informa
/
Threat Intelligence

2020 Witnessed a Disruptive Shift in Cyberattacks. Are You Ready?

Cyber adversaries are attacking organizations on all fronts. Make sure you're ready to fight back.

Businesses have experienced more disruption during this past year than perhaps at any other time in history. The global pandemic forced organizations to radically redesign their businesses and networks to accommodate the need for social distancing. As a result, networks were turned inside out because most, if not all, of their workers or students were suddenly connecting to the network from the outside. At the same time, consumers changed how they bought everything from food to clothes to entertainment, and businesses scrambled to stay open.

From a security perspective, however, this disruption was unprecedented. Within weeks of the start of this pandemic, cybercriminals began evolving attacks with increasingly malicious outcomes, beginning with exploiting the fear and doubt felt by everyone. The Dark Web was filled with scams, malware, and attacks designed to target individuals and companies. And then, once workers began working from home — a process that had IT and security teams working around the clock — their home networks and unpatched devices became primary targets for criminals looking to exploit connections back into the network.

Three Areas of Disruption
But that was just the start. Today, organizations are being simultaneously assaulted on three fronts as the most recent "FortiGuard Labs Global Threat Landscape Report" shows.

Core networks: After a brief lull last spring, attacks targeting core networks have escalated. In fact, according to the latest "Threat Landscape Report" from FortiGuard Labs, ransomware attacks escalated a staggering sevenfold in just the past six months. Of course, we all knew this was coming, ever since we discovered that malware developers had begun selling ransomware-as-a-service on the Dark Web. Now, anyone with a credit card and a desire to cause mayhem can target and take down a corporate network, as long as they share their ransom profits with the malware developers.

Home offices: At the same time, cybercriminals have kept up the pressure on home offices and mobile workers. We have seen a spike in attacks targeting consumer Internet of Things devices. In many home networks, some percentage of connected devices are more than a few years old, have no security, or have never been patched or updated. And now, almost everyone in that home uses that same network to connect to an office or school.

Part of the problem is that IT teams did not have enough time to properly prepare a security foundation for this transition to a work-from-home model. But when you have a thousand people off-network, a user only needs to lose a connection or have a security issue once a year for the IT team to have try to solve three serious security issues a day.

Digital supply chains: To make matters worse, the entire trusted digital supply chain model everyone had been relying on for decades was suddenly turned on its ear when malware was injected into a software update by state-sponsored cybercriminals. The impact of this event has caused everyone to consider what else should be done, such as scanning of patches and updates before applying them. Of course, this adds another layer of caution and several time-consuming steps to a process. And as any cybersecurity professional can tell you, patching and updating are at the heart of most viral malware attacks.

What Can You Do?
Cybersecurity risk has never been greater, especially as everything is interconnected across a larger and ever-expanding digital environment. So, in addition to all of the usual security solutions and precautions every network should have in place, here are some solutions to consider that address this rapidly evolving threat landscape.

  • Integrated and AI-driven platform technologies, powered by actionable threat intelligence, are vital to defend networks across all edges and to identify and remediate threats that organizations face today in real-time.

  • Secure access service edge (SASE) should be used to quickly extend secure access to all users and extend enterprise-grade security to end users through the cloud. When combined with zero-trust access, security teams can combine that secure connectivity with effective network segmentation and network access control to ensure that users and devices only have access to predefined resources. Edge controls should also include behavioral monitoring so that external attacks can be quickly seen and stopped.

  • To address the spike in ransomware, organizations need to develop a more robust strategy for storing backups of critical data, applications, and other resources off-network. And they need an action plan so that systems can be restored quickly.

  • And finally, endpoints should be protected using the latest endpoint detection and response (EDR) technology. EDR solutions have rapidly grown in popularity because they not only prevent attacks but also detect and disrupt them once they have breached a device, preventing them from connecting to their command-and-control servers or from downloading or launching malware.

You've Got This
While threat intelligence gathered from the second half of 2020 shows an unprecedented cyber-threat landscape, where cyber adversaries have maximized the constantly expanding attack surface to scale threat efforts. Fortunately, there are still countermeasures that can be taken. They start by building security teams, strategies, and solutions that are just as adaptable as their adversaries. Today's cybercriminals have not just targeted the abundance of remote workers and learners outside the traditional network but also showed renewed agility in attempts to target digital supply chains and even the core network. Security teams need to do the same, creating a common security framework across their entire distributed network and utilizing advanced technologies enhanced with AI to close the gaps. When done properly, even the most beleaguered security team can come out ahead, even when trying to defend a network that is in a constant state of evolution.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio. Sign up for the weekly Threat Brief from FortiGuard Labs.

About the Author:

Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, is an experienced thought leader who has built global collaborative frameworks in cybersecurity. Strategist to global leaders, private public sector relations, C-suite consultant, threat intelligence expert on cybercrime. Also see here: https://www.darkreading.com/author-bio.asp?author_id=2624&

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5