The outbreak of the COVID-19 pandemic changed our lives in more ways than we ever could have imagined. While there’s is a lot more awareness of the devastating economic, physical and mental wellbeing impact the virus has made, the general public isn’t nearly as well-informed about the increased dangers that they face daily in the digital space as a result of the pandemic.
As lockdown rules were enforced across the globe in March 2020, businesses adapted by shifting towards remote working and a fully-digital working environment. With more people than ever using online communication tools to collaborate with colleagues, family and friends, and tons of information shared online every minute, cyber criminals are presented with the perfect opportunity to launch cyberattacks. From blackmail ransomware attacks costing billions to a staggering increase in phishing attacks - the threats cyber security professionals have to combat in 2021 are not only increasing in number, but also in sophistication.
This, poses the question of how ready your business is when it comes to preventing cyber-attacks, based on the current cybersecurity landscape. Below we look into the specific types of emerging cyber attacks, the risks they face, as well as the steps cybersecurity professionals should take in order to prevent them from taking place in the future.
Blackmail ransomware, data exfiltration and targeting backups
Ransomware attacks have been on the rise over the last five years, but since 2019, the cybersecurity community has seen a new trend towards cyber criminals stealing and releasing sensitive data rather than simply blocking it away. Traditionally, hackers would use malicious encryption to prevent their victim from accessing their data. Now, in addition to encrypting the data, they threaten to leak it or sell it, causing irreparable damage to the company’s reputation.
This blackmail ransomware model is a game-changer for information security specialists. More and more ransomware strains, such as WastedLocker, Netwalker and REvi use data exfiltration protocols, in addition to the standard data encryption methods. One of the most notable cases of blackmail ransom attacks in 2020 was the Maze attack on global giant Canon which took place back in July, stealing a whopping 10TB of data from the company.
As ransomware practices grow smarter, so should your cybersecurity system and strategy. For your business to be adequately prepared to protect its assets from the new and ever-evolving ransomware strains, you should look to implement a multi-layer, Defense in Depth (DiD) strategy. Think of data like an onion’s core - each layer that surrounds it creates one more cyber security barrier that the malicious actors have to penetrate through in order to successfully inflict a cyberattack.
The DiD model states that your cybersecurity architecture should incorporate multiple elements including firewalls, intrusion prevention and detection systems (IDS and IDP), endpoint detection and response (EDR), network segmentation, access control and at least a two-step password verification process. This is in addition to regular patch management, protecting yourself and your business from new vulnerabilities. With all of these in place, your system should (in theory) have no single point of failure, giving you the best chance of detecting and blocking an attack before it enters your system.
That said, even the best cyber defense system isn’t impenetrable. In the current climate, it’s crucial to include ransomware attacks in your incident response plan (if you haven’t done so already), as well as an efficient backup procedure. Nevertheless, cyber criminals have now outsmarted the traditional backup solutions available, meaning what would have stopped the ransomware in the past, it’s helpless against new ransomware strains such as 2018’s Ryuk and more recently, Netwalker, Conti and DarkSide. These are all designed to disable your basic backup processes and to delete shadow files, making recovery impossible.
The following cyber defense tips will help counteract ransomware that targets backups:
- Have more than one backup stored in different locations
- As well as regularly backing up data, also test your backups to confirm the process hasn’t been compromised already
- Avoid permanently connected backup storage devices as they make an easier target and entry point
- Ensure you have offline backups that are isolated from your system
- Set up any cloud solutions services you’re using to save previous backup versions instead of automatically syncing, as they could be syncing to encrypted data
- Before you restore from a backup, check whether both the backup and the device it’ll be transferred to are clean of malware
Remote workers under attack
New strains of ransomware aren’t the only cyber threat your system needs to be prepared for. Phishing is back with a vengeance, and it’s an issue that everyone should be concerned about and prepared for. Statistics show a staggering 600% rise in phishing email attacks in just one month from February to March 2021, and the attacks on remote workers can only be expected to keep going up with hybrid work models becoming a more permanent fixture
Phishing emails aren’t as easy to spot today as they were ten years ago. Anti-malware filters are struggling to detect them as cyber criminals are using more sophisticated techniques, such as encrypted HTTPS URLs and hosting their pages on trusted domains, including Google itself.
In addition, hackers have demonstrated that two-step verification isn’t bulletproof either. Using automated one-time code generators to phish 2FA tokens is just one of the many techniques that are seeing a spike in popularity. Phishing pages can even have a CAPTCHA code requirement before you access them, which may be enough to throw your regular security system’s automatic anti-phishing scanners off track.
Applying a combined approach to tackle this problem using the defense in depth (DiD) strategy mentioned above is essential. Your cyber defense should include a combination of firewalls, intrusion prevention and detection systems (IDS and IDP), endpoint detection and response (EDR) and so on. In addition, protecting remote workers requires further layers of protection, such as introducing a VPN that meets NCSC recommendations and implementing a two or even three-step verification process.
All your technical cyber security efforts should also be supported by a cybercrime awareness training program within the business. Making sure your staff are educated on how to spot a phishing attack is invaluable to your cyber security defense strategy. Your security protocols should also be reviewed, updated and communicated to all employees regularly to account for any new types of threats.
Another cyber security concern worth noting is the exploitation of unpatched software vulnerabilities. Even when patches are released quickly, unless the system has been updated they won’t take effect and cyber criminals use this to penetrate it. Big systems such as Windows are no less vulnerable than lesser-known software either. Even though they may have more inbuilt security protocols, these actually mean they’re also subject to more attacks, so much so that Microsoft Office attacks accounted for 75% of such exploits globally in 2020.
So what can you do to prepare your business for these ever-evolving and ever-growing threats? Patch management is the key, and as both your OS, apps and your VPN are vulnerable, it’s crucial to enforce scheduled updates when necessary. The message that should be communicated to all employees is simple: when your software wants to update itself and Windows asks to restart, just do it.
Due to these concerning trends and the likelihood that even more cyber threats will arise this year, it’s no surprise that 2021 is expected to be a huge challenge for cybersecurity professionals worldwide. So can you confidently sit there and say your cyber defense strategy is robust enough for the year ahead? If there is any doubt, it might be time to rethink your cyber defenses and the tools you use to ensure that your business is adequately protected against cyber attacks.