Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/30/2021
01:00 PM
Ken Todd
Ken Todd
Commentary
50%
50%

Watch Out for These Cyber-Risks

It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.

Last year was unprecedented for many reasons, not the least of which was responding to the COVID-19 global pandemic. Unsurprisingly, cybercriminals leveraged the pandemic's uncertainty and disruption for their benefit in the form of cyberattacks on remote workers, consumers, organizations, and companies. We can expect for these attacks to not only continue but to multiply as a result. It's time to ensure your organization is prepared for the trends we see on the cyber-risk landscape.

SolarWinds: Continuing Reveals and Fallout
At the end of last year, the SolarWinds breach made headlines as industry professionals tried to unpack the who, what, where, when, and how of the attack, and importantly, whether they were directly affected. Two months after the discovery of the incident, we have started to understand the breadth and depth of the supply chain compromise, but it's still too soon to fully understand the complete and ultimate effects of the likely Russian compromise.

Related Content:

How to Choose the Right Cybersecurity Framework

Special Report: Building an Effective Cybersecurity Incident Response Team

New From The Edge: DDoS's Evolution Doesn't Require a Security Evolution

In fact, Robert Bigman, who served as the intelligence community's most senior information assurance officer for half of his 30-year career in the CIA, recently told the ThreatConnect Podcast it could be two years before we know the extent of the SolarWinds breaches.

In the months ahead, we expect to see additional details discovered on the compromise, related operations, and the actor's follow-on efforts. As we learn more about the situation and the attack, we'll likely see an uptick in the focus on supply chain security as organizations aim to protect themselves from being the target of a similar attack in the future. If you haven't done so already, now would be a good time to review the security posture of all vendors and partners in your supply chain.  

Hackers Gonna Hack
Cyberattacks aren't going anywhere. They will likely increase — whether from state-sponsored actors, cybercriminals, or hacktivists. Ultimately, for government agencies and companies, this means taking a risk-based view of your cybersecurity program. If you don't start with risk, you can't really understand what it is you're trying to do, and that's protect the organization. Without a risk-based view, you don't know what you truly need to protect, where the biggest exposures are, and where existential threats and vulnerabilities are in your enterprise.

Make sure to understand the top threats facing your organization, the specific risks that they pose, and whether or not you have the right tools and procedures in place to prevent some of the attacks or at least mitigate the damage. Remember that it's not enough for your own organization to put strong security protocols in place — it could be your partner, your vendor, or even your customer's systems that create a vulnerability.

Take the knowledge that's been discerned from quantifying your top risk scenarios and use that to solve the prioritization problem in terms of where your threat intelligence teams should spend their time. Even the best vulnerability management program isn't really addressing cyber-risk. Did you know that more than 13% of all Common Vulnerabilities and Exposures (CVEs) have a severity score between 9.0 and 10.0 (the highest possible value)? Of those 13%, 7,628 (or about 47%) are scored at 10.0. The question becomes how can a security team tell one 10.0 from another? And how do businesses know they are focusing on the right ones?

There are thousands of attacks engineered each day. Companies cannot and should not consider every threat as a risk to their business. That would overwhelm and distract from effective risk management. Rather, organizations should strategize according to the probability of an attack targeting their business.

When considering probability, the distinguishing attacker attribute is motivation. Only 11% of cyberattacks have an unknown motive. For the remaining 89% of attacks, motives are understood, ranging from financial gain to competition and political advantage. Triangulating these attack probabilities using industry data serves to filter out irrelevant threats or unlikely events, while focusing attention on the more probable cyber-risks.

Disinformation Doesn't Die
Last year, we learned more about the pervasiveness of influence operations, which we must consider moving forward. Activities such as misinformation, disinformation, and leaking compromised information will continue and professionals should be ready to address these in the context of their organizations.

It also became apparent that influence operations are not exclusively a foreign adversary issue. More and more, we're beginning to see a wide range of influence operations, which can include malicious marketing and public relations activities, that can easily be operationalized against an organization or business by both foreign and domestic actors. These can lead to financial, physical, and other deleterious effects on an organization. As the barrier of entry lowers for bad actors to conduct influence operations, this is increasingly an area where security professionals should direct their attention.

Overall, it is difficult to predict exactly what will materialize in the months ahead in terms of cyber-risks, which is why it is wise to review your organization's security posture as it is currently. Security leaders should review and analyze the full risk landscape facing their entities and proactively identify and correct potential gaps. We can be certain that the attacks will keep coming but acting now can save your organization from future financial and reputational harm.

Ken Todd is a pseudonym for a threat intelligence researcher with ThreatConnect who has several years of experience as a cyber-intelligence analyst. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...