New tactics, exploits and a business like approach to distributing new malware families has moved the threat landscape into uncharted territory

Gather Intel > Upgrade > Attack

Cybercrime has increased more than 63% since the COVID-19pandemic began. Cybercriminals started off 2020 with socially engineered phishing attacks that preyed on the fear and confusion about the coronavirus.  By April of 2020, Google wasblocking 18 million Covid-19 related emails per day.  

Mid-year, the focus of phishing emails changed from Covid related to remote work and communication tools. By taking advantage of the disruption to our ordinary routines, the less-than-stellar security of home networks and our levels of stress and distraction, attackers were able to “cash in”.  But in 2020 the prize wasn’t simply money from ransomware – it was information and time.

The wait-and-watch approach provided more than just valuable information, it also gave cybercriminals and hacking groups a chance to hone their skills and work together to create new exploits, custom intrusion tools and distribute new malware families using a “malware as-a-service” model - with unprecedented success.

Uncharted Territory

A Zero Day Vulnerability is defined as: a flaw in software,hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. As attackers get more savvy, the number of zero days discovered “in the wild” increases; in 2019 there were 21, in 2020 there were 25 and although we are only three months into 2021 – 15 have already been reported.  

A recent, real-life example of a zero-day is the Supply Chain attack responsible for recent breaches of multiple departments within the US Government, cybersecurity company FireEye, software vendor SolarWinds, Microsoft and others.  The attack began with cybercriminals gaining network and infrastructure access at SolarWinds, where stealthy attackers were able to steal and use credentials to move throughout the network and set up legitimate remote access.  This backdoor was used to deliver a fileless malware, which then deployed a weaponized version of a commercial penetration testing framework.  From here,attackers created a zero-day vulnerability by modifying a legitimate plug-in used by SolarWinds, which was unknowingly sent out as part of an update to their clients – opening the door (or backdoor as the case may be) to FireEye and their clients and connected partners.  

All is not lost

Unfortunately for businesses large and small, the tried-and-true protections provided by firewalls and anti-virus software are pretty much useless against zero-day attacks. But fear not - you can make it much more difficult for attackers using any type of attack to get into your network and save your critical data if you leverage:

Direct Involvement:  Cybersecurity has never been “set it and forget it”. When it comes to the security of your network, end users are more likely to have the impression that cybersecurity is not a priority if management and upper management are not involved.

End User Education:  91% of all cyberattacks begin with a phishing email. All it takes is a single click on a single device to infect your entire infrastructure, as well as the networks of partners and vendors.  Helping your end users understand how personal devices and technologies can impact the security of your network and ensuring they have up-to-date information about current threats and how to spot them is imperative.

Multi-Factor Authentication and Password Management:  Attackers don’t need to bother with phishing emails if they have a username and password gained from other breaches.  Password managers not only help you and your staff create strong passwords, they also make it much easier to ensure work related passwords are not re-used.  Multi-factor Authentication/2FA adds an important layer of protection to the sign in process, ensuring users are who they say they are as well as making stolen or compromised credentials useless for attackers.

Mitigate Third Party Risk:  The cybersecurity practices and compliance requirements of vendors, partners and contractors play an important role in the security of your network. Consider implementing an onboarding process for third parties that includes an evaluation of their cybersecurity processes as well as your requirements for the protection of data, intellectual property and transactional records.  

Policies and Procedures:  Documents specifying what is expected when it comes to accessing and handling data, verifying transactions and working with third parties can help your end users understand their role in keeping your network secure.  An acceptable use policy should be used to outline the rules and define the expectations for end users connected to your network (and the potential consequences for breaking them.)

Network Monitoring:  Attacks and exploits have evolved to evade detection from the proactive monitoring of firewalls, servers,routers, switches and other network components. Since most attacks gain entry to your network from the endpoints of end users, a security service designed to hunt, detect and respond to stealthy exploits and hidden threats at the endpoint can stop attacks before they impacty our infrastructure.  

SaaS Backup: Software as a Service platforms such as Microsoft 365, Google’s G-Suite and other cloud-based applications have become key components for communication, collaboration and productivity. Unfortunately,there is a common misconception that these services provide a sufficient backup of data.   Both Microsoft and Google make no guarantees when it comes to restoring data whether it’s ransomware, inactive licenses, app outages, or human error. An independent data backup separate from the SaaS app itself is actually recommend by Microsoft and necessary to avoid the most common data loss pitfalls.

Business Continuity:  Backing up your data is no longer enough. Implementing a business continuity solution and having a data recovery plan does much more than simply help you meet compliance requirements. Having uninterrupted access to your critical data and line of business applications gives you the ability to continue to operate from anywhere at any time - even in the event of a disaster, security incident or other disruption.

If you are serious about your organization’s security (and you should be), Pivotal IT is here to provide you with scalable, affordable solutions and services – You call, we help – it’s as simple as that.