Steve provides research, analysis, insight and commentary on topical issues and events.
He lives in New Zealand and has been working at FastTrack Software for 10 years as a cyber security analyst and technical writer.
Adapting to the Threat-Landscape in 2022
Not only is your organization now more likely to be targeted (and indeed, successfully infiltrated) by cyber criminals – the impact is also likely to be greater.
This has been seen in the increased cyberattacks
over the past two years, coupled with record-breaking payouts made by desperate victims of ransomware attacks.
It’s not too difficult to put two and two together: these increases have coincided with the COVID-19 pandemic. The sad fact is, while the virus has been negatively affecting peoples’ health and livelihoods, it’s also had an enormous effect on reshaping the cyber-threat landscape – not for the better.
As businesses and people have slowly adapted to the new norm, hackers have capitalized on it, and now more than ever are targeting the weakest link in the cybersecurity chain: humans.
Left Weakened – In More than just Health
There are the blatantly obvious, and then the slightly more subtle, changes to work-life that have contributed to the more dangerous threat-landscape that we now live in. And although adjustments have been made and the worst is (hopefully) behind us, cyber criminals still seem to be making the most of all the things that have made us more vulnerable throughout the shift:
Increased Online Presence = More Vulnerability
- A huge chunk of the population is now signed up with Zoom, Teams, Skype, Webex Meetings, Google Meet, and any other manner of software that their own organization and others have forced them to adopt in order to keep operating from home. With a hoard of new accounts and associated PII online, videoconferencing applications in particular have become a target for cyber criminals looking to steal data and sell it to the highest bidder.
Transition to Working From Home (WFH)
- With the increased use of personal devices, the same computers used for gaming, streaming and downloading illegal torrents (shhh) are now being used for business purposes – all these outside-of-work activities leaving the user more exposed to malware through fake sites, malicious downloads, and social engineering tactics. Even for workers within the office, the risk remains high with companies opting for BYOD (Bring Your Own Device) over the more secure and manageable COPE (Corporate Owned, Personally Operated) version.
- The lack of security controls in the home office compared to the work office are undeniable. There are no company IT Admins securing the network, updating software, monitoring channels, or supervising privileged activity, and although policies may have been created to crack down on this, they’re much more difficult to enforce remotely.
- The unavoidable distractions throughout the home: spouses, children, pets, visitors – the kitchen, lounge, or bedroom may now be a shared office, and distractions lead to carelessness and mistakes. Sensitive information is also in greater danger in a shared space without policies enforced and technical measures in place to protect it.
Target on Health Sector
- With thousands in and out of hospitals, the doctor, signing-up to Health apps, checking-in to locations – there’s more sensitive data online than ever. Sectors that were previously left alone, even at the beginning of the pandemic, are now a popular target for cyber criminals.
Advanced Social Engineering
- So much more is now communicated digitally rather than face-to-face. Being overrun with emails increases the chances of clicking on a link that’s less-than-desirable.
- Hackers have been getting ludicrously creative in email campaigns, capitalizing on peoples’ fear of the virus or their good natures by posing as government agencies, health sector personnel, or other ‘typically trustworthy’ pseudonyms and convincing them to click on links, transfer money, or fill out forms with their personal information.
- According to a survey conducted by Tessian, 52% of people said that stress causes them to make more mistakes. With the global pandemic continuing to cause economic pressure, health issues and general unhappiness, you can guarantee that stress levels are high, and cybersecurity has not been at the forefront of peoples’ minds – and won’t be for a while yet.
Cause and Effect:
On the other side of the coin, how has the changed landscape been reflected in recent cyberattacks?
The standout effect is undoubtably the colossal monetary amounts being paid by organizations who have been hit with ransomware during the pandemic.
- University of California San Francisco (UCSF), June 2020: $1.14 million. The varsity’s School of Medicine was targeted by Netwalker, and by the time the infection was contained, it had already fully encrypted their servers.
- FatFace, January 2021: $2 million. Conti ransomware gang targeted the retailer and initially demanded $8 million, but were negotiated down to $2 million – still a substantial amount.
- CWT Global, July 2020: $4 million. The hackers reportedly brought down 30,000 computers of the US travel company and stole 2 terabytes of data, demanding a $10 million ransom for its return before being negotiated down to $4 million.
- Colonial Pipeline, May 2021: $4 million. DarkSide got their way with the gas company who had to shut down their operational technology network to stop the infection spreading. The pressure was felt when the lack of fuel became noticeable throughout the US, and the organization eventually had to pay the ransom after initially stating they wouldn’t.
- Brenntag, May 2021: $4.4 million. Along with the Colonial Pipeline attack, DarkSide targeted the Brenntag chemical distribution company, stealing 150GB of data and causing major disruption. The original $7.5 million ransom was negotiated down to $4.4.
- JBS, June 2021: $11 million. The second-largest known ransomware payout by the US meat supplier after REvil rendered the processing plants that deal with a fifth of the country’s meat supply unusable. The payment was made in order to “shield JBS meat plants from further disruption and to limit the potential impact on restaurants, grocery stores and farmers that rely on JBS.”
- CNA Financial, March 2021: A reported $40 million – a world record. One of the largest insurance companies in the United States reportedly paid the staggering amount to have company data returned and regain access and control of its network after infiltration by Evil Corp.
Who’s To Blame?
(Aside from the cyber gangs themselves of course…)
Like all malicious software, ransomware has to get onto the computer before it can do any damage.
The most common channels
seem to be backdoor trojans, fake software update tools / cracks, phishing campaigns, and unofficial software-download sources.
These are all methods that humans are susceptible to inadvertently falling victim to – and have likely become more susceptible to thanks to the changes brought about by the pandemic.
With vulnerable WFH environments, an ever-increasing online presence, advanced social engineering tactics capitalizing on COVID, and ‘more important things to worry about’ (for the average employee that is), it's unsurprising that ransomware actors have been so successful at having their demands met after successful infiltration and debilitating attacks.
Turning the Tables in 2022
That’s not to say it need continue in the same fashion this year.
Whether your workforce is remote or in the office, a number of organizational measures should be taken to address the critical ‘human-factor’, including the usual tactics:
- Lessen exposure by providing employees with company devices to avoid the added risk of using personal devices for business work.
- Only allow approved software on devices, and ensure settings are configured for maximum security.
- Conduct frequent reviews of cybersecurity measures in-place, as well as Business Continuity and Disaster Recovery plans.
- Configure or enforce time-outs or ‘Lock before you leave’ policies, to prevent sensitive data being accessed by the wrong people.
- Educate your employees about the dangers of clicking email links, visiting suspicious sites, or downloading files, without being 100% sure of their legitimacy.
That being said, human error is human error, and as long as there are humans using computers… well, “to err is human”!
Admin By Request’s Privileged Access Management (PAM) solution is one such advanced technology that provides protection both in the office and in remote locations, taking a ‘zero-trust’ approach over a ‘default access’ one.
The solution revokes administrative rights on endpoints to which it’s deployed and prevents unintentional installation of malicious files through the use of a multi anti-virus-engine API
integration. Ransomware actors, who love to propagate via privilege escalation, can’t spread without swift detection thanks to the software’s logging and alerting capabilities.
Admin By Request adopts the Principle of Least Privilege and Just-In-Time elevation, meaning users don’t lose control; they can still use their personal or company devices as normal – install software as required – without the attached risks.
We Know We’re Vulnerable – So Install a Safety Net
We’re (unintentionally) our own worst enemies, but with organizational measures implemented, education, and an advanced safety net deployed, we don’t have to be labelled as the weakest link in the cybersecurity chain.
Implement your own safety net so that human mistakes don’t have to cost your organization millions. Install Admin By Request, free for up to 25 endpoints, and see how we can help your humans today.