2020 was unprecedented in almost each manner, and cyberattacks have been no exception. The CrowdStrike 2021 Global Threat Report, from cloud-native cybersecurity firm CrowdStrike, the states this was “perhaps the most active year in memory.”
For enterprises particularly, the report uncovers rising threats to watch within the coming yr. Malicious actors furthered their shift towards assaults on high-value targets equivalent to enterprises, referred to as “big game hunting,” which has turn into more and more well-liked in recent times due to the extra profitable payday potential. Malicious actors additionally developed new instruments and procedures, and shaped alliances to bolster the energy and attain of their assaults. Most considerably, they more and more built-in blackmail and extortion methods into ransomware operations.
Malicious actors have escalated their efforts over the past 18 months, Adam Meyers, senior vp of intelligence at CrowdStrike, advised EnterpriseBeat. They need “to steal as much data as they can get their hands on. Then they’ll say ‘If you don’t pay us, we’re going to release all this sensitive data,’ which could have reputational or even regulatory impact.”
Cyber criminals additionally exploited the COVID-19 pandemic, preying on fears, concentrating on the well being sector, and making the most of the abrupt change to distant work. According to the report, 71% of cybersecurity consultants surveyed mentioned they’re extra fearful about ransomware assaults because of COVID-19. Additionally, 2020 noticed what is maybe probably the most refined and far-reaching supply-chain assault in historical past.
The finest protection for enterprises is to be told of the evolving threats, act rapidly within the occasion of an assault, and be proactive with superior security options. “You have to have a next-gen solution. Antivirus is dead,” Meyers mentioned.
The findings within the 40-page report, which tracks and analyzes the exercise of the world’s main cyber adversaries, have been compiled utilizing machine studying, firsthand observations from the corporate’s frontline cyber analysts, and insights from crowdsourced risk measurement, the corporate mentioned. Here are the developments, threats, and security finest practices for focused enterprise, in accordance to the report.
Cyber criminals exploit the COVID-19 disaster
The healthcare sector faces important security threats in a typical yr, and the stakes associated to the pandemic solely introduced elevated consideration notably to pharmaceutical corporations, biomedical analysis corporations, and authorities entities.
While early goals for focused intrusion actors could have included buying info on an infection charges or country-level responses, the purpose rapidly shifted to vaccine improvement. Malicious actors based mostly in China, North Korea, and Russia all focused vaccine analysis, CrowdStrike mentioned. In whole, a minimum of 104 healthcare organizations have been contaminated with ransomware in 2020.
COVID-19 additionally proved efficient for phishing, a method that’s usually most profitable when it faucets into human feelings like hope, concern, and curiosity. Phishing scams focused the federal COVID aid plan for companies (PPE), monetary help, and different authorities stimulus packages. They additionally pretended to provide info on testing and therapy and impersonated medical our bodies together with the World Health Organization (WHO) and U.S. Centers for Disease Control and Prevention (CDC).
Lastly, the abrupt shift to distant work thrust many enterprises right into a security state of affairs for which they weren’t ready. The sudden use of private computer systems, for instance, means many individuals are engaged on gadgets which will have already been contaminated with malware. Another threat is the sharing of gadgets between members of the family, a few of whom might not be conscious of security threats they could encounter.
“The biggest impact is that it increased the attack surface,” Meyers mentioned, referring to the sum of entry factors a malicious actor can use to achieve entry.
Enterprises at biggest threat: personal and authorities healthcare entities, newly distant organizations.
Nation-states go after IP
Beyond vaccine improvement, nation-state actors additionally focused enterprises throughout sectors for mental property (IP). The report suggests they’re not letting up and will proceed in 2021, echoing sentiments from across the trade.
China particularly has a “shopping list” of applied sciences it’s trying to develop and is utilizing financial espionage to leapfrog the prevailing know-how, particularly in AI and machine studying. Some nation-state actors are additionally concerned about accessing cybersecurity corporations’ personal toolkits that would support them in additional assaults, as occurred within the case of FireEye.
Another risk comes from bilateral agreements or joint-venture purchases with corporations based mostly in different international locations, which nation-state actors look to capitalize on. And past IP, an organization’s negotiating methods, enlargement plans, and backside strains are all potential targets.
Enterprises at biggest threat: clear power, medical know-how, digital agriculture, cybersecurity, mining/limited-supply assets, and rising applied sciences.
Supply-chain assaults attain new heights
While supply-chain assaults are nothing new, 2020 noticed one which some cybersecurity consultants are calling “the hack of the decade.” A nation-state actor breached the community of IT software program supplier SolarWinds, sustaining entry for 264 days and attacking clients by means of stealthy malware hidden in a number of software program updates. The SEC recognized a minimum of 18,000 potential victims of the assault, together with top-tier corporations and governments. The actor even studied and downloaded Microsoft’s supply code for authenticating clients.
Supply-chain assaults are uniquely damaging due to their domino impact, wherein one intrusion can allow additional breaches of a number of downstream targets.
“The scope, depth, and length of time this was out there, I would say, is unprecedented,” Meyers mentioned, including that supply-chain assaults, particularly in software program, are what hold him up at night time.
Ransomware meets extortion
Among elevated ransomware exercise, 2020 additionally noticed the accelerated integration of knowledge extortion and blackmail methods, a follow the report warns will seemingly develop this yr. This echoes one other current report from information safety specialist Acronis, which declared “2021 will be the year of extortion.”
A big a part of this was the introduction of devoted leak websites (DLSs), that are darkish net posts the place malicious actors element — with proof — the precise information they’ve stolen, aming to improve strain on targets to meet ransom calls for. One notable instance was the assault on New York-based regulation agency Grubman Shire Meiselas & Sacks. The accountable felony group dropped posts hinting it had information of corporations and celebrities together with Madonna, Bruce Springsteen, Facebook, and extra, ultimately releasing a 2.4 GB archive containing Lady Gaga’s authorized paperwork. Overall, this method was adopted by a minimum of 23 main ransomware operators in 2020. The common ransom paid was $1.1 million.
Threat actors deployed new information extortion methods. This consists of going after non-traditional targets inside organizations, equivalent to hypervisors like VMware ESXi. They’re additionally staggering the discharge of stolen information, which within the case of enterprises with excessive model recognition can generate news and social media buzz that provides strain to ransom negotiations. Threat actors additionally collaborated on extortion campaigns, forming alliances such because the self-proclaimed “Maze Cartel.” This might evolve into internet hosting one another’s victims’ information, growing the danger it is going to be shared or offered, and making it harder to negotiate the complete elimination or destruction of stolen information.
New ransomware variants and households have been additionally launched, and one actor launched ransomware as a service (RaaS). The report additionally particulars the elevated use of entry brokers, whereby hackers who achieve backend entry to enterprises merely promote it immediately to malware actors. This eliminates the time spent figuring out targets and gaining entry, permitting them to deploy extra malware sooner.
Enterprises at biggest threat: Although most ransomware operations are opportunistic, the commercial, engineering, and manufacturing sectors have been particularly focused in 2020. Technology and retail sectors are additionally at excessive threat.
How enterprises can defend against threats
According to Meyers, these are the 5 issues enterprises must be doing.
- Secure the enterprise. This means following finest practices and having a number of safeguards, together with stable vulnerability administration, constant patch cycles, and “the principle of least privilege.”
- Prepare to defend. CrowdStrike recommends a 1-10-60 rule: Identify an assault inside one minute, reply to it inside 10 minutes, examine it, and forestall the attacker from finishing up their goal inside one hour. Either cross-layer detection (XDR) or endpoint detection and response (EDR) must be in place, in accordance to Meyers.
- Have a next-gen resolution. Antivirus wants to have seen a risk earlier than, however machine learning-based options can decipher threats with out having ever seen them. This distinction is essential with the rising charge of ransomware right this moment.
- Training and follow. Get executives, administrators, and board members collectively and develop a response plan. Know everybody you’ll want to name, and don’t wait to deal with assaults on the fly.
- Intelligence. Be conscious of the threats, their methods, and instruments, as nicely which particular threats goal your trade and geolocation.
EnterpriseBeat’s mission is to be a digital city sq. for technical decision-makers to achieve information about transformative know-how and transact.
Our web site delivers important info on information applied sciences and methods to information you as you lead your organizations. We invite you to turn into a member of our group, to entry:
- up-to-date info on the themes of curiosity to you
- our newsletters
- gated thought-leader content material and discounted entry to our prized occasions, equivalent to Transform
- networking options, and extra
Become a member