Posted by Geraldine Hunt on Tue, Nov 3rd, 2020
Cyberattacks have increased steadily ever since the initial outbreak of COVID, and we still may not have peaked. However much we want to forget about the present year, we must take the time to analyze it from a cybersecurity point of view in order to protect ourselves in 2021. Despite the continued growth, an industry study showed a 30% increase in cyberattacks between the months of July and August of this year when a record 1,746,611 cyberattacks were recorded in a 24 hour period on August 18. Below is a short summary of the top 5 security threats to watch out for.
Prior to the pandemic outbreak, some 5.2 percent of U.S. employees worked remotely on a full-time basis according to the U.S. Census. This was lower than many companies in Europe, especially the Netherlands, who for years has led the global shift towards remote work at 14.1 percent. Then came COVID. The CEO of Barclays summarized the “new normal” in one sentence, “Putting 7,000 people in a building may be thing of the past.”
While companies have been able to make the transition to remote work strategies with relative ease, the conversion of relocating the work process itself was the easy part. Securing these remote work processes is the challenging phase. Conventional security methods have centered around a perimeter architecture that no longer exists. Remote employees working in isolation from internal IT and their peers are far more vulnerable to cyberattacks. The cyberwar will now be fought on a thousand fronts, rather than along a single perimeter.
O365 under Attack
Microsoft O365 has fast become the core of so many businesses today. Whether it’s email services, Office applications or personal file storage, companies and schools have busily migrated business critical services to the O365 cloud. As a result, hackers have made it a prime target for attacks. Ironically, cybercriminals subscribe to these same services in order to discover its vulnerabilities. Whether it’s large scale credential stuffing attacks or well-conceived phishing attacks asking users to reset a password or access a shared OneDrive, O365 users are continually under attack. Companies need to enforce complex passwords as well as multi-factor authentication in order to secure these accounts. Internal IT must bolster 0365 with dedicated email security as well as regularly monitoring their O365 environments in order to be able to identify abnormal logon activity.
Ransomware is a classic example of evolution. Entities evolve over time in order to adapt to new conditions in order to survive and flourish. The same is true of ransomware. Traditional Ransomware used to be like a buried landmine. It lies there dormant in wait of an unfortunate victim who arbitrarily stumbles across it. Those that deployed the mine have no way of selectively targeting who will stumble across it.
This was the case of early ransomware. Ransomware was cast out as a giant net, unsure of who its unlucky victim would be. Typically, it was dispersed within large scale phishing attacks. Once an unsuspecting user clicked the enticing but malicious link, the ransomware was launched and within minutes began its deed of encrypting whatever it could find. The ransom notice then followed. The perpetrators then hoped that enough victims would pay up.
Ransomware is now in its second phase. Ransomware 2.0 is far more complex. Not only is it designed to evade traditional security controls, it is often manually controlled in patient fashion. Ransomware 2.0 attacks are no longer automated or immediate. Once a foothold is established, the perpetrators maneuver around the compromised network in search of high value assets as well as backup depositories. Once proprietary or compromising data is located, the data is copied and uploaded to a secure location. It is only at that point that encryption begins. Should the victim be able to recover the data, the criminals then threaten to sell or release the stolen data. This gives them multiple ways to demand money, increasing the odds of a return on investment.
Phishing continues to be a top threat as it has for years. The reason is simple. It’s easy. Nearly everyone is dependent on email for their jobs today, which makes nearly everyone a viable target. According to the 2020 Phishing Attack Landscape Report, companies experienced an average of 1,185 attacks every month thus far. The report included survey results in which 38 percent of respondents reported that a coworker fell victim to an attack within the past 12 months. Phishing continues to be the primary delivery mechanism for both ransomware and data breach attempts. You cannot have an effective cybersecurity strategy that does not include an effective means of combatting phishing attacks.
Social engineering is about the art of deception. It is about manipulating the essence of human nature. Phishing is the classic example, with spear phishing and whaling taking it to the next level. Cybercriminals now perform reconnaissance for weeks or months at a time in order to determine strings to pull within an organization. Other social engineering examples include tailgating and watering hole attacks.
Of all the above threats, the biggest by far, is the fact that Office365 is under increased attack because of rushed remote working scenarios with inadequate email and web security.
For further information on improving protection from phishing attacks and other cyber threats, give the TitanHQ team a call. Alternatively, you can register for a no obligation free trial of both solutions to evaluate them in your own environment.