Cybersecurity Predictions for the Year Ahead
By Jeremy Ho, Vice President – APAC, Attivo Networks.
2021 looks to be the banner year of cybersecurity attacks as organisations continue their remote ways of working. As the COVID-19 pandemic forced organisations into accelerating their digital transformation efforts, automation and cloud computing adoption have rapidly increased with the uptake of digital tools in workplaces.
Moving into 2022, organisations will face an ever-evolving, more complex cybersecurity landscape. By understanding what the future holds with relevance to cybersecurity threats, organisations can pave their way into tackling these threats head-on when the onslaught arrives.
The rise in human-operated attacks demands organisations to take on a multi-faceted approach to security
Historically, ransomware attackers were automated affairs with malware charting pre-programmed attack paths to infect and disable as many systems as possible. However, today’s ransomware attacks have become more sophisticated human-operated activities.
Actively controlled by human threat actors, this form of ransomware has been able to bypass traditional cybersecurity defences, requiring massive logs and data for post-attack analysis, almost akin to “looking for a needle in a haystack”.
This evolution has led to more organisations deliberating new approaches to cybersecurity, such as adopting deception tactics. Imagine presenting burglars with a posh cabinet overflowing with jewellery, tempting them to pick the lock. However, this is actually a ploy to misdirect the intruders by presenting them with less valuable assets.
Many organisations adopt similar deception ploys, attempting to trick attackers by distributing traps and decoys across a system’s infrastructure to imitate genuine assets while creating a paradigm to hide critical data.
We expect deception technology to continue gaining popularity in the new year as it can act as a magnet to “draw out the needle”, removing threats entirely in real-time. More organisations will also build on identity security programs and existing cybersecurity defences to guard against increasingly sophisticated cyber threats.
Ransomware attacks continue to evolve and become more targeted
Every industry is keeping a close watch on ransomware developments. In particular, Active Directory (AD), with all the privileges and credentials that it holds, has become a high-value target for attacks. Yanluowang recently appeared in Asia, the latest targeted ransomware attack that enumerates Active Directory.
Countries are also guarding their critical infrastructure systems such as power generation and water treatment facilities to uphold national security, with critical infrastructure systems becoming the next prime target. A cyber-espionage group recently targeted four critical infrastructure organisations in a Southeast Asian country, trying to source information about SCADA systems which typically control and manage production lines and industrial equipment.
Additionally, technologies like cryptocurrencies and blockchain have made it significantly easier for cybercriminals to collect ransoms anonymously from organisations without being traced. With human threat actors able to control malicious software – finding vulnerabilities, overcoming defences, and maximising the impact of their attacks – we expect that attackers will continue to target the bottom line and seek monetary returns.
Ransomware 2.0 will continue to hit organisations hard as attackers use money theft, data theft, and business disruption to obtain profits. Organisations face significant costs as the average ransom organisations pay in the Asia Pacific is US $1.23 million. As ransomware evolves and the stakes rise, more organisations will gear up against ransomware infiltration before it can do excessive damage.
Both attackers and defenders will continue to build their own alliances
Recently, we have witnessed the entrance of a new class of attackers with the formation of criminal groups like DarkSide and REvil gathering individual hackers to strengthen their destructive capability. Notably, criminal group ALTDOS has used double extortion techniques to extract ransom from companies in Singapore, Thailand, and Bangladesh, including real estate firm OrangeTee and furniture retailer VHIVE.
With the rising threat of ransomware, organisations and governments are coming together to combat ransomware alongside emerging cybercriminal groups exploiting new opportunities.
Singapore has continuously improved its OT Cybersecurity Masterplan to enhance the security and resilience of Singapore’s critical sectors and strengthen partnerships with stakeholders. Last month, US President Biden gathered officials from 30 countries, including Singapore, to form a Counter-Ransomware Initiative in an alliance to fight against cyberattacks and other cybercrime.
These are the first crucial steps, and we expect to see more regional and international efforts as allies continue to pool resources together to combat this pressing issue.
Identity and trust gain prominence in the new normal
Hybrid workplace and technology trends from 2021, such as remote working and the ubiquity of SaaS and IoT, are here to stay. A common thread among these trends includes a need to identify and distinguish unique users and devices as well as threat actors impersonating employees.
Credentials (60%) remain among the most sought-after data types by attackers. Recently, ransomware attacks hit Taiwanese computer giant Acer, reportedly stealing the login details of at least 3,000 Acer retailers or distributors.
With the world re-emerging from the pandemic into a new sense of normalcy, we expect identity and credentials to become even more important. This trend has renewed focus on the zero trust model for identity security, which advocates verifying every user or device while granting just enough access to do their work.
A key lesson learned from this ongoing ransomware epidemic is that taking care of the fundamentals can alleviate most cybersecurity issues and vulnerabilities — only by building a firm foundation can organisations effectively defend themselves. For example, they can secure access to systems by ensuring that every person who has access to data, applications, and networks must adhere to basic cybersecurity hygiene.
As the work-from-home trend continues, organisations should tightly guard identities and credentials by reducing access to critical corporate data from home and increasing authentication standards. Organisations also need to go through the crisis drill, ramp up monitoring for any suspicious activities within the network, and have a contingency plan to deter cybercriminals.
Organisations will look to regain visibility in the cloud
Over the past year, the rapid deployment and expansion of cloud technology have led to a dangerous level of over provisioning of the privileges as well as the rise in misconfigurations in the AD, creating vulnerabilities that cybercriminals are only too eager to exploit. These additional attack surfaces and misconfigurations can arise as companies merge and grow in scale while migrating legacy configurations.
Within organisations, business units are also getting powerful, creating their own cloud instances and credentials as they operate. However, creating these instances can open gaps to create cybersecurity loopholes, and security teams are often unaware of these developments.
Many cybercriminals, especially those who have worked in similar organisations, intimately know these too often neglected blind spots. As such, they are targeting these exposed areas as a way to gain entry to the network and access to Active Directory to escalate privileges and gain domain dominance.
In 2022, organisations will increasingly look to tools such as Identity Detection and Response (IDR) solutions to gain visibility to vulnerabilities that exist on-premise, remotely, and in the cloud, rectifying loopholes. By doing so, organisations can conduct systematic assessments and implement capabilities to detect live attacks that target the AD so that teams can respond quickly.
With increased visibility, organisations can define an effective strategy to remove exposures, minimising the time, effort, and cost needed to resolve cybersecurity emergencies.
At present, there is no longer a one-size-fits-all approach to defending against cyberattacks, especially in APAC, where organisations are at different levels of cyber-maturity. APAC organisations must thus understand the cybersecurity landscape and predict its evolution, so they can set up traps and speed bumps along the way to slow down, or even prevent, the next big attack.
Read the original article on Cybersecurity Asean.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise