When the World Stopped, Cyber Attacks Did Not
Every CISO is now scrambling to get employees back to work in what is labeled "the workplace of the future."
Over the last year, the industry (according to some reports) has seen as much as a 341 percent year-over-year increase in Distributed Denial Service (DDoS) attacks — and as many as 4,000 attacks a day. Bad actors in every theater across the globe are taking advantage of new holes in security infrastructure created by lockdowns and the massive increases in remote work that have resulted from the COVID-19 pandemic.
The global darknet marketplaces offer a continually evolving source of readymade attack tools, tips and knowledge bases to financially motivated cyber criminals. This business is now over $600B. Now when you turn on the TV or pick up a publication, you can’t ignore the topic of cybersecurity.
It does not matter who you are or what industry you are in, you are a target of cybercriminals. Even the K-12 sector is a rich target. In fact, the Cybersecurity Infrastructure Security Agency (CISA), Federal Bureau Investigations (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a Joint Cybersecurity Advisory that provided an assessment on recent attempts of malicious cyber actors to target K-12 educational institutions, leading to a variety of attacks such as ransomware, theft of data and the disruption of online learning services — so yes, everyone is a target.
And when you thought going to local pharmacy would not be a problem, an unsecured database of more than a billion (yes, billion) search records was accidentally posted online and accessible to the public in the spring of 2021.
During the pandemic we saw a number of different types of attacks. In fact, the MS-ISAC and Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) Security Operations Center (SOC) saw an increase in specific types of attacks. Most of these can be thwarted by the basics which include things like sound cyber hygiene and increased vigilance from employees, as I've said before is a team sport.
Some of the attack types that were identified:
Phishing and Malspam: It’s no secret users need to exercise caution when entering credentials into a website, linked from an email, text message or social media account such as Twitter, Instagram or when downloading attachments. Think before you click!
Credential Stuffing: Credential stuffing attacks are rising because many users reuse the same username/password combination across multiple platforms. It certainly may have been necessary to make services available to employees remotely, without the time to secure accounts through multi-factor authentication (MFA).
Ransomware: The scary part is that ransomware is often just a piece of a larger cyber campaign, and many victims have discovered that by the time they realize that their data has been encrypted/destroyed, their data has been stolen and a variety of rootkits/etc. have been left behind for continuing exploitation. WWT's cybersecurity practice applies a methodology that gives organizations the business acumen, customized architectures and operational discipline they need to recover from catastrophic cyber events.
Remote Desktop Protocol (RDP): With an increase in the number of global employees connecting remotely means an increase in the number of systems with open RDP (which is port 3389 ICYMI) potentially being targeted. Reports from a variety of security firms clearly put RDP as the most popular intrusion vector and the source of most ransomware incidents in all of 2020. In addition, cybercriminals have built a thriving economy around selling the stolen credentials for RDP servers.
Distributed Denial of Service (DDoS) Attacks: Having no access to your computer systems because of an attack is even more detrimental with a remote workforce. A massive remote workforce can even act as an unintentional DDoS attack, simply because more users are trying to access much needed services at the same time. Organizations need to think differently. To that extent, WWT was asked to test a virtual DDoS solution from F5 powered by the Intel SmartNIC FPGA. Read further to see the positive test results.
So many corporate functions shifted priorities overnight when the COVID-19 crisis struck. As thousands or even hundreds of thousands of employees suddenly found themselves in a work-from-home model, CISOs adjusted, pivoting from working on routine tasks to long-term goals and establishing secure connections for newly established remote workforces. CISOs also had to take steps to prevent threats that target remote workers and to bolster business-facing operations and e-commerce after a surge in online shopping during pandemic lockdowns.
Now every CISO is scrambling to get the employees back to work in what is labeled “the workplace of the future.” Organizations are now engaged on a significant journey of secure workspace transformation initiatives with the intent to align the organization with the digital trends, as well as the emerging secure hybrid work model coming out of the pandemic — which includes reevaluating cyber and the target state architectures, roadmaps, existing and new requirements with prioritization. Hybrid work has accelerated security OEM migration to more of cloud-delivered infrastructure and has placed more emphasis on securing the identity of a user.
As a result, new architectural approaches are being put forward. The “cybersecurity mesh” was formed, and identity becomes the de facto organizational perimeter. The industry has been talking about how cybersecurity needs to be redefined around the identity of a person or thing so the concept of deploying controls around the organization where they are most needed, in a manner that is adopted, consumed, scalable, flexible and is resilient. The value of a mesh is that you don’t have every security tool running in a silo. A cybersecurity mesh in theory enables tools to interoperate by providing foundational security services as well as centralized policy management and orchestration.
Something I discuss with everyone that I am talking to is that now is a good time to rethink the security transformation strategy, from tooling to policy to staffing. We all have done a lot of reflecting and revaluating over the last year, both personally and professionally, and now is a good time to accelerate and mature our security transformation strategy.
At WWT, our approach to security transformation is holistic, outcome-focused and incorporates multi-domain expertise that leverages our consultative and engineering capabilities. We not only provision solutions, but also integrate OEM products and deliver strategic, security-focused services. WWT understands that the maturity of a company’s security posture reflects the stability of its brand. Our security practice is made up of battle-tested security experts, including former CISOs and senior members of the intelligence community. We also maintain relationships with more than 90 leading security OEMs.