Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:00 PM
Scott Taschler
Scott Taschler
Connect Directly
E-Mail vvv

Nowhere to Hide: Don't Let Your Guard Down This Holiday Season

Harden your defenses to ensure that your holiday downtime doesn't become an open door for cyber threats.

For many people around the world, 2020 has been a deeply challenging year. Fear and uncertainty have shaped their lives personally and professionally. At the same time, accelerated digital transformations have been thrust upon countless organizations. In the midst of this adversity, an ever-growing cohort of cyber-threat actors has seized on 2020's challenges as the ultimate opportunity.

Unfortunately, 2020 has already claimed the regrettable title of having the "highest number of potential intrusions uncovered by Falcon OverWatch in a calendar year."

Fig. 1. CrowdStrike observed more potential intrusions in the first half of 2020 than in all of 2019. Source: CrowdStrike
Fig. 1. CrowdStrike observed more potential intrusions in the first half of 2020 than in all of 2019. Source: CrowdStrike

Related Content:

Failing Toward Zero: Why Your Security Needs to Fail to Get Better

Building an Effective Cybersecurity Incident Response Team

Next-Gen Firewalls 101: Not Just a Buzzword

Adversaries Don't Vacation
Organizations will naturally look toward the holiday season as an opportunity for employees to regroup and recharge. But defenders should be proactively working to harden their defenses to ensure that any operational downtime doesn't become an open door for threats. Both state-sponsored and e-crime actors have remained highly active through the second half of 2020.

Fig. 2. OverWatch observed intrusion campaigns increasing throughout 2019 and into 2020. Source: CrowdStrike
Fig. 2. OverWatch observed intrusion campaigns increasing throughout 2019 and into 2020. Source: CrowdStrike

Opportunistic e-crime actors have found 2020 to be a particularly lucrative year. It is continuing to make gains on state-sponsored activity; e-crime now comprises 82% of all intrusions uncovered by OverWatch (where it was possible to make attribution to a high degree of confidence). One particularly disappointing development from e-crime threat actors has been the widespread ransomware attacks against the healthcare industry, resulting in potentially serious delays in patient care. This should show organizations across all sectors the extreme lengths that today's e-crime actors will go to in pursuit of profit.

Fig. 3. In 2020, e-crime intrusions gained ground over state-sponsored attacks compared to 2019. Source: CrowdStrike
Fig. 3. In 2020, e-crime intrusions gained ground over state-sponsored attacks compared to 2019. Source: CrowdStrike

Threat hunters routinely observe threat actors staging their campaigns outside of business hours or during holiday periods, when it is perceived that organizations' defenses will be weaker. Knowing this helps defenders make decisions to ensure business resiliency during these periods to keep their environment safer.

Holiday Season Security Checklist
Before settling in for the holidays, I strongly recommend that defenders address five key areas of defense that will be critical to preventing intrusions at the end of 2020:

  1. Establish a proactive and continuous threat-hunting practice.
    Complement investments in technology-based defenses with human capabilities to hunt down and protect against the persistent and stealthy intrusions that automated detection systems alone cannot prevent. Human hunters are the best defense against human adversaries. Organizations can implement threat-hunting teams in-house or outsource resources to meet demands.
  2. Audit internet-facing infrastructure for missing security patches.
    Accelerated digital transformation in 2020 has opened the door for adversaries — now is the time to close it. Getting the basics right has never been more important. Any infrastructure that is internet facing needs to be properly configured and fully patched.
  3. Eliminate excess software.
    Adversaries will attempt to evade defenses by using native tools or legitimate software. Organizations should establish strict controls over at-risk services exposed to the internet and eliminate unneeded software running in their environments.
  4. Establish and enforce strong password policies and multifactor authentication.
    The use of valid accounts continues to be among the most commonly seen techniques employed by adversaries. Defenders should ensure strong password policies are in place, enforce use of multifactor authentication, and routinely monitor authentication logs, account creation, and changes in user privileges.
  5. Prepare your users to join the fight.
    While technology is clearly critical in the fight to detect and stop intrusions, the end user remains a crucial link in the chain to stop breaches. Users should be alert to COVID-19 or holiday-season themed phishing attempts. Well-trained employees can be an asset in combating the continued threat of social engineering techniques.

Scott Taschler is a 20+ year veteran of the cybersecurity industry, with a strong focus on security operations, threat hunting, and incident response. In his current role as Director of Product Marketing for CrowdStrike, Scott works with organizations all around the globe to ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...