It's that time of year once again - to take a look ahead at what we can expect in cybersecurity for the new calendar year. The effects of the global pandemic continue to impact not just our health but our global economy, and cyber-attackers are just as persistent as those fighting for our wellbeing. Not surprisingly, ransomware is expected to remain a top threat for businesses worldwide. As supply chain challenges grow due to the pandemic, attackers are expected to also grow, evolve, and further automate attacks against suppliers. Vigilance is crucial, layered security is key, and even traditional methods of prevention have an important role to play in defending against these attacks - provided we are doing our part in keeping them tuned and our cybersecurity programs current.

Attackers Grow Operations and Monetize Services

Development Operations in criminal enterprises will continue to proliferate as attacker tools grow in demand. CyberArk Labs anticipates malware as a service (MaaS) to be as popular as legitimate software, with cloud infrastructures used to develop exploits in much the same way businesses use them. Mandiant reports that this activity will become more complex due to "outsourcing in malicious operations via mechanisms such as ransomware affiliate programs, exploit vendors, commercial contractors, malware vendors and freelancers," with no signs of slowing down in 2022.

However, CyberArk states "[j]ust like any other enterprise, they'll face new security challenges in managing multi-tenant SaaS applications, securing remote access to sensitive systems and data and more."

Zero-Day Attacks Using Open-Source Software and Ransomware

Security research firms like CyberArk Labs also expect an increase in attacks against open-source libraries, which often go undetected and can be executed quickly. These attacks can allow for 1.) credential theft and 2.) access to create backdoor functions to install ransomware, which in turn is expected to continue to trend upward. Ransomware has become a lucrative business, with criminals operating from locations outside legal jurisdictions. Mandiant reports that attackers will continue to leverage multiple extortion in ransomware attacks and will even try to recruit insiders to carry out the ransom demands.

Deepfakes for Business Email Compromise

"Deepfake" is a combination of "deep learning" and "fake". This method of manipulating media started in 2017 using new artificial intelligence technology to create videos or photos of people doing things they didn't actually do. It has quickly grown and improved in sophistication - to where it is expected to be used to bypass authentication and identification systems as well as facilitate business email compromise schemes and social engineering attacks. Mandiant's report states that "the effectiveness of deepfakes in information operations has been discussed in the security community, but state sponsored and financially motivated actors have also demonstrated growing interest in this technology."

Many Traditional Protection Methods Are Still Effective

The fact that cyberattacks continue to grow in sophistication does not necessarily mean we have to abandon how we're currently protecting our technology environments. For starters, we must remain vigilant. It is imperative that everyone understands the threats that could impact business operations and how to best defend against them. It is also imperative to maintain focus on the traditional protection methods and ensure they are configured for optimal effectiveness1:

  1. Social engineering/security awareness training. Conduct ongoing security awareness training to reduce the risk of individuals inadvertently providing access credentials or clicking on malicious links or attachments. This is a critical component of any comprehensive information security program.
  2. System access reviews. Periodic review of account creation process, as well as a review of privileged accounts, can help ensure the principle of least privilege is being followed. Enforce the requirement to create unique passwords. Ransomware commonly spreads due to the re-use of local administrator passwords or compromised privileged accounts.
  3. Vulnerability/Patch Management. Proactively scan for, and address, vulnerabilities in your systems. Devices in your environment should have the latest security updates (patches). Annual reviews of patching policies and procedures should be part of your risk assessments.
  4. SIEM. Implement a Security Information Event Management system to alert of changes in the environment which can point to a potential spread of ransomware. This includes alerting when employees open malicious attachments, monitoring for known ransomware file extensions, and configuring alerts for an excessive number of files being renamed or encrypted.
  5. Air-gapped backups. Protecting backups from ransomware is a critical concern. Ensure your critical system/data backups are stored offsite in a network completely separate from your production network.

Your risk appetite is the ultimate measure of preparedness. Having proactive measures in place depends on the threats to your business and your tolerance for disruptions.

How can we help you better manage information and network security
risk for 2022 and beyond?

Source:

1https://www.financialexecutives.org/FEI-Daily/October-2021/The-Wild-World-of-Crypto-Ransomware-Payments.aspx

Attachments

  • Original Link
  • Original Document
  • Permalink

Disclaimer

Jack Henry & Associates Inc. published this content on 20 January 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 20 January 2022 14:30:08 UTC.