- Get link
- X
- Other Apps
The threat posed by cyber-attacks is increasing from year to year - and that will not change in 2021 either. Of course, it is not possible to precisely predict which threats will arise this year. However, it is important to know the trends. Today's highly networked world offers criminals more and more opportunities to attack, not only through technology but also at the employee level. Any company and any IT landscape can be a target. A company that is familiar with the main developments sensitizes itself and its employees, and works with experts can use a variety of protective mechanisms and thus face any threats more calmly. We have summarized the most important findings and trends for 2021 for you.
Ransomware Is Becoming More Targeted
Cyber attacks, which are used to
extort ransom from the attacked person, are on the rise. They are
essentially based on the fact that criminal attackers encrypt hard disks, parts
of hard disks, and files, and the key required for decryption is only handed over
after payment of the ransom. It is assumed that fewer companies are
currently in the focus of attack, but larger companies, infrastructures,
government organizations, and smart cities are increasing. They are
vulnerable: even the shortest of short downtimes result in extreme costs. In
general, only such companies can pay the sometimes horrific sums that
are extorted.
The ransomware used is becoming more
sophisticated and variable, ie it hides its purpose much more successfully than
was previously the case. The attackers will not let up in the face of the
income that can be achieved: It is estimated that large companies suffered an
average of around 1.5 million dollars in damage per successful attack. The
detection and prevention of ransomware attacks must therefore be given the
highest priority.
In this context, data protection and
backup solutions deserve important attention: They must be checked and tested
regularly. Because backup systems are also attacked and compromised. Ultimately,
if backups fail, companies don't have much more to do than meet the ransom
demands and hope that encrypted data and systems will be accessible again.
Human Target - Phishing and Social Engineering as A Threat
Attacks will be directed to a large
extent against people, ie attackers try to use sophisticated mechanisms to
exploit a human willingness to help, the hierarchical structures of companies, and, in general, human weaknesses. You are looking for a variety of ways
to break into a company and obtain confidential information. Potential
attackers now have an extensive market for "phishing services" at
their disposal, tools are getting better, prices are falling and mobile users
are increasingly becoming the focus of attacks. Security providers have
long since responded and significantly refined their software, but the
attackers are very clever at combining the technical and human components.
Companies have to take countermeasures,
e.g. B. through intensive awareness campaigns. Such employee training
courses are inevitable and at the same time have the potential to be
successful. Anyone who has been informed about who can rely on precise and
well-thought-out company guidelines will be far more likely to see through
"phishing offers" and let them run nowhere. Awareness-raising in
companies about social engineering is fundamentally necessary - training and
information, together with technical mechanisms and guidelines, have a
comparatively high impact.
Similar to ransomware, the attack route
will continue to be predominantly via email. Also, attackers can
use various channels to obtain important information with little effort. In
general, they use various attack platforms, be it SMS, messaging services, game
platforms, and, in general, social media. In this environment, they make use
of all possibilities to obtain personal data, access data, or similar information
for their purposes. You can also get credit card data or other sensitive
information relatively easily via online channels (e.g. via JavaScript). Payment
mechanisms on online platforms are often channels of attack. Experts see
an additional problem that such developments severely damage trust in social
media.
Private End Devices, Third Party Access - the Gateway
Since corporate networks and devices are
much better protected than private ones in times of increasingly distributed
work structures (mobile working, mobile banking, remote access, etc.),
attackers focus on the weaker link in the chain. If the use of private
devices for corporate purposes are permitted, an attack channel is created. Therefore,
appropriate protective measures are just as important as training: only if
users are aware of the risks and this awareness is trained again and again,
safety measures take effect and the advantages of the modern world of work come
into play. The protective measures (from rights management to equipping
private devices with appropriate protective mechanisms) must be taken and
consistently monitored.
Since authorized access by third parties, e.g. B. suppliers, partners,
service providers are increasing on company resources, the focus of attackers
is increasingly on them. It is therefore important to demand security
measures from these third parties by company standards over the
long term.
Critical Infrastructures
It is becoming apparent that the
operators of critical infrastructures (energy, health, finance,
administrations, public utilities, etc.) are increasingly becoming the focus of
attackers. For this purpose, they use the most highly developed attack
methods (APT - Advanced Persistent Threats). Critical infrastructure
operators should be extremely vigilant. It is expected that more attempts
will be made to undermine the sovereignty of countries, to manipulate electoral
processes, and that general political influence will be achieved with the help
of criminal IT resources. Due to the political situation, companies around
the world are advised to pay strict attention to their IT security.
Attacks on All Channels, with All Tools - Under the Highest
Disguise
Since attackers are often starting to
use public file sharing and hosting services over a secure connection (SSL) to
spread malware, phishing, etc., detection is becoming increasingly difficult. Attackers
are increasingly using new technologies that are actually supposed to protect
individual privacy, such as DOH (DNS over HTTPS) or ESNI (Encrypted Server Name
Identification) and end-to-end technology to hide their activities. As a
result, it is problematic for the defenders to recognize attacks and to find
appropriate countermeasures and apply them successfully. Accordingly, it
is important to be prepared for this and, in particular, to secure sensitive
data with various means. The attackers use all sources, including
knowledge,
Cloud Requires Investment
As cloud services are on the rise,
attackers are increasingly focusing on them. If companies map important
strategies, development, financial, and employee data via the cloud, this
attracts attackers. You put a lot more effort and criminal energy into
these segments, the attacks become more intelligent and dangerous. It
should be noted that the cloud providers do not assume any responsibility for
the endpoint; this is always the responsibility of the company. In
the case of cloud services, there is often the risk that data will be made
accessible on the Internet due to configuration errors.
Automation and Transparency Are Becoming Essential.
Companies face the great challenge of
having to monitor and protect every corner of their network - from the endpoint
to the cloud. It is becoming more and more important to have a full
overview of the infrastructure and also of the applications. Companies
that use passive threat detection quickly reach their limits because they have
to manually correlate, analyze and evaluate an almost infinite amount of data. Security
solutions based on automation should therefore be at the top of the 2021 priority list.
IoT in The Attack Focus
In particular, the unmanageable and
rapidly growing landscape of IoT applications provokes corresponding attacks. Certain
applications, devices, and services are used specifically to gain access to
human information and knowledge of industrial machines and processes. Manipulation
of processes in the company is also conceivable. The attackers benefit
from the fact that IoT devices are often negligently configured and not up to
date. Therefore, IoT attacks are possible in many ways. Compromised
IoT devices provide possible access to the company network.
However, current studies show that the threats have been successfully contained
in various IoT areas (e.g. remote control, direct Internet connections); but
there is still a lot to do. It should not be forgotten that the number of
openly accessible gadgets will increase enormously, which in turn will attract
attackers. The same applies to building control systems: some of them are
operated by people who have little expertise in security. If the company's
own Security Operations Center (SOC) does not monitor these devices,
countermeasures must be taken. It is advisable to define IoT security as a
task of the SOC - regardless of whether it is owned by the company or by the
service provider. According to experts, increased DDoS attacks are to be
expected in connection with the further spread of the IoT.
IoT attacks can be contained through network segmentation, strictly controlled
access for partners, and sophisticated network monitoring. A new generation
of security mechanisms is on the rise. For example, “nano security agents”
work on all devices or operating systems in all environments and control the
entire flow of data to and from the device.
In this environment, the technical precautions play an important role, but the organizational level is just as important: The responsibilities must be clearly
defined so that it is established who has to do what in the event of an
attack.
5G
From 2021, companies will increasingly
make use of the possibilities offered by the new 5G mobile communications
standard: bandwidths are increasing dramatically, and an abundance of devices
and sensors will be used. In the health sector, for example, new
applications will collect huge amounts of data on the state of health of
people; in the transport sector, data on mobility behavior will be added -
including general areas of lifestyle (“smart city”). This, in turn, opens up
various attack scenarios - the valuable and sensitive data must be adequately
protected.
Artificial Intelligence
A major trend is to increasingly rely on
artificial intelligence (AI) mechanisms to defend against a variety of attacks. Human
resources are expensive and have limited availability. In many cases,
human action cannot ensure that immediate defense mechanisms are generated in
real-time for the new, fast-moving threats. This is where AI comes into
play: it can - especially in cooperation with experienced analysts - make
significant contributions to keeping security tools up to date in the shortest
possible time and thus constantly improving cybersecurity. New threats are
identified much faster and blocked before they can spread. At the same
time, AI helps to develop appropriate defense tools against new threats much
faster.
However, it is to be expected that criminals will also resort to AI. This
in turn calls for more AI mechanisms to be used in defense. Otherwise, the
cost of meaningful defense increases very sharply. This means that AI can definitely
be seen as a key factor in cybersecurity.
Cryptomining
In general, experts see that crypto-jacking attacks are on the decline. On the one hand, various
providers have developed protective mechanisms, on the other hand, falling
prices for cryptocurrencies make attacks less lucrative. Nevertheless:
Poorly protected servers remain at risk! Even if such attacks were not
particularly frequent in the past year, the amounts of damage are considerable:
They averaged over 1.6 million dollars per damage. The recommendation is
therefore clear: The risk of crypto mining requires appropriate security
solutions.
Outlook: Security Is Based on Expert Knowledge
A higher awareness of safety and
well-founded advice from experienced experts makes it possible to act more
energetically and purposefully. A rethinking is required at the highest
level of every company: The normal case is that companies are attacked, this is
called the "Assume Breach Approach". The absence of an attack
should be viewed as a special case. It is therefore of vital importance
that the business processes of companies are further developed to
become resilient to cyber-attacks and to maintain an acceptable level of
service even in the event of damage. ISPIN can do you, thanks to its own Security
Operation Center and your experience as a cybersecurity service provider for a
wide variety of companies and industries, accompany you on the way to transform
your company into a cyber-resilient organization.
Also, users should rely on antivirus security to track the fraudulent activity and protect their data
Comments
Post a Comment