An Update On Current Cyber Security Threats and How You Can Mitigate Them
As organisations gradually shift to the new normal, we see corresponding changes in the cybersecurity threat landscape that warrants adjustments in how businesses should frame their security strategy. While some of the older threats certainly still remain, there are a couple of new entrants that have only emerged as a byproduct of the new work environment.
At the height of the pandemic, many businesses were forced to send a large percentage of their workforce home and let them accomplish tasks from there. This led to a surge in online activity that was constantly infused with COVID-19-related news, views and updates.
Unfortunately, this state of affairs has given cyber criminals the opportunity to exploit people’s heightened interest in any seemingly COVID-related content. This has been manifested in the rise of COVID-themed social engineering attacks, most notably phishing attacks. Since last year, many phishing emails have contained attention-grabbing content such as updates outbreak alerts, lockdown updates, and others appearing to come from WHO or NHS but actually lead to a malicious download or link.
With the pandemic far from over, employees should be made aware of the prevalence of COVID-themed phishing emails. They should be taught how to distinguish a suspicious email from a legitimate one and who to contact when in doubt. If possible, businesses should employ spam filters and see to it that they are configured correctly.
Getting systems ensnared by a ransomware attack in the midst of a pandemic can be a nightmare, especially to healthcare organisations, where such an incident could lead to actual loss of life. Sadly, cybercriminals view this as an opportunity to exploit. If an organisation (e.g. hospitals) can’t afford to lose control of their systems, surely they’ll offer very little resistance when asked to pay ransom to set those systems free.
Most ransomware is downloaded through malicious emails. Thus, as with phishing attacks, the best way to counter it is to train employees in identifying suspicious emails and knowing what steps to take if they do encounter one. For the management’s part, you must make it easy for employees to report these incidents.
Another thing to bear in mind is that, while backups can certainly help you recover from a ransomware attack, ransomware can also encrypt data backups if those backups are reachable through the network. To minimise this cybersecurity risk, you must include offline backups that can’t be reached from the network in your backup strategy.
Last year, we witnessed a 2.3 Tbps tsunami of a DDoS attack – the largest publicly disclosed DDoS attack in history at that time (at the rate these massive DDoS attacks are taking place, we won’t be surprised if another one hits before we publish this). Not only that, NETSCOUT’S ATLAS Security Engineering and Response Team (ASERT) reported that they detected 1.6 million more attacks in 2020 than in the previous year.
It’s not surprising that this uptick coincides with the rise of online activity due to work-from-home strategies. As the value of online systems grows, so will the threat of DDoS attacks. Some of these attacks are similar to ransomware attacks. Some DDoS attackers threaten to inundate a victim’s online systems if they don’t get paid.
DDoS attacks are hard to prevent. There are however ways to minimise the impact when one does occur. One way is by employing a DDoS protection solution like Cloudflare, Project Shield, AWS Shield, Verisign, and Azure. Some of these cybersecurity solutions only apply to certain environments, so we suggest you seek the help of an IT consultant who can help you pick the right solution for your organisation.
As you’ve probably gathered by now, one of the factors driving these threats is the increased adoption of remote work. This new normal has introduced vulnerabilities and attack surfaces never before seen at this scale. To make things worse, the migration of end-users (already the weakest link in the security chain) from corporate premises to their homes gives attackers numerous targets with very minimal defenses.
If, in the office, users are protected by multiple layers of security such as Data Loss Prevention (DLP) systems, Intrusion Detection System / Intrusion Prevention System (IDS/IPS), Next-Generation Firewalls (NGFW), and others, they don’t get the same level of protection at home. And yet, some of these users continue to work with large volumes of sensitive data.
Cybercriminals can acquire this data through a variety of methods such as phishing, social engineering, malware, and even plain physical theft (i.e. by stealing an employee’s laptop or hard drive). Depending on the value of the data in question, cybercriminals can be willing to go through great lengths to acquire them.
Businesses should therefore rethink their cybersecurity strategy and take into account the fact that their attack surface has already extended to their end users’ homes. Just like in the office, companies should apply a layered approach to security. In addition to spam filters and antivirus software, they may, for example, employ other solutions like Virtual Desktop Infrastructure (VDI), which hosts applications and data in a corporate data center, as a way of reducing risk in these scenarios.