New and known threat and security trends

Employees access company networks or cloud-based resources from the home office via WLAN. IT staff remotely troubleshoot mission-critical systems and more. Hackers waste no time exploiting these potential vulnerabilities.

The most important current security and threat trends are briefly outlined below. Unfortunately, the scope and sophistication of these attacks are expected to get worse over time.

Dramatic increase in ransomware attacks

Ransomware attacks have grown exponentially and will continue to grow. The shift to working from home has meant that companies need to strengthen their IT security measures, as their employees now work both professionally and privately from multiple devices in environments that may or may not be secure. Therefore, it is advisable to proactively implement appropriate measures such as Zero Trust security models, which also include training for the entire company.

Bypass access controls with deepfakes

Manipulated videos or images (deepfakes) are increasingly becoming a major security problem. So far, deepfakes have mostly been seen in the entertainment space, where manipulated videos show one actor’s face morphing into another. Or with politicians being spoofed on videos saying things they obviously never said. For example, scammers faked a CEO’s voice and tricked an employee into transferring a large amount of money to a fake account.

Aside from fraud, an attacker could create a video showing a celebrity, CEO or other executive doing something embarrassing or illegal and use such deepfakes for blackmail purposes. Hackers will soon be more likely to weaponize AI-based deepfake technology, for example to compromise biometric access controls by faking a person’s face.

READ:  Unmistakable Clues to An APT Attack

Attacks also on conference software

Today, working from home and communicating with colleagues and partners via conference calls and video conferencing software is very common. These services are now being attacked in bulk, eavesdropping on sessions to potentially steal sensitive information. Therefore, it is imperative for organizations to put in place formal corporate policies and procedures that employees must follow to combat threat actors.

For this reason, measures such as cleaning up invitation lists, protecting video conferences with passwords, sending passwords in a separate message from the meeting invitation, manually admitting participants by the moderator, and locking the meeting once it has started should be taken.

Not new, but effective: Cryptojacking

In cryptojacking, attackers break into a company or organization to mine cryptocurrency using hijacked computing resources. The attacker can usually remain undetected for a long time. Since no ransom was demanded and no personal data was stolen, companies do not have to disclose that they have been hacked. This makes it difficult to quantify the cost of intrusion, as the damage is in the areas of lost computing power, slower performance, and higher utility bills.

However, as cryptocurrencies appreciate in value, there is a greater incentive for attackers to commit cryptojacking. Cryptojacking is a growing and serious security threat because it is essentially a backdoor into an organization that could also be sold to others who in turn want to launch ransomware or other types of attacks.

Hacks on IoT and OT

Attacks on the Internet of Things (IoT) and operational technology (OT) infrastructure have also increased. These include critical infrastructure, traditional manufacturing facilities, and even smart home networks. Attackers target industrial sensors, among other things, to cause damage that can lead to production lines being shut down or services having to be interrupted.

READ:  Hardening Measures for The Active Directory

As these systems are increasingly managed remotely, it opens up a very good entry point for hackers. Furthermore, attackers could also carry out ransomware-like attacks, for example locking or modifying a company’s smart door lock or smart thermostat.

Attacks on supply chains

The supply chain is only as strong as its weakest link, and this is how hackers attack their targets. Attacks on supply chains are and will remain a hot topic. Businesses are advised to pay particular attention to third parties, partners, contractors, managed service providers, and cloud service providers. That means these companies must demonstrate that their security practices are always up to date. In addition, it should be ensured that these organizations comply with the established security guidelines.

Advanced Detection and Response (XDR)

Extended Detection and Response (XDR) is a relatively new approach to threat detection and response. This is about breaking down security silos and providing cloud-based services that encompass multiple security-related data streams. XDR harnesses the power of cloud-based big data analytics to analyze data from endpoint protection agents, email security, identity and access management, network management, cloud security, threat intelligence, threat hunting, and more. XDR is less about a specific product and more about building a platform that can integrate the capabilities of multiple security tools to detect, analyze, track, and remediate a potential security threat in context.