Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/3/2020
02:00 PM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybercrime: Nation-States Go Prime Time

Critical infrastructure remains a high-value target, but 90% of nation-states also attack other industry sectors.

Cybercriminals have become more sophisticated by employing methodologies that make them both tougher to detect and more capable of thwarting even tech-savvy targets. Hostile nation-states are using new attack methods that improve the odds of infiltrating and knocking off high-value targets. Increasingly, criminal groups are shifting their infrastructure to the cloud in order to hide among legitimate services, and bad actors have figured out novel ways to search the Internet for systems that are vulnerable to disruption.

According to the "Digital Defense Report" recently released by Microsoft, nation-state attacks have moved far beyond critical infrastructure, since the lion's share — over 90% — of security alerts originated from outside of this sector. Within the critical infrastructure arena, 60% of nation-state activity zeroed in on IT organizations, followed by commercial facilities, critical manufacturing, financial services, and the defense industrial base.

Related Content:

Assuring Business Continuity by Reducing Malware Dwell Time

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

Nation-state actors typically do their dirty work in service of broader strategic goals that they see as essential to the political, cultural, and economic health — and even the survival — of their country. That's why the attackers are so determined and ready to put so much time and expense into disruptive cyber operations.

Their Goals: Espionage, Disruption, or Destruction
As noted in Microsoft's report, over a dozen hostile states are launching cyberattacks to collect intelligence about what their targets are thinking and doing. They're seeking official correspondence, proprietary corporate data, and personal information. They've also spearheaded operations designed to disrupt or destroy data and physical infrastructure at the organizations in their crosshairs.

Furthermore, nation-state actors have conducted intrusions intended to disrupt or destroy data or physical assets at targeted facilities or institutions. The US National Institute of Standards and Technology (NIST) defines a disruption as "an unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time." A disruptive attack can cause minor or extended power outages or prolonged network downtime. Destructive attacks are associated with "overwriting, erasing, or physically destroying information," equipment, or facilities.

DDoS Today: Low Cost, Big Impact
As the coronavirus continues its global rampage, organizations everywhere are keeping going by allowing employees to work remotely via VPNs and moving their applications to the cloud. However, this pursuit broadens the attack surface and opens the door to distributed denial-of-service (DDoS) attacks, which are now among the biggest security threats organizations face, as highlighted in the Microsoft report. DDoS attacks are designed to overload an application's resources, making the application or APIs unavailable to legitimate users. The threats can be expensive and cause companies to lose productivity, time, money, customers, and reputation. Cybercriminals can point a DDoS attack at any endpoint that's accessible through the Internet.

Although the methodologies to produce DDoS attacks have become a lot more sophisticated, they've also become simpler and less expensive to launch. This makes it even easier for bad actors to throw a wrench into the lives and operations of users and businesses. Cybercriminals can take advantage of the massive rise in internet traffic since the onset of the pandemic. In effect, it makes it easier to launch a successful attack since when regular traffic is high, cybercriminals have to generate less malicious traffic to disrupt a system (with more online meetings, education settings, and other forms of virtual communication). They can also blend their malicious traffic with legitimate traffic and move up the IT stack towards applications and APIs, which makes the bad stuff much harder to detect.

A Frequently Used Smoke Screen to Keep IT Busy
But taking down a company network isn't always the attackers' real goal. DDoS attacks are often used to distract IT personnel so that a more sinister and destructive job can be carried out. This is a popular trick among cybercriminals. They might tie up an organization's "front door" and keep the IT department preoccupied with (for example) ensuring the company's website while pilfering data from a critical back-end server. This sort of scenario is further complicated these days. With more IT staff working from home, responses might not be as efficient and quickly as they were previously.

Shopping for DDoS? No Problem!
If you know where to look, it's relatively easy to find and buy professional DDoS services on the Dark Web and even the regular Internet. Fees vary and are based on factors such as the security level of the targeted site, the type of DDoS attack, the bandwidth required to conduct the attack, and who's flogging the service. This past May, the average price of a one-day DDoS attack was $134.09, according to Microsoft, although some went for as little as $15.00. The most expensive attack cost $416.67.

Like other cybercriminal services that have been around for a while, DDoS services have found a balance between supply and demand, so prices have stabilized over the last seven years or so. Shorter-duration attacks are the exception. Microsoft reports that the average price of a one-hour DDoS attack increased from $14.71 in July 2019 to $48.63 in May 2020. The average price of a one-day attack has risen from $74.97 in November 2019 to $134.09 in May 2020.

Enterprise Resilience: The New Reality
Although the prolonged COVID-19 pandemic has created a near-ideal environment for cybercriminals, it's also an opportunity for companies everywhere to make IT security and resilience an integral part of the enterprise.

Because so many people are working from home, other corporate assets such as data and intellectual property are also migrating away from headquarters to the cloud. Consequently, the security perimeter has been dramatically extended at a time when it's never been so important to keep IT networks, services, applications, and APIs up and running. 

Just as the pandemic has challenged public officials to protect the health of citizens, its real and potential financial consequences have forced corporate leaders to think hard about how to sustain productivity as their workloads and employees moved away from their facilities. To figure out what had to be moved, corporations had to identify critical services and processes to ensure they weren't abandoned by personnel who needed on-site or break-glass access. Put another way, the pandemic compelled them to participate in a real-time enterprise preparedness exercise. To continue to learn from this, all companies need to scrutinize the productivity and performance of their essential services and processes and bolster their cyber resilience to conform to the new normal.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29129
PUBLISHED: 2020-11-26
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-29130
PUBLISHED: 2020-11-26
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-26936
PUBLISHED: 2020-11-26
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2020-29042
PUBLISHED: 2020-11-26
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
CVE-2020-29043
PUBLISHED: 2020-11-26
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.