Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/15/2020
02:00 PM
Scott Taschler
Scott Taschler
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Nowhere to Hide: Don't Let Your Guard Down This Holiday Season

Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.

For many people around the world, 2020 has been a deeply challenging year. Fear and uncertainty have shaped their lives personally and professionally. At the same time, accelerated digital transformations have been thrust upon countless organizations. In the midst of this adversity, an ever-growing cohort of cyber-threat actors has seized on 2020's challenges as the ultimate opportunity.

Unfortunately, 2020 has already claimed the regrettable title of having the "highest number of potential intrusions uncovered by Falcon OverWatch in a calendar year."

Fig. 1. CrowdStrike observed more potential intrusions in the first half of 2020 than in all of 2019. Source: CrowdStrike
Fig. 1. CrowdStrike observed more potential intrusions in the first half of 2020 than in all of 2019. Source: CrowdStrike

Related Content:

Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Building an Effective Cybersecurity Incident Response Team

Next-Gen Firewalls 101: Not Just a Buzzword

Adversaries Don't Vacation
Organizations will naturally look toward the holiday season as an opportunity for employees to regroup and recharge. But defenders should be proactively working to harden their defenses to ensure that any operational downtime doesn't become an open door for threats. Both state-sponsored and e-crime actors have remained highly active through the second half of 2020.

Fig. 2. OverWatch observed intrusion campaigns increasing throughout 2019 and into 2020. Source: CrowdStrike
Fig. 2. OverWatch observed intrusion campaigns increasing throughout 2019 and into 2020. Source: CrowdStrike

Opportunistic e-crime actors have found 2020 to be a particularly lucrative year. It is continuing to make gains on state-sponsored activity; e-crime now comprises 82% of all intrusions uncovered by OverWatch (where it was possible to make attribution to a high degree of confidence). One particularly disappointing development from e-crime threat actors has been the widespread ransomware attacks against the healthcare industry, resulting in potentially serious delays in patient care. This should show organizations across all sectors the extreme lengths that today's e-crime actors will go to in pursuit of profit.

Fig. 3. In 2020, e-crime intrusions gained ground over state-sponsored attacks compared to 2019. Source: CrowdStrike
Fig. 3. In 2020, e-crime intrusions gained ground over state-sponsored attacks compared to 2019. Source: CrowdStrike

Threat hunters routinely observe threat actors staging their campaigns outside of business hours or during holiday periods, when it is perceived that organizations' defenses will be weaker. Knowing this helps defenders make decisions to ensure business resiliency during these periods to keep their environment safer.

Holiday Season Security Checklist
Before settling in for the holidays, I strongly recommend that defenders address five key areas of defense that will be critical to preventing intrusions at the end of 2020:

  1. Establish a proactive and continuous threat-hunting practice.
    Complement investments in technology-based defenses with human capabilities to hunt down and protect against the persistent and stealthy intrusions that automated detection systems alone cannot prevent. Human hunters are the best defense against human adversaries. Organizations can implement threat-hunting teams in-house or outsource resources to meet demands.
  2. Audit internet-facing infrastructure for missing security patches.
    Accelerated digital transformation in 2020 has opened the door for adversaries — now is the time to close it. Getting the basics right has never been more important. Any infrastructure that is internet facing needs to be properly configured and fully patched.
  3. Eliminate excess software.
    Adversaries will attempt to evade defenses by using native tools or legitimate software. Organizations should establish strict controls over at-risk services exposed to the internet and eliminate unneeded software running in their environments.
  4. Establish and enforce strong password policies and multifactor authentication.
    The use of valid accounts continues to be among the most commonly seen techniques employed by adversaries. Defenders should ensure strong password policies are in place, enforce use of multifactor authentication, and routinely monitor authentication logs, account creation, and changes in user privileges.
  5. Prepare your users to join the fight.
    While technology is clearly critical in the fight to detect and stop intrusions, the end user remains a crucial link in the chain to stop breaches. Users should be alert to COVID-19 or holiday-season themed phishing attempts. Well-trained employees can be an asset in combating the continued threat of social engineering techniques.

Scott Taschler is a 20+ year veteran of the cybersecurity industry, with a strong focus on security operations, threat hunting, and incident response. In his current role as Director of Product Marketing for CrowdStrike, Scott works with organizations all around the globe to ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10062
PUBLISHED: 2021-05-13
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attri...
CVE-2020-23995
PUBLISHED: 2021-05-13
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
CVE-2020-23996
PUBLISHED: 2021-05-13
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
CVE-2021-29510
PUBLISHED: 2021-05-13
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patche...
CVE-2021-23906
PUBLISHED: 2021-05-13
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.