Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

October 5, 2021

These are the cybersecurity threats you need to defend against in 2021 and beyond

Photo | Pixabay

Ever since the onset of pandemic-induced remote work, business IT environments have been under siege from a litany of cybersecurity threats that are constantly evolving as malicious cyber criminals sharpen their tools and develop more sophisticated ways around our network defenses.

The remote work model helps businesses maintain viability when employees have to socially distance and work from their homes, but it presents a great deal of cyber risk as the traditional IT perimeter disappears with employees scattered across the country.

Hackers are exploiting that remote work model via a variety of attacks, including ransomware, supply chain attacks, phishing, exploiting software and hardware vulnerabilities and more to lead to a triple digit increase in cyberattacks over the first half of 2021, according to a report from IT firm Accenture.

According to Jeffrey Ziplow, a Hartford-based principal and partner of professional services firm CliftonLarsenAllen who oversees the firm’s security and vulnerability assessments and works with leaders in state government and law enforcement on responding to cyber breaches, cyberattacks are no longer easy to spot.

“The attackers are getting very sophisticated,” he said.

Phishing attacks are no longer easy to spot

Phishing attacks – in which a bad actor sends a specially crafted email or other message designed to convince a user to click on a link that leads to them getting hacked – have historically been easy to spot since they’re usually rife with misspellings and clear grammatical issues.

“That’s not true anymore,” Ziplow said, owing in part to the prevalence of social media and the ability for hackers to study their victim and send them a phony message that plays on their interests and online habits.

“That helped to project a phishing attack coming from someone and having it look and feel like someone else – like the real person sending the email,” he said.

According to IT management software company Ivanti, 80% of businesses have reported an increase in the volume of phishing attacks, and 45% of those businesses say phishing attacks are getting so sophisticated that even their IT professionals are falling victim.

In many cases, all it takes is one employee to click on a malicious link in a phishing email to set off a chain reaction that could result in the entire organization’s network being held hostage for a hefty ransom.

The scourge of ransomware

Ransomware has been in the news lately, and for good reason: attacks that encrypt a victim’s computer systems unless a ransom is paid have increased by 288% between January-March 2021 and April-June 2021, according to cybersecurity and risk mitigation firm NCC Group.

Attackers are going after high-value, mission-critical industries where victim’s can ill afford downtime and are often left with no choice but to pay the ransom. 

Recent examples include the attack on Colonial Pipeline that impacted the supply of oil to the East Coast and beef supplier JBS. According to news reports, those companies paid millions to the ransomware hackers.

However, it is impacting businesses of every size, with the average ransom demand now over $100,000.

No business is off the table, and attacks have been documented against government of all levels, public schools, higher education and healthcare systems.

As is the case in the world of cybercrime, hackers are always adapting and changing their methods, which no longer include just holding networks and data hostage. Now, they are engaging in double and triple extortion to force victims to pay.

According to Ziplow, hackers now typically steal sensitive data before they encrypt systems and threaten to release it to the world unless the victim pays the ransom. Reports of hackers going a step further and conducting further activities like DDoS attacks to disrupt the business unless a ransom is paid are also emerging.

Ransomware hackers typically spend some measure of time inside a victim’s IT environment before they conduct their attacks with the goal of rendering a victim’s backups useless and doing additional reconnaissance to find sensitive information, Ziplow said.

“Ransomware has taken on a very different meaning for many people,” he said.

Leveraging the IT supply chain

Ask any IT professional or cybersecurity expert about what they envision for future cyberattacks and they’ll point to recent large-scale compromises of widely used IT software that led to compromises of the highest levels of the U.S. government and a massive ransomware campaign.

Dr. Laurent Michel, a professor in the University of Connecticut’s computer science program and Synchrony Chair professor in cybersecurity, says these kinds of attacks should keep IT professionals up at night.

“The one that I fear will be the most devastating is supply chain attacks,” Michel said.

In December 2020, IT management software provider SolarWinds disclosed that a sophisticated hacking group compromised a popular piece of software that helps IT professionals manage their organization’s networks. In what was a seemingly innocuous software update pushed out to 18,000 of its customers, the hackers implanted a backdoor that allowed them to remotely spy on dozens of organizations in the U.S. government and other mission-critical industries.

Another conducted over the July 4 weekend involved the widely used Kaseya VSA platform, which was used to distribute ransomware to a few dozen IT service providers, each of which had access to the networks of possibly hundreds of customer networks. According to reports, as many as 1,500 customer networks were encrypted.

“I suspect there will be more of these in our future,” Michel said. “Even if you have defenses, those problems arise as a result of your subcontractor being breached and not even knowing about it.”

According to Mark Raymond, the State of Connecticut’s chief information officer, attackers are also increasingly exploiting security flaws in technology products.

“Vulnerabilities are being uncovered on a weekly basis, which creates the need for us to be responsive to that and constantly patch and address these things being found in software,” Raymond said. “Providers like Microsoft, Google, Apple and more are constantly releasing advisories on recently discovered vulnerabilities and instructions for mitigating and patching the software flaws, but hackers are quick to exploit them before organizations can implement the fixes.”

“Software would have been patched on a monthly or quarterly basis, but now it’s weekly,” he said.

What you can do to protect against these threats

The IT and cybersecurity world has been preaching basic cyber hygiene and best practices for years, and it is now time to take them seriously, cyber experts say.

According to Ziplow, Michel and Raymond, all organizations should consider these best practices and technologies to help prevent bad actors from infiltrating their computer systems:

  • Multi-factor authentication. This technology helps protect access to systems and apps by requiring a secure code to be entered at login. The codes can be sent via email or text, but more secure methods have recently emerged, including smartphone apps and hardware security keys.

 

  • Backups. In many cases, ransomware victims end up paying the ransom for the decryption key because they didn’t have adequate backups, or the backup was connected to the internet and the hacker was able to encrypt those files as well. Organizations should regularly backup their data and store it offline so hackers can’t access it. The ransomware game is about leverage, so being able to ignore the hacker’s demands and restore from secure backups takes the leverage away from the criminals.

 

  • Monitor networks, apps and users for unusual activity. If there is no detection capability within the organization, then a response to the attack won’t happen until it’s too late. There are solutions and service providers that can monitor network traffic, users and business apps for unusual activity to alert organizations to an issue before it gets worse.

 

  • Identity and access management. If any user can perform IT administrator tasks, then the network is at a huge risk of compromise if just one of those users is compromised. Users should only be granted access to the tools they need to do their jobs, and nothing more.

 

  • Adopting a Zero Trust architecture. Rather than a single product or piece of technology, Zero Trust is a concept that moves from implicit trust to explicit trust within a business’ IT environment. Under this framework, all users and apps are viewed as a potential threat, and therefore what they can do is limited. All users and apps are authenticated every step of the way, and networks are segmented to prevent a potential hacker from compromising other areas of the organization.

Sign up for Enews

0 Comments

Order a PDF