The world is a different place in 2020 than ever before. No one could have anticipated how the norms and routines of our personal and work lives would be challenged. With the coronavirus driving schools and businesses online, cybersecurity has become more challenging (and important) than ever. As the world responded by going online, cybercriminals adapted accordingly, impacting some of our cybersecurity assumptions. Here’s a look at seven cybersecurity trends impacting our online lives in 2020.
1. An Explosion of Attacks on RDP Ports
This year, there was a dramatic move to work and learn from home. Many schools and businesses that previously enabled remote access to serve a limited number of users, abruptly found themselves struggling to provide secure access for everyone. Many were challenged to keep up – with inadequate infrastructure, staff, and procedures to manage the shift.
Cybercriminals saw an opportunity. Many organizations rely on software using Microsoft’s Remote Desktop Protocol (RDP) as a basis for remote network access. Many of the new users create passwords that are susceptible to being broken by a brute force attack. According to Kaspersky, a multinational cybersecurity firm, brute force attacks on RDP ports in the United States skyrocketed from about 200,000 per day in early 2020; to 800,000 per day in mid-March; and over 1.4 million per day in early April.
There are steps an organization can be take to protect against these attacks, including:
- Keep software up to date. RDP has periodically had flaws discovered that hackers were able to exploit.
- Make sure users have long and complex passwords. Multifactor authorization is even better.
- Consider using an alternative solution that does not rely on RDP.
2. Ransomware Attacks are Getting More Sophisticated
Ransomware has been around for a long time. Fun fact: the first documented ransomware attack was in 1989, when a Trojan on a floppy disk encrypted file names on a victim’s computer and demanded $189 be sent to a mailbox in Panama to get the key to restore the files.
Ransomware has evolved with the times. In 2020, we are now seeing ransomware used by increasingly sophisticated cybercriminals. These groups target companies with a low tolerance for downtime. IBM estimates that 25% of all ransomware attacks this year targeted manufacturing companies, who often cannot afford facility downtime. Many companies in such circumstances will end up paying rather than risking even a few days offline.
The criminal organizations are researching specific targets and choosing the price of a ransom demand accordingly, based on an organization’s revenue and profits. Ransomware demands climbed as high as $40 million. While these large demands are not paid, some settlements have topped $1 million.
There is a clear trend of combining ransomware and extortion attacks. In these attacks, the hackers steal data before encrypting files. A threat is then issued: pay the ransom to get your data back or it will be sold on the black marketing. If this includes either important corporate information or sensitive personal data, such as health or financial information on individuals, the victim may feel pressure to pay.
One reason for the upsurge in combo ransomware extortion attacks is the availability of ransomware strains offering this feature. The two most common ransomware strains in 2020, Sodinokibi and Maze, both combine ransomware with extortion capabilities and are available in the cloud as a “ransomware-as-a-service.”
3. Mobile Apps Increasingly Targeted
Mobile devices often do not have the same level of cybersecurity protection that standard computers enjoy. Cybercriminals are eager to exploit this fact. Mobile malware can take many different forms:
- Spyware has been around for a long time. It looks like a legitimate app, but its actual purpose is to download user data and sell it to a third party.
- Mobile trojans can attach themselves to real apps. When a user opens the app, the trojan is activated. This type of malware is often used to capture banking credentials.
- Mobile phishing is a newer threat becoming increasingly common. It works similarly to regular phishing, except delivered via a text instead of in an email. Get a message to update your app via SMS, click on a link, and you may just have given your credentials to a hacker.
Android phones are 50 times likelier to have malware on an app. This is because Google has an “open source” operating system, giving hackers visibility into the operating system. This ability to view and modify the OS makes it much easier to sneak in malware than is the case for Apple’s closed system for iOS.
Users should be cautioned to be just as careful clicking on links that are delivered via SMS as they would be with a link delivered by way of email.
4. New Technology Means New Risks – 5G and IoT
Anytime new technology is introduced it brings additional security risks. This is because flaws and vulnerabilities in technology are discovered and solved over time.
The rollout of 5G brings several concerns. The biggest is there will be more devices for bad actors to target. 5G does more than enable smartphone users to surf the internet faster. An explosion in “Internet-of-Things” (IoT) connected devices will be enabled by 5G. Think smart speakers, fridges, and home security systems.
In addition to faster connectivity, 5G has very low latency and coverage will be ubiquitous. This will allow the connection of “smart vehicles” and transport infrastructure. 5G will advance the capabilities of autonomous vehicles, as it will create the opportunity for vehicles to talk to each other, potentially creating another dimension of concern.
Many other IoT devices that may be used in critical applications, including industrial and medical, are expected to connect to 5G. More devices mean more targets.
5. Cloud Migration – Security Risks and Benefits
The cloud is here. It’s big and is getting bigger. Gartner estimates that by 2021, 75% of mid- and large-size companies will be using multi-cloud or hybrid-cloud strategies. Cisco predicts that by 2021 cloud data centers may be processing an astonishing 94% of all workloads. Public cloud spending is expected to top $266 billion this year.
Cloud computing offers some security advantages over traditional server-based computing, while it also brings some additional risks.
There are two sides to cloud computing security: the infrastructure side and the customer side. On the infrastructure side, if you go with a reputable cloud vendor, such as Google, Microsoft, or Amazon, you can be sure they are spending tremendous resources on security. It is likely that, on the infrastructure side, security is greater than it would be in your own server room. All reputable providers have large teams of experts updating software, patching vulnerabilities, and monitoring systems in near real-time.
In contrast, there are some new risks associated with the public cloud. Mainly, your data is in someone else’s environment. A corrupt insider at the vendor could potentially access your data for malicious purposes. You have to trust that your vendor has safeguards, such as background checks and security redundancies in place. Additionally, your data may be on a shared server. If proper precautions are not taken by the cloud vendor, another organization my unintentionally have access to your information.
The customer however, still has to control the data they are putting in the cloud and who has access to it. This critical part of cloud security is not up to the vendor. Since the cloud may not have been originally part of the company’s security setup, there needs to be special attention paid to enforcing security guidelines on cloud resources, not just on the internal resources.
6. “Zero Trust” Growing in Popularity
“Zero Trust” is a concept that was first unveiled ten years ago by John Kindervag of Forrester Research. Kindervag referred to a then-old saying about information security: “We want our network to be like an M&M, with a hard crunchy outside and a soft chewy center.” The idea was to have strong defenses around the network perimeter – firewalls, intrusion prevention systems, VPNs, etc. – but once inside the network traffic could be trusted.
One of the biggest problems with that approach is that it offers no defense whatsoever against the “trusted insider.” If a criminal gets a job with your company, or someone inside can be bribed by someone outside, sensitive information can be jeopardized.
The solution is to avoid giving anyone the keys to the kingdom. Instead of focusing security only on “North-South” traffic, traffic coming into and going out from the network, it pays attention to the “East-West” traffic, the traffic between servers and other endpoints as well.
Many companies are moving to micro-segmentation, where applications and data are isolated from each other. This is done by implementing “least privilege access.” Users should only have access to the specific apps and data they need to do their job. The same applies for privileged accounts, such as an admin account, which should only be created in limited capacity in order to track and audit appropriate changes.
There are many different ways to implement least privilege access; the most common is Role Base Access Control (RBAC), where access is assigned based on the person’s role within the organization. While it is safer to bring access down to the individual level, it can be administratively more complex. Some vendors are developing tools to automatically provide that granularity.
The same logic applies to websites and surfing the internet. You can whitelist a website, only to have someone hijack the URL. The best approach is to adopt a “Zero Trust” philosophy for web surfing as well. This can be implemented with Remote Browser Isolation (RBI), where all web surfing is done on an isolated server, preferable in a one-time-use container, so that if a user does click on the wrong link that would install malware, the malware can’t infect the company’s actual server or the user’s device.
7. Growing Interest in Security-as-a-Service.
Just as “Software-as-a-Service,” or SaaS, has become increasingly popular, Security-as-a-Service (SECaaS) is also growing in popularity. With SECaaS, vendors provide cloud-based security services, typically including things such as anti-virus and anti-malware software, penetration testing, intrusion detection, and authentication services.
The future of cloud-based security is Secure Access Service Edge (SASE). As described by Gartner, SASE will bring together Wide Area Networking and Network Security Services such as “Zero Trust” into a cloud-delivered service. The idea is to make it easier for organizations to provide secure access regardless of where the users or applications are located. There are not many vendors providing a comprehensive SASE solution today, but it’s the direction that cloud-based security is heading within the next few years.
What’s all this mean?
The cybersecurity trends in 2020 include both new threats and new ways to combat those threats. As the computing environment becomes increasingly complex, it’s more important than ever to pay close attention to network security, and to make sure the same controls you have on your internal resources are applied to your cloud-based resources. An IT or Cybersecurity Risk Assessment can help you find gaps in your overall network security. Contact us for if you’re concerned your organization isn’t doing enough to secure its users or data.
Founded in 1999, Xamin offers industry leading managed IT services to financial institutions as well as other highly regulated and reputation-sensitive industries. The organization provides a suite of technology solutions including infrastructure, security, cloud, data protection and professional services. Xamin specializes in transforming IT to a revenue driving capability for an organization rather than a cost and compliance challenge. Its consultative, “white glove” approach ensures its services meet the needs of the customer and auditors. Xamin has committed annually to the examination and reporting of controls in a service organization under the SOC2 Type II certification. Xamin is a subsidiary of Mowery & Schoenfeld, a comprehensive accounting and advisory Firm.