looks increasingly like the battle will extend to securing and homogenising the supply chain by the big players, with the smaller players likely having to pick their side.
IoT: Yet Even More ‘Stranger Things’ on Your Network
As the number of Internet of Things (IoT) devices invading enterprise networks continues its inexorable growth, both nation-state actors and criminal enterprises have this year naturally taken an interest in exploiting IoT devices.
Earlier this year, APT actor Fancy Bear, aka Strontium, attacked printers, video decoders and IP/VOIP phones to gain wider access to corporate networks. Meanwhile, copy-cat Mirai botnets continued to exploit unpatched devices susceptible to Eternalblue throughout 2019, with one security vendor reporting that virtually all attacks seen on their honeypots were automated scripts designed to attack at scale.
Increasing attention to the security of internet-connected appliances is, therefore, a necessity for every organization. It’s becoming ever-more difficult to avoid such things appearing on your network as manufacturers continue to add internet and ‘cloud’ capability to the most mundane of devices.
IoT Take Away for 2020: network visibility is going to be crucial. You cannot defend what you cannot see, and every blindspot is a potential soft access point into your wider network.
Breaches and Leaks: All Your Data Belongs to Us!
Many of the “cyberattacks” we hear about are not attacks at all, but data breaches that are a result of malicious or negligent actions that expose sensitive information to the wider world. Digital data leakage has always existed, but as the amounts of data are growing exponentially and organizations are moving to cloud-based systems, data breaches are becoming more frequent and more severe.
Data breaches on frightening scales – like an entire nation – are the price of organizations becoming dependent on the cloud for storing information while at the same time lacking the knowledge, skill or will to implement secure cloud best practices.
For example, many organizations store their entire customer database on cloud services such as Amazon AWS or Microsoft Azure. These are robust platforms when used properly, but it’s also easy for clients to misconfigure firewalls, leave open permissions, use weak or recycled passwords or fail to secure other credentials.
Such basic failures have led to millions of sensitive records being exposed this year: medical records, financial information, personal information and more. As is so often the case, the technology is not at fault here. The challenge today is to develop the skills of the DevOps who operate these cloud environments to be aware of the dangers and to act intelligently.
Breaches Take Away for 2020: do the right thing. There’s no shortage of best practices information on how to prevent and deal with data breaches, but research has shown that even some of the top consulting firms fail to take their own advice. Don’t be one of them.
Disinformation: Fake It Till You Make It – Politics’ New Normal
This year, we experienced a rise in a trend that affects our lives more deeply than just “cyber-hacking” – the increasing involvement of cyber attacks in politics. From Israel’s Prime Ministerial candidate’s mobile phone that was allegedly hacked by Iranians, through to Israeli offensive cyber companies whose products serve various regimes around the world for spying on political parties, to campaigns with political motivations by countries such as Russia and North Korea, and even ransomware campaigns featuring images of President Trump (or Hillary Clinton).
There is an understanding in the industry, that there will no longer be any “cyber-less” elections. The UK election in December 2019 has already witnessed several cyber incidents: DDoS attacks on one of the major parties, disinformation strategies by the other, and Russian-backed entities allegedly leaking information related to key election issues have all been seen.
With Deep Fakes and disinformation campaigns now being treated as genuine electoral tactics, there is even greater need to increase general awareness among the public about this threat to democracy as the US 2020 election season arrives.
Disinformation Take Away for 2020: security mechanisms around influential political figures and political party apparatus must be tightened and more effort is needed to secure voting processes from tampering. On top of that, we all need to treat the 24/7 news cycle, designed to maximise instant likes, retweets and to hit that “gone viral” sweet spot, with a healthy degree of scepticism.
Disinformation Take Away for 2020: security mechanisms around influential political figures and political party apparatus must be tightened and more effort is needed to secure voting processes from tampering. On top of that, we all need to treat the 24/7 news cycle, designed to maximise instant likes, retweets and to hit that “gone viral” sweetspot, with a healthy degree of skepticism.
2019 was a clear continuation of the years that preceded it, but more intense — more attacks, more data breaches and greater damage throughout the world. Will 2020 bring any relief or will the threats keep escalating? The problems we’ve seen in 2019 aren’t going to “magic” themselves away, but nor are we helpless. The big takeaway from 2019 is that organizations and companies, governments and individuals must invest more in information security, education and prevention. Cybercrime is a solvable problem that no one needs to be a victim of.
But for those that continue to ignore the reality and refuse to accept the challenges of doing business in the modern, connected world, then 2020 will likely be bleaker than its predecessor, and not the other way around.
If you would like to see how SentinelOne can help your business meet those challenges and stay safe in 2020, contact us for more info or request a free demo