The Disruptive Shift of Cyber Threats
Michael Jospeh, Director System Engineering, India & SAARC, Fortinet, quoted, “2020 witnessed a dramatic cyber threat landscape from beginning to end. Although the pandemic played a central role, as the year progressed cyber adversaries evolved attacks with increasingly disruptive outcomes. They maximized the expanded digital attack surface beyond the core network, to target remote work or learning, and the digital supply chain. Cybersecurity risk has never been greater as everything is interconnected in a larger digital environment. Integrated and AI-driven platform approaches, powered by actionable threat intelligence, are vital to defend across all edges and to identify and remediate threats organizations face today in real time.”
2020 was indeed a year of learning for all of us. It surely had a learning for everyone, whether it’s the common man or the highly experienced cyber leaders, the year taught all a lesson or two. Fortinet’s latest semiannual FortiGuard Labs Global Threat Landscape Report highlights that the threat intelligence from the second half of 2020 demonstrates an unprecedented cyber threat landscape where cyber adversaries maximized the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks. Attackers targeted the abundance of remote workers or learners outside the traditional network. They also showed renewed agility in attempts to target digital supply chains and even the core network.
Patching and remediation are ongoing priorities for organizations as cyber adversaries continue to attempt to exploit vulnerabilities for their benefit
Some of the key highlights of the findings are onslaught of ransomware that continued to haunt the cyber experts; supplychain took the centre stage; adversaries targeted the online moves of the users while the home branch office remained a constant target; surprisingly, the cast of actors joined the global stage; and last but not the least, flattening the curve of vulnerability exploits.
If we go deeper into each of them, we would know that the research showed a sevenfold increase in overall ransomware activity compared to 1H 2020, with multiple trends responsible for the increase in activity. The focus on big ransoms for big targets were set and the threat of disclosing stolen data if demands were not met combined together to create conditions for the massive growth in ransomware attacks.
In addition, the varying degrees of prevalence, the most active of the ransomware strains tracked were Egregor, Ryuk, Conti, Thanos, Ragnar, WastedLocker, Phobos/EKING and BazarLoader. Five sectors were the most hit, which includes healthcare, professional service firms, consumer services companies, public sector organizations, and financial services firms. Hence organizations need to ensure data backups are timely, complete, and secure off-site. Zero-trust access and segmentation strategies should also be investigated to minimize risk.
On the other hand, the supplychain attacks like SolarWinds breach raised the discussion to new heights. Also examining the most prevalent malware categories reveals the most popular techniques cybercriminals use to establish a foothold within organizations. The top attack target was Microsoft platforms, leveraging the documents most people use and consume during a typical workday, while web browsers continued to be another bottleneck. Employees who typically benefit from web-filtering services when browsing from the corporate network continue to find themselves more exposed when doing so outside that protective filter.
A large part of the second half of 2020 saw exploits targeting IoT devices, such as those existing in many homes, were at the top of the list. APT (Advanced Persistent Threat) groups continue to exploit the COVID-19 pandemic in a variety of ways. The most common among them included attacks focused on gathering personal information in bulk, stealing intellectual property, and nabbing intelligence aligned with the APT group’s national priorities. An increase in APT activity targeting organizations involved in COVID-19 related work saw rise towards the end of 2020. Such targeted organizations included government agencies, pharmaceutical firms, universities and medical research firms.
Patching and remediation are ongoing priorities for organizations as cyber adversaries continue to attempt to exploit vulnerabilities for their benefit. Among all the exploits tracked over the last two years, only five were detected by more than 10 percent of organizations. With all things being equal, if a vulnerability is picked at random, data shows there is about a 1-in-1,000 chance that an organization will be attacked. Nearly six percent of exploits hit one percent of firms within the first month, and even after one year, 91 percent of exploits have not crossed that one percent threshold.
As threat landscape has become omnipresent with attacks on all fronts, it is important that threat intelligence remains central to understanding these threats and how to defend against evolving threat vectors. Every device creates a new network edge that must be monitored and secured. The use of AI and automated threat detection can enable organizations to address attacks immediately, not later, and are necessary to mitigate attacks at speed and scale across all edges.
There is no doubt that cybersecurity user awareness training should remain a top priority as cyber hygiene is not just the domain IT and security teams.
So start training your workforce regularly on the best practices to keep individual employees and the organization secure.