How threat actors have responded to the evolution of remote access security

How threat actors have responded to the evolution of remote access security

The move to remote work has seen an increased attack surface that cybercriminals have been eager to exploit. Mark Lukie, APAC Sales Engineering Manager, Barracuda, tells us how poor acControllers have evolved in response to the evolution of remote access security.

Mark Lukie, APAC Sales Engineering Manager, Barracuda

We are now in the third year of COVID-induced disruptions to our work and personal lives.

One of the most immediate and significant impacts of COVID was the rapid shift to large-scale remote work. This trend inevitably increased the attack surface of the organization’s IT assets, a development that threat actors of all kinds were quick to take advantage of.

The initial imperative that precipitated the large-scale shift to remote work is over. Remote work is now becoming an integral part of Digital Transformation, and good security is being put in place from the start, not as an afterthought, and best effort to enable the essential shift to remote work.

That’s the good news. The bad news is that just as organizational approaches to remote access security have evolved, so have those of bad actors of all stripes. Here are some developments that are likely to threaten organizations in 2022 and beyond.

AI-Enabled Business Email Compromise (BEC)

the barracuda Spear Phishing: Top Threats and Trends Vol.7 – Key Findings on the Latest Social Engineering Tactics and the Increasing Complexity of Attacks The report found that in 2021 cybercriminals sent three million messages from 12,000 compromised accounts.

While approximately 500,000 Microsoft 365 accounts were compromised, 36% of organizations that had a compromised account had hackers set up malicious inbox rules to hide their activity. In fact, hackers on average created two rules for each compromised account.

According to the FBI, BEC brings in more revenue for cybercriminals than any other type of cybercrime, almost US$1.9 billion in 2020 (A$2.6 billion). In a BEC attack, the attacker typically persuades an employee to initiate a large electronic payment with an email that appears to be from a known and trusted source. Organizations are getting better at thwarting these attacks by requiring additional checks to verify the authenticity of high-value fund transfer requests.

However, attackers are also getting better at impersonating those who routinely authorize large transactions. They are implementing deeply fake technology to mimic the voices of those people. They then make a phone call to request a high-value transaction. This ploy has already been used successfully several times, including against a bank in the United Arab Emirates that provided criminals with US$35 million (Aus$48 million).

Skill shortage puts cloud security at risk

The security skills shortage is huge, global and well known. the (ISC)2 Cybersecurity Workforce Study, 2021, estimated the global shortage of cybersecurity professionals at 2.7 million. In Australia, he said the number of people working in cybersecurity had grown 34% to 135,000 from 2020 to 2021, with another 25,000 needed.

The impacts of this shortage will be felt for years to come, but as organizations continue to rapidly increase their use of public cloud services, the lack of skills required to ensure the correct configuration and therefore security of these facilities will make you more and more vulnerable. mid 2021 Gartner Forecast Australian spending on public cloud services will reach AU$13.8 billion in 2021 and AU$16.7 billion in 2022.

Security incidents related to its cloud-based services will continue to grow, because the skills shortage isn’t going to go away any time soon. The solution is automation. Organizations need to implement continuous and automated policy enforcement tools.

As industrial networks grow, so does risk

Operational technology to control and monitor industrial systems has been widespread for years. It is now morphing into the Industrial Internet of Things (IIoT), where industrial devices connect to corporate IT networks and the Internet, exposing them to all the dangers that come with it.

Under the many pressures produced by the pandemic, in supply chains, energy prices and more, organizations of all kinds have increased the connectivity of their facilities in search of greater efficiencies and lower costs. When these developments are done under pressure, security tends to suffer.

In August 2021, security researchers disclosed four vulnerabilities in the NicheStack TCP/IP stack used to enable communications on IP-connected OT and IIoT devices. These vulnerabilities could allow attackers to mount remote code execution, denial of service attacks, and more.

Security measures such as firewalls and micro-segmentation can add additional protection, but these vulnerabilities still need to be patched, which can be difficult to do in a continuously running production environment.

Variety is the spice of life for a ransomware actor

As the cost of ransomware attacks and cyber insurance payouts rises, insurers are demanding more baseline security from policyholders. As organizations tighten remote desktop protocols, VPNs, and email security, attackers devise new ways to bypass security.

Supply chain attacks like the one mounted against Kaseya are becoming increasingly popular. Therefore, any organization with digital links to their business customers could be compromised to gain access to the attacker’s ultimate goal.

Attackers will also explore new channels to gain access, such as SharePoint, OneDrive, Google Drive, and Google Docs. These SaaS platforms have already been compromised with new and highly original phishing campaigns, and the number of successful attacks is sure to increase. A high level of visibility and tight control of corporate IT systems and data is essential to detecting and thwarting these advanced threats.

Zero exceptions to Zero Trust for the US government.

On May 21, 2021, United States President Joe Biden issued a Executive Order to Improve the Nation’s Cybersecurity. To the surprise of many in the cybersecurity industry, it required the federal government to “move to Zero Trust architecture”—in other words, it mandated the use of Zero Trust across all federal government entities.

This executive order is likely to spur a significant increase in the adoption of Zero Trust security by the US private sector and elsewhere, as boards and senior management realize that it not only significantly strengthens their security, but also gives them a competitive advantage.

However, they must understand that Zero Trust security is not achieved by simply implementing a product that claims to provide Zero Trust security. Zero Trust is a state of security that is achieved only by addressing multiple issues with the right solutions.

Getting started is easily accomplished with existing security solutions such as host-based firewalls, micro-segmentation, data loss prevention, role-based access controls, etc.

There are many more point solutions, all of which can help optimize an organization’s cybersecurity and build adaptability and resiliency.

Click below to share this article





Leave a Comment