Last month Check Point released their 2021 Security Report. The report is a comprehensive overview of the major attacks, latest vulnerabilities that are being exploited, and most importantly the global impact they have. I would highly recommend having a read of it, but here are some key points.
It was easy to have spent 2020 focused on the developments of Covid-19, but it was a year filled with cyber security attacks. There was a lot of talk around the Solarwinds hack, which is one of the most complex attacks the industry has seen. That said, these types of attacks are rare, and there were actually much simpler types of attacks taking place regularly. Double extortion ransomware (covered in previous blog by my colleague, Karl), credential theft, and some good old-fashioned misconfiguration were all prevalent in 2020.
Key Attacking Trends
- Vishing – this is a really old school technique, which has made a come back in 2020. Essentially, hackers call the target and convince them to open a malware payload using social engineering techniques.
- Double Extortion Ransomware – this was covered in detail during our previous blog. It builds on ransomware to steal data before encrypting, giving the hacker additional leverage to get their ransom.
- Thread Hijacking - this is a clever type of bot attack (Emotet being one), once an endpoint is infected, it will reply to an email chain, and attach itself. The premise being users are more likely to open a file from a sender and conversation they are already engaged with.
- Privilege Escalation in the Cloud – this can be through misconfiguration of IAM, or through the exploitation of what is known as the Golden SAML exploit. According to Check Point’s research, Identity and Access Management (IAM) roles can be abused by 22 APIs found in 16 Amazon services.
In a time of a global pandemic, cyber attackers are still happening, bot driven and fully functioning 24/7. More often than not, I speak with companies that have no ability to even detect a breach, let alone stop it. Why? Most companies have needed to adapt during the pandemic, this could be a shift to home working, dramatic market trend fluctuations or a change in customer engagement. IT departments have needed to act quickly to support these trends, through changes to core IT infrastructure. Unfortunately, for some, there has been a clear delay in the security strategy keeping up with these changes.
Most of the attacks mentioned can be mitigated through User Awareness Training (UAT) and Breach Detection technologies. UAT has long been a corner stone of any cyber security strategy, but it was always assumed that users would act in a responsible work manner, while they are on work premises. What about now, your users are more often than not sat at home, surrounded by their own comforts, with little to no reminder of their workplace.
This shows the continuing threats companies face, and why having a strong security posture is the only way to provide a reasonable level of protection to your users, customers, and your brand.
Get in contact if you would like to know more or this.