Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/30/2021
01:00 PM
Ken Todd
Ken Todd
Commentary
50%
50%

Watch Out for These Cyber-Risks

It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.

Last year was unprecedented for many reasons, not the least of which was responding to the COVID-19 global pandemic. Unsurprisingly, cybercriminals leveraged the pandemic's uncertainty and disruption for their benefit in the form of cyberattacks on remote workers, consumers, organizations, and companies. We can expect for these attacks to not only continue but to multiply as a result. It's time to ensure your organization is prepared for the trends we see on the cyber-risk landscape.

SolarWinds: Continuing Reveals and Fallout
At the end of last year, the SolarWinds breach made headlines as industry professionals tried to unpack the who, what, where, when, and how of the attack, and importantly, whether they were directly affected. Two months after the discovery of the incident, we have started to understand the breadth and depth of the supply chain compromise, but it's still too soon to fully understand the complete and ultimate effects of the likely Russian compromise.

Related Content:

How to Choose the Right Cybersecurity Framework

Special Report: Building an Effective Cybersecurity Incident Response Team

New From The Edge: DDoS's Evolution Doesn't Require a Security Evolution

In fact, Robert Bigman, who served as the intelligence community's most senior information assurance officer for half of his 30-year career in the CIA, recently told the ThreatConnect Podcast it could be two years before we know the extent of the SolarWinds breaches.

In the months ahead, we expect to see additional details discovered on the compromise, related operations, and the actor's follow-on efforts. As we learn more about the situation and the attack, we'll likely see an uptick in the focus on supply chain security as organizations aim to protect themselves from being the target of a similar attack in the future. If you haven't done so already, now would be a good time to review the security posture of all vendors and partners in your supply chain.  

Hackers Gonna Hack
Cyberattacks aren't going anywhere. They will likely increase — whether from state-sponsored actors, cybercriminals, or hacktivists. Ultimately, for government agencies and companies, this means taking a risk-based view of your cybersecurity program. If you don't start with risk, you can't really understand what it is you're trying to do, and that's protect the organization. Without a risk-based view, you don't know what you truly need to protect, where the biggest exposures are, and where existential threats and vulnerabilities are in your enterprise.

Make sure to understand the top threats facing your organization, the specific risks that they pose, and whether or not you have the right tools and procedures in place to prevent some of the attacks or at least mitigate the damage. Remember that it's not enough for your own organization to put strong security protocols in place — it could be your partner, your vendor, or even your customer's systems that create a vulnerability.

Take the knowledge that's been discerned from quantifying your top risk scenarios and use that to solve the prioritization problem in terms of where your threat intelligence teams should spend their time. Even the best vulnerability management program isn't really addressing cyber-risk. Did you know that more than 13% of all Common Vulnerabilities and Exposures (CVEs) have a severity score between 9.0 and 10.0 (the highest possible value)? Of those 13%, 7,628 (or about 47%) are scored at 10.0. The question becomes how can a security team tell one 10.0 from another? And how do businesses know they are focusing on the right ones?

There are thousands of attacks engineered each day. Companies cannot and should not consider every threat as a risk to their business. That would overwhelm and distract from effective risk management. Rather, organizations should strategize according to the probability of an attack targeting their business.

When considering probability, the distinguishing attacker attribute is motivation. Only 11% of cyberattacks have an unknown motive. For the remaining 89% of attacks, motives are understood, ranging from financial gain to competition and political advantage. Triangulating these attack probabilities using industry data serves to filter out irrelevant threats or unlikely events, while focusing attention on the more probable cyber-risks.

Disinformation Doesn't Die
Last year, we learned more about the pervasiveness of influence operations, which we must consider moving forward. Activities such as misinformation, disinformation, and leaking compromised information will continue and professionals should be ready to address these in the context of their organizations.

It also became apparent that influence operations are not exclusively a foreign adversary issue. More and more, we're beginning to see a wide range of influence operations, which can include malicious marketing and public relations activities, that can easily be operationalized against an organization or business by both foreign and domestic actors. These can lead to financial, physical, and other deleterious effects on an organization. As the barrier of entry lowers for bad actors to conduct influence operations, this is increasingly an area where security professionals should direct their attention.

Overall, it is difficult to predict exactly what will materialize in the months ahead in terms of cyber-risks, which is why it is wise to review your organization's security posture as it is currently. Security leaders should review and analyze the full risk landscape facing their entities and proactively identify and correct potential gaps. We can be certain that the attacks will keep coming but acting now can save your organization from future financial and reputational harm.

Ken Todd is a pseudonym for a threat intelligence researcher with ThreatConnect who has several years of experience as a cyber-intelligence analyst. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36197
PUBLISHED: 2021-05-13
An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This ...
CVE-2020-36198
PUBLISHED: 2021-05-13
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP...
CVE-2021-28799
PUBLISHED: 2021-05-13
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3...
CVE-2021-22155
PUBLISHED: 2021-05-13
An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s acco...
CVE-2021-23134
PUBLISHED: 2021-05-12
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.