Are You Prepared to Mitigate the Madness?
No doubt, the cyber threat-level worldwide is high. Enterprise security teams are digging deep and working hard to meet the challenges faced by ever-changing technologies, device interconnectivity, hybrid/cloud environments, and complex ecosystems. The goal is to stay ahead of the hackers to proactively and preemptively respond to their tactics.
To that end, let’s review some of the worst attacks we’ve seen so far in 2019 and examine what we can learn from these threat strategies to better protect our enterprise.
Data Theft: The number one target for most cybersecurity incidents today has to do with data records or Personally Identifiable Information (PII) from users, consumers or employees. Data equals dollars on the Dark Web. Today, lost/stolen records number over $1+ billion per incident. Here are just a few of the most recent data-related headlines:
540 million Facebook records were stolen from 2 unprotected, third-party AWS servers
Toyota faced a series of intrusions on its dealers and subsidiaries of the company in multiple countries resulting in the loss of 3.1 million customer and employee personal data records.
885 million personal data records from First American Financial Corp. were found unprotected, dating back to 2003.
Lessons Learned: Third-party data warehousing can leave records vulnerable. Enterprises must be diligent in securing data-in-use and data-at-rest while looking at the entire ecosystem of the enterprise including external agencies, businesses, and applications.
Ransomware: While ransomware has seen some decline since 2018, the next evolution of ransomware uses anonymous networks (such as TOR), so that locating and disabling command and control (C2) servers will be extremely difficult. Most recent headlines include:
Ryak crippled US-based Tribune Publishing house in January, with the apparent goal to “disable infrastructure” as opposed to stealing information.
WannaCry ransomware continues to plague hundreds of US schools and municipalities in Georgia, Maryland, and Massachusetts, with losses in the millions of dollars.
According to Cybersecurity Ventures, a ransomware attack will occur every 14 seconds.
Lessons Learned: Ransomware players are nimble and adaptable. Some are small fish while others are nation-state-backed and considered the cartels of cybercriminals. The lesson for security teams is to know your enemy by being vigilant and staying up-to-date on the latest exploit strategies., while training employees with safe-cyber best practices.
Phishing/Whaling: In this game, bigger fish means higher rewards. Social engineering attacks on the highest-ranking company employees, especially in the online payment sector, banking and real estate markets or government officials are seeing the highest spike in activity.
A new version of Emotet Trojan phishing campaign targets banks and healthcare providers, gathering user credentials stored in internet browsers. The front line “bait” is often an official-looking email, also known as a business email compromise (BEC).
Facebook and Google both fell victim to a $100 million-dollar phishing scam where employees were tricked into sending money to overseas bank accounts.
Belgium Bank Crelan lost more than $75 million in a CEO-targeted phishing scam.
A mortgage closing wire scam has been causing a lot of stir in the real estate market, costing home-buyers big-ticket closing costs or even their home.
Lessons Learned: HTTPS is no protection as 58% of all phishing websites are now served via HTTPS. Teach everyone to be suspicious, not to click on links in emails or paste links into their browser, even if the email appears to come from a trusted source, boss or coworker. Security teams can use asset and user behavior analytics to monitor, filter and ferret out malicious activity.
IoT (Internet of Things): As devices continue to connect and control areas of our lives, exploited vulnerabilities will increase in prevalence and diversity. DDoS (Distributed Denial of Service) attacks are specifically targeting companies/governments/political entities, seeking a way into individual private networks.
According to Avast, over 40% of smart homes are vulnerable to remote attacks from at least one IoT device.
Medical devices (Medical IoT or IoMT) have left the healthcare industry increasingly vulnerable.
A new Silex malware bricked IoT devices with weak passwords by the thousands, with scary implications for what’s next.
Lessons Learned: Security teams must employ content filter controls to block unwanted or malicious traffic from certain IPs, origin countries or domains about certain topics. Network segmentation can also provide an extra layer of security.
Artificial Intelligence and Machine Learning: Cybercriminals are now harnessing artificial intelligence (AI) and machine learning (ML). This includes chatbots and blockchain exploits.
Zero-Day plus AI is predicted by Fortinet to leverage machine learning in an effort to develop automated fuzzing programs (a quality assurance technique used to identify coding errors and security loopholes) that will accelerate the process of discovering zero-day vulnerabilities in order to exploit them.
A report published by SHERPA consortium finds AI by cybercriminals to be focused on misinformation and social engineering: “While the research found no definitive proof that malicious actors are currently using AI to power cyber attacks, they highlight that adversaries are already attacking and manipulating existing AI systems used by search engines, social media companies, recommendation websites, and more.”
Lessons Learned: Knowledge and applications of AI and machine learning can be powerful tools in the security team’s arsenal. However, like everything else, the enemy has the same knowledge and tools at his disposal.
From One CISO to Another
The struggle is real, and the stakes are high. Cybercriminals seem to be backed by deeper pockets than ever before and the modern enterprise is having a hard time keeping up with the technology, budgets, and staffing required to fight the madness. Staying informed is only half the battle. And being prepared is not easy.
2019 indicates that a disparate and haphazard strategy to cybersecurity simply is not enough to combat the barrage of tactics and techniques being used by cybercriminals. An integrated, holistic approach to cybersecurity management is required to stay abreast and ahead of the attackers. @Risk can help you and your team with the strategies, tools, and implementation to mitigate the madness.
For more information, learn how to measure, mitigate and transfer risk: www.atrisk.com.
Measuring, mitigating and transferring risk are critical aspects of conflict and have been for thousands of years. Sun Tzu, the famous Chinese military strategist is attributed with saying: In simple terms to avoid losing, you must be able to defend. Knowing this, you...
In the aftermath of WWI, France built an elaborate defensive system that became known as the “Maginot Line.” It was designed to block an invading army and considered impenetrable. Hitler’s forces overcame these defenses by land, sea, and air to defeat France in 6...
The Magnificent Seven is a movie about a Mexican village that is at the mercy of Calvera, the leader of a band of outlaws. The townspeople, too afraid to fight for themselves, hire seven American gunslingers to free them from the bandits' raids. The professional...