Cyber threat intelligence can be your strongest weapon in the fight against cybercriminals, writes Dr George Papamargaritis, MSS Director at cyber firm Obrela Security Industries.
The pandemic has brought about countless challenges to businesses and decision-makers across the globe, creating new obstacles that vary depending on industry. Throughout the past several years, Obrela Security Industries has been actively monitoring the attack landscape and key industry verticals to establish an annual threat intelligence report to help businesses prioritise risk in an increasingly complicated world. This data helps Obrela provide its customers with security analytics and risk management services to identify, analyse, predict, and prevent highly sophisticated security threats in real time.
However, first, one must understand exactly what threats you should be focusing on depending on geo-location, digital transformation policy and industry of operation. Throughout this piece, we will be discussing how cybercriminals pivoted their attentions to vulnerable aspects of business following mass migration to remote working. This was achieved by comparing yearly data obtained from the cybersecurity Threat Hunting teams based within the Obrela security operations centre (SOC) to understand how cyber threats are evolving. To obtain a deeper grasp of the threat landscape, one must first understand what this entails. There are five aspects of attack landscape that should be considered as critical, and these are:
– System or perimeter breachers;
– External web attackers;
– APT and malware attackers;
– Inadvertent actors and malicious insiders; and
– Email attacks such as phishing or BEC scams.
How has remote working impacted the cybersecurity threat landscape?
We have been inundated by a host of novel buzzwords like “WFH” and the “New Normal”, however it can be difficult to truly grasp the cybersecurity implications of these epoch-defining concepts. So, what does this “new normal” look like?
In practical terms, we have seen a dramatic shift in several critical attack vectors when comparing 2019 and 2020 as a direct result of pandemic response. Most noticeably, and perhaps unsurprisingly, as 2020 unfolded, many businesses were forced to adapt to remote working in order to prioritise business continuity, however this unfortunately comes at the expense of security. Many businesses are failing to educate employees on security best practices, or simply not providing them with the security tools needed to protect their own personal information, or corporate intellectual property.
Email Attackers: 2019 versus 2020:
The volume of email attacks have dramatically risen in 2020 compared to the previous year. Indeed, we have seen more than a 210pc increase in the number of email attacks within the allotted time. One may attribute this significant rise to the dispersed workforce.
Interestingly, the sharp rise in email attacks came in the first quarter of 2020 as there was an increase of more than 216% compared to the first quarter of 2019. The volume of email attacks goes on to rise each quarter to a 247pc increase in Q2, 2020 and 294% in Q3 of the same year. One may correlate the increase of this cybercriminal activity to international responses to the pandemic. Indeed, practically every European country initiated at least one form of national lockdown during the first quarter of 2020. Cybercriminals are opportunists who can spot vulnerabilities from miles away, and the pandemic offered perfect cover to deploy phishing campaigns playing on global uncertainty. Especially as workers are forced to work remotely without much preparation or cybersecurity training. This is all the more true when considering the threat landscape in the UK, where cybercriminals have been increasingly targeting retail operators with phishing attacks.
Inadvertent actors and malicious insiders: 2020 versus 2019:
It is no surprise that the confusion generated from the mass migration to remote work left businesses in the lurch, desperate to continue operations but unable to access established IT systems remotely. The number of insider threats was consistently higher throughout 2020 than the preceding year with a 20pc increase. While this is not as dramatic a jump as the email attacks of 2020, it still shows that businesses have a long way to go when it comes to identity and access management (IAM), especially as legacy office IT systems become redundant. Moreover, when you compare the final quarters of 2020 and 2019, there is an increase of nearly 30pc, emphasising a decisive strategy pivot from cybercriminals.
System and perimeter breaches
The rise in perimeter attacks drastically decreased in 2020 compared to 2019 as many businesses may have been forced to adopt digital transformation faster than originally planned. In many cases, this migration has been a temporal measure to support massive remote working during the pandemic, the pandemic may have just accelerated the process as many business leaders may prioritise business continuity and reactive digital transformation over security best practices.
The trend of “cloudyfing” traditional IT infrastructure has most likely been a considerable factor when considering the increase of perimeter breaches. When you compare the data from the final quarters of the observed years, there is a 59 per cent decrease in perimeter attacks as cybercriminals look to exploit business insiders and target weaknesses in email security instead of targeting traditional operational structures.
Advanced persistent threat (APT) and malware actors
Cybercriminal organisations have always been a threat to businesses that may process financial information or trade secrets. This activity has increased as nation-state hackers look to target critical national infrastructure, supply chains and high-profile enterprises. In fact, Obrela’s SOCs recorded a 23pc increase in APT and malware attackers as even large organisations and governments are not immune from a cyberattack.
While 2020 was a peculiar year for many different reasons, it has brought the discourse surrounding cybersecurity into the forefront of discussion. There are lessons that we must learn from this “new normal”, and unfortunately, the statistics are not encouraging. It is a sad truth that many businesses will not be able to learn from their mistakes as the financial and reputational implications of a cybersecurity incident can be catastrophic.
Unless businesses prioritise cybersecurity, we will see many more high-profile data breaches and security incidents hitting the headlines. To manage all cybersecurity risks adequately, organisations must prioritise cybersecurity budgets, or partner with a managed security service providers (MSSP) to identify, analyse, predict and prevent highly sophisticated security threats in real time, with confidence assured.
