Bharat Mistry, Technical Director at Trend Micro, shares his advice on how best organisations can protect themselves as cybercrime continues to rise drastically this summer.
As the temperatures warm up and lockdowns ease, you might be forgiven for thinking that summer means an easier time at work. Unfortunately for cybersecurity professionals, that’s most definitely not the case. You might want to take it easy, but threat actors rarely take PTO. From crippling cyberattacks on UK schools to urgent new advice for patching critical vulnerabilities, there’s no shortage of stories to keep CISOs awake at night.
The good news is that mitigating cyber risk doesn’t need to be prohibitively expensive or complex. Now is a great time to revisit policies, tooling and strategy, to set your organisation up for success.
A summer of cyberthreats
By any measure, ransomware is the most visible and dangerous threat UK organisations have to deal with this summer. Trend Micro detected a 34% year-on-year increase in new variants in 2020, and the underground market remains as prolific as ever this year. Over recent months, high-profile attacks on US oil and food supply chains and managed service providers have escalated ransomware to the highest levels of government. In addition, both G7 and NATO leaders have called out nations such as Russia for harbouring criminal groups.
Yet while these big-name attacks tend to be most eye-catching, the majority are still aimed at SMBs. And the affiliate groups that carry most of them out are getting bolder. According to insurers, the average size of demand made to North American ransomware victims soared by 170% year-on-year in the first half of the year. We’ve seen attacks combining not only encryption of key files and data theft but also DDoS attacks and the contacting of customers and stakeholders—all with the end goal of forcing payment. The good news is that their tactics are increasingly predictable: initial entry via phishing, vulnerability exploitation or RDP, and lateral movement using legitimate tools.
Less easy to predict or deflect are nation-state attacks. Yet as state-backed operatives get bolder, more organisations are becoming exposed to potential compromise—either as a target themselves or a “stepping stone” en route to higher-value partners. When the US government starts offering rewards of up to US$10mn for information identifying these actors, you know that the advantage is increasing with the attackers.
Making things even more difficult is the increasingly blurred lines between state-sponsored and cybercrime activity. Nation states today might buy hacking tools off the dark web and even hire cyber-criminals to do their dirty work. In the meantime, the cybercrime economy continues to mature. Today it’s a finely tuned machine where each component has a precisely defined role. As we’ve reported, “access-as-a-service” vendors are increasingly common. These threat actors typically compromise targets and then sell network access to ransomware groups and others. The pressure to patch vulnerabilities and find misconfigured endpoints has never been greater.
Review and prioritise
Although we say that things are getting harder for cybersecurity leaders every year, 2021 has had more bumps in the road than most. But that doesn’t mean it’s game over. In fact, the summer offers a useful opportunity to take stock of what works and what doesn’t and to advance the corporate cybersecurity posture.
- Ransomware surges in, and the data floods out
- Why developers are our best defence against cyberattacks
- VMWare on how cybercriminals manipulate reality
- Snow Software on cybersecurity trends and challenges in 2021
We know that attackers are increasingly hijacking RDP endpoints and other accounts by brute-forcing credentials or using previously breached passwords. That makes multi-factor authentication increasingly table stakes for today’s CISOs. We also know that they’re still exploiting vulnerabilities to compromise systems, including those dating back several years. So patch promptly and consider virtual patching capabilities to protect end-of-life and other systems where fixes can’t be easily applied. Finally, review the legitimate tools (PSexec, Cobalt Strike etc.) that are regularly used by threat actors once inside your networks to perform lateral movement without raising the alarm. By understanding how they’re used by your employees, you’ll be better placed to spot anomalies that could indicate malicious activity. More broadly speaking, use this summer to identify your most business-critical systems and build defences around them first. Work with your security partners to audit their solutions and ensure you have the latest builds and features in place. And review your policies, especially incident response and recovery in the event of a ransomware attack. The bottom line is that no organisation is 100% safe from a security breach today. It’s all about spotting them early on and taking action before the bad guys have.