Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/30/2021
01:00 PM
Ken Todd
Ken Todd
Commentary
50%
50%

Watch Out for These Cyber-Risks

It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.

Last year was unprecedented for many reasons, not the least of which was responding to the COVID-19 global pandemic. Unsurprisingly, cybercriminals leveraged the pandemic's uncertainty and disruption for their benefit in the form of cyberattacks on remote workers, consumers, organizations, and companies. We can expect for these attacks to not only continue but to multiply as a result. It's time to ensure your organization is prepared for the trends we see on the cyber-risk landscape.

SolarWinds: Continuing Reveals and Fallout
At the end of last year, the SolarWinds breach made headlines as industry professionals tried to unpack the who, what, where, when, and how of the attack, and importantly, whether they were directly affected. Two months after the discovery of the incident, we have started to understand the breadth and depth of the supply chain compromise, but it's still too soon to fully understand the complete and ultimate effects of the likely Russian compromise.

Related Content:

How to Choose the Right Cybersecurity Framework

Special Report: Building an Effective Cybersecurity Incident Response Team

New From The Edge: DDoS's Evolution Doesn't Require a Security Evolution

In fact, Robert Bigman, who served as the intelligence community's most senior information assurance officer for half of his 30-year career in the CIA, recently told the ThreatConnect Podcast it could be two years before we know the extent of the SolarWinds breaches.

In the months ahead, we expect to see additional details discovered on the compromise, related operations, and the actor's follow-on efforts. As we learn more about the situation and the attack, we'll likely see an uptick in the focus on supply chain security as organizations aim to protect themselves from being the target of a similar attack in the future. If you haven't done so already, now would be a good time to review the security posture of all vendors and partners in your supply chain.  

Hackers Gonna Hack
Cyberattacks aren't going anywhere. They will likely increase — whether from state-sponsored actors, cybercriminals, or hacktivists. Ultimately, for government agencies and companies, this means taking a risk-based view of your cybersecurity program. If you don't start with risk, you can't really understand what it is you're trying to do, and that's protect the organization. Without a risk-based view, you don't know what you truly need to protect, where the biggest exposures are, and where existential threats and vulnerabilities are in your enterprise.

Make sure to understand the top threats facing your organization, the specific risks that they pose, and whether or not you have the right tools and procedures in place to prevent some of the attacks or at least mitigate the damage. Remember that it's not enough for your own organization to put strong security protocols in place — it could be your partner, your vendor, or even your customer's systems that create a vulnerability.

Take the knowledge that's been discerned from quantifying your top risk scenarios and use that to solve the prioritization problem in terms of where your threat intelligence teams should spend their time. Even the best vulnerability management program isn't really addressing cyber-risk. Did you know that more than 13% of all Common Vulnerabilities and Exposures (CVEs) have a severity score between 9.0 and 10.0 (the highest possible value)? Of those 13%, 7,628 (or about 47%) are scored at 10.0. The question becomes how can a security team tell one 10.0 from another? And how do businesses know they are focusing on the right ones?

There are thousands of attacks engineered each day. Companies cannot and should not consider every threat as a risk to their business. That would overwhelm and distract from effective risk management. Rather, organizations should strategize according to the probability of an attack targeting their business.

When considering probability, the distinguishing attacker attribute is motivation. Only 11% of cyberattacks have an unknown motive. For the remaining 89% of attacks, motives are understood, ranging from financial gain to competition and political advantage. Triangulating these attack probabilities using industry data serves to filter out irrelevant threats or unlikely events, while focusing attention on the more probable cyber-risks.

Disinformation Doesn't Die
Last year, we learned more about the pervasiveness of influence operations, which we must consider moving forward. Activities such as misinformation, disinformation, and leaking compromised information will continue and professionals should be ready to address these in the context of their organizations.

It also became apparent that influence operations are not exclusively a foreign adversary issue. More and more, we're beginning to see a wide range of influence operations, which can include malicious marketing and public relations activities, that can easily be operationalized against an organization or business by both foreign and domestic actors. These can lead to financial, physical, and other deleterious effects on an organization. As the barrier of entry lowers for bad actors to conduct influence operations, this is increasingly an area where security professionals should direct their attention.

Overall, it is difficult to predict exactly what will materialize in the months ahead in terms of cyber-risks, which is why it is wise to review your organization's security posture as it is currently. Security leaders should review and analyze the full risk landscape facing their entities and proactively identify and correct potential gaps. We can be certain that the attacks will keep coming but acting now can save your organization from future financial and reputational harm.

Ken Todd is a pseudonym for a threat intelligence researcher with ThreatConnect who has several years of experience as a cyber-intelligence analyst. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.