Cybersecurity Threats

What are today’s top cybersecurity threats to watch for?

While cybersecurity threats are constantly in flux, these are some of the most notorious and pervasive types of cyber threats to watch for in the current marketplace:

• Phishing: Once largely limited to badly written phishing emails, these threats have exploded in popularity and sophistication, with social engineering attacks delivered on desktop computers and mobile devices via voice call, text message and social media. These attacks are achieving a greater level of success: The Federal Trade Commission states that 4.8 million identity theft and fraud reports were filed in 2020, up 45% from 2019, with phishing accounting for 44% of all cyberattacks. Nuanced attacks like spear phishing, in which miscreants go after high-profile targets, are also on the rise.
  
• Ransomware: In a ransomware attack, a cybercriminal installs a piece of malware on a computer or server (usually a business target), which encrypts the sensitive information it finds. The attacker then demands a ransom in order to decrypt the data, usually in the form of untraceable Bitcoin payments. Some $25 billion in ransoms were demanded worldwide in 2019, with total remediation costs and damages approaching $170 billion. Extreme ransomware attacks can knock out a company’s supply chain, production capabilities or ability to operate.
  
• Botnet attacks: Botnets have historically been used to launch denial-of-service attacks (DoS) or distributed denial-of-service (DDoS) attacks as well as to surreptitiously take over enterprise computing resources, usually in order to mine for cryptocurrencies. NetScout reported that the total number of DDoS attacks crossed 10 million last year for the first time. Enterprises are at risk not only from being the target of botnet attacks, but also from having bot malware installed on their own networks.
  
• Cloud-based exploits: Attempts to exploit cloud resources are on the rise as organizations have continued to migrate services to the cloud and expand on cloud infrastructure. As in other exploits, hackers often intend to use infected corporate cloud-based resources to steal data or mine for cryptocurrency. Cloud-based attacks have exploded in popularity, up 250% in 2020.
• Work-from-home-specific attacks: Restrictions related to the COVID-19 pandemic sent millions of corporate workers home to work for a year or more. Because users’ home security hygiene is usually not as thorough as it is at the enterprise level, this has opened the door for attacks that target insecure Wi-Fi networks, easily cracked passwords and even the physical theft of devices such as laptops and smartphones.
• Nation-state attacks: The headline-grabbing SolarWinds attack, which unfolded in 2020, is believed to have been initiated by Russian intelligence. During the attack, cybercriminals implemented backdoors into the networks of dozens of international companies and government agencies that gave them persistent access for almost a year before being detected. This underscored the need for strategies to proactively counter these sophisticated cyber-espionage operations.

(from FTC link: 4.8 million identity theft)

How have modern cybersecurity threats evolved?

As cybersecurity threats have exploded in volume over the last year, they have also become increasingly sophisticated and targeted. Cybercriminals commonly leverage publicly available information such as social media data to engage in identity theft and easily crack passwords. With this data commonly available on the black market, it’s easier than ever for cyberattackers to fill in any information gaps about a prospective target.

Meanwhile, the technology available to power these attacks is becoming more ubiquitous. Malicious actors are able to use the same types of resources as any enterprise, including cloud computing, artificial intelligence (AI) and distributed computing resources, to increase the likelihood of a successful attack. As the attack surface of the typical enterprise has increased in size through the proliferation of IoT devices, cloud infrastructure and employee use of personal devices, targets face a greater level of risk than ever before.

What are some objectives of a cybersecurity attack?

Cyberattackers’ motives have evolved over the years, but they generally follow some well-worn themes, including the following:

• Money: The ultimate goal of most attacks, directly or indirectly, is financial gain. This can be achieved through the theft of banking credentials, credit card numbers, broader identity theft or direct theft of monetary resources, such as cryptocurrencies.
  
• Data: This includes the theft of personal information (such as Social Security numbers, medical insurance records and others) or corporate data (including intellectual property, source code, customer records and more). The attacker’s main objective for this data is to either use it to perpetrate more attacks or sell it for financial gain.
  
• Computing resources: Cyber attackers often aim to use the available enterprise computing power to launch more attacks, either through the traditional data center or via the cloud. These resources are commonly used to mine for valuable cryptocurrencies or run botnets that execute malware or other malicious code to launch DDoS attacks
  
• General chaos: While less common, some attacks are still undertaken to create havoc and cause damage and distress to victims. Attacks against water systems, electrical grids and other critical infrastructure fall into this category.
  

Malware describes a broad range of malicious applications designed to cause damage to a computer system or network. A type of malware could include viruses and trojan horses (malicious snippets of code hidden within legitimate code), zero-day threats, backdoors (methods for bypassing standard login procedures), keyloggers (code capturing everything a user types, including login credentials), spyware (applications designed to quietly collect a user’s personal information and working habits without their knowledge), man-in-the-middle attacks (an eavesdropping attack where attackers disrupt a data transfer or type of communication) and adware (designed to deliver or replace advertisements with the attacker’s own ads). 

Malware can result in a wide range of problems for victim users and enterprises. In some cases, malware may go unnoticed for months or years, quietly stealing information or generating advertisements on users’ web browsers. Malware may lay low until it is called into the service of a botnet. Most of the time, however, malware is an immediate problem that must be dealt with quickly. It can wreak havoc on a user’s PC by destroying or encrypting files and holding them for ransom; flooding the user’s screen with ads or other pop-ups that render the computer unusable; or turning the victim’s machine into a spam-spewing robot that infects the victim’s contacts. Cybercriminals are continually developing new forms of malware designed to evade security defenses, fly under the radar and erase their tracks.

Malware is delivered via a variety of methods, historically via email attachment. (As recently as 2018, PurpleSec reported that email was still responsible for 92% of malware infections.) But malware can also be delivered via infected web pages that trick the user into downloading a malicious app. Malicious text messages may direct a user to a compromised web page, and malicious apps that appear legitimate can infect a victim’s smartphone. Cybercriminals may even call a victim on the phone and trick them into visiting an infected webpage or giving them remote access control over their PC, at which point malware may be introduced to the system.

Malware can infect Microsoft Windows PCs, MacOS computers, smartphones, tablets or any other type of computing device. In short, no device is safe from malware.

What is ransomware? How does it work?

Ransomware is a malicious cyberattack with two parts. In the first part of the attack, cybercriminals insert malware that encrypts files onto the victim’s computer or network, locking the user out. The second part of the attack involves extortion: Ransom is demanded from the victim in exchange for decrypting the files and returning them to the user. The attack preys on unpreparedness and panic: Victims that have not properly secured their systems are unlikely to have backups, which can leave them desperate for a fix. Anti-malware software cannot undo a ransomware attack once the files are encrypted, so victims often end up having no choice but to pay the ransom. Ransom costs can range anywhere from a few hundred dollars to tens of thousands of dollars, usually denominated in Bitcoin, which can’t be traced. There’s also no guarantee that attackers will decrypt a victim’s files if the ransom is paid. One recent report found that slightly less than half of victims who paid the ransom were successfully able to get their data back.

Ransomware attacks date back to the mid-2000s, but it wasn’t until 2016 that ransomware became a major problem, put into the spotlight by the notorious WannaCry attack that claimed around 200,000 victims. These types of massive ransomware attacks that extort money from intended targets — in particular hospitals and healthcare organizations — is on the rise due to the substantial financial payouts that attackers can net.

How do today’s cyber threats affect businesses? What are some of the possible outcomes of a cyberattack?

Successful cyberattacks can have a significant impact on a business, including the following:

• Financial loss: During successful attacks, businesses can directly lose funds from their bottom line. Remediating damage due to a cyberattack can also be costly.
  
• Reputational damage: When breaches occur, particularly those that result in loss of customer data, the business’s reputation can be seriously harmed in the aftermath (in the form of news reports, customer attrition, loss of business and compliance violations). The bigger the breach, the bigger the risk of damage to the business’s reputation —  and its prospects of gaining future customers.
  
• Operational issues: Many attacks can bring critical systems to a standstill, impacting the business’s ability to operate. These systems may include manufacturing control systems, payment processing systems or other essential computer systems.
  
• Lawsuits and regulatory fines: Privacy violations due to stolen customer records frequently result in steep regulatory penalties, class-action lawsuits and governmental fines. A breach can also cause insurance rates to rise for the business under attack.

Security Defenses

What are the most common cybersecurity defenses? Which cyber defenses should you invest in for today’s cyber threats?

A strong collection of security solutions to combat today’s threats should include:

• Firewall: The first line of defense against external threats, a firewall prevents malicious traffic from entering the internal network.
  
• Anti-malware: Typically an endpoint-based tool, anti-malware applications scan incoming applications, messages and documents to ensure they are not infected with malware.
  
• Penetration testing and network vulnerability analysis: These probe your network to assess the level of security.
  
• Intrusion detection: The counterpart to penetration testing tools, these tools monitor your network to determine if an attacker has successfully breached the network perimeter.
  
• Authentication: Modern versions of these systems use AI to detect unusual user behavior to determine if users are who they say they are.
  
• Password auditing: These tools alert users and system administrators to change passwords if they are discovered to be easily hackable.
  
• Encryption: If an attacker does make it into your network or absconds with a piece of hardware, encryption can prevent access to sensitive data.
  
• Cloud security systems: These tools are specifically designed to secure cloud-based resources, as opposed to data stored in on-premise systems.

Naturally, the final piece of the puzzle is that all of these tools must be managed by a capable and well-trained security operations (SOC) team along with a strong cybersecurity strategy.

What are common cybersecurity best practices?

Cybersecurity has evolved to address the myriad of threats and attacks that the typical enterprise faces every day. Some of the best practices for securing the enterprise include:

• Audit your systems and document your security regimen: Start with a detailed audit of every system on the network, the level of risk you face if attacked and how you intend to protect your data. A variety of toolkits, such as the FCC’s Cyber Planner, are available to help guide you.
  
• Educate users on the realities of phishing: Phishing remains the primary path for attackers to gain access to a network. Much of this can be prevented if users are educated about how phishing works, what to look for and behaviors to avoid (such as opening attachments).
  
• Audit passwords and enforce strong password usage: Weak passwords are incredibly easy to breach, including all  “dictionary words.” Even multiple words with numerals that replace similar-looking letters, or words with trailing digits, are no longer considered safe. As cryptographer Bruce Schneier writes, “Pretty much anything that can be remembered can be cracked.”
  
• Invest in cybersecurity tools: The defense systems outlined in the previous section are essential tools for businesses of any size. And you should have a plan for rolling them out.
  
• Monitor third parties: If you work with cloud computing services, it’s important to keep tabs on security breaches and any vulnerabilities associated with the service, and make sure that your data is appropriately protected.
  
• Back up data religiously: Ensure backups are done daily (or more frequently) and stored in a separate location, protected by unique login credentials.
  

What are the different ways of preventing a cyberattack?

Preventing a cyberattack requires ongoing diligence and vigilance. These tips can help keep you protected:

• Understand your risk level: Small businesses and medium-sized consumer businesses without significantly valuable digital assets are still at risk of attack. (In the past year alone, 47% of small businesses experienced a cyberattack.) If your business lost all of its digital data overnight due to a cyberattack, would you be able to continue to operate? How would you recover?
  
• Training is crucial: Ensuring that all employees understand risks as well as security best practices and policies will go a long way in protecting the organization.
  
• Patch all software and hardware: Successful exploits commonly occur when an enterprise fails to apply a patch (a piece of software that corrects a vulnerability),  even if the patch is already released.
  
• Lock down physical access: All the digital security in the world will be ineffective if a thief can physically break into your building and steal the equipment.
  
• Offer access only to needed resources: Marketing employees do not need the same level of network access as accounting personnel. Partition access to services and provide it only on an as-needed basis.
  
• Install security measures and regularly audit systems: Running a collection of network monitoring, anti-malware and intrusion detection tools can go a long way toward preventing cyberattacks. Audit your security monitoring systems regularly to ensure they are operating as expected.

What is the future of cybersecurity?

Cyberattacks will undoubtedly continue to worsen, particularly as companies embrace work from home protocols on a permanent basis. One estimate pegs the total cost of cybercrime worldwide at over $10 trillion by 2025. The need to protect the enterprise at every potential point of entry will be increasingly crucial as time goes on and attackers continue to shift their tactics. Meanwhile, risk is increasing and damages from successful attacks are on the rise. Looking ahead, it’s clear that every enterprise needs to make security a primary concern.

More resources:

• Splunk Top 50 Security Threats
  
• The SOAR Buyer’s Guide
  
• Getting Started with Security Automation and Orchestration
  
• Advancing Security Operations at Penn State University with Phantom Automation
  
• Splunk® Enterprise Security
  
• Strengthen your cyber defenses
  
• Splunk Enterprise (SIEM): Why Splunk For Security?
  
• Top In-Demand Cybersecurity Skills in the Upcoming Years
  
• Splunk for Security
  
• The Business of Cybersecurity: How Security Programs Drive Business Results
  
• Focusing on Cybersecurity Policies
  
• Splunk and the Cybersecurity Framework
  
• Bring Data to Every Security Challenge
  
• Security Analysis: Detect, Analyze and Respond
  
• Using Splunk to Develop an Incident Response Plan
  
• Security Monitoring