Tactics for tackling cyber threats in 2022
By Jeremy Ho, Vice President – APAC, Attivo Networks.
2021 looks to be the banner year of cybersecurity attacks as organisations continue their remote ways of working.
Moving into 2022, organisations will face an ever-evolving, more complex cybersecurity landscape. By understanding what the future holds with relevance to cybersecurity threats, organisations can pave their way into tackling these threats head-on when the onslaught arrives.
Human-operated attacks are calling for
Today’s ransomware attacks have become more sophisticated human-operated activities. Actively controlled by human threat actors, this form of ransomware has been able to bypass traditional cybersecurity defences, requiring massive logs and data for post-attack analysis, almost akin to “looking for a needle in a haystack”.
This evolution has led to more organisations deliberating new approaches to cybersecurity, such as adopting deception tactics. Imagine presenting burglars with a posh cabinet overflowing with jewellery, tempting them to pick the lock. However, this is actually a ploy to misdirect the intruders by presenting them with less valuable assets.
Many organisations adopt similar deception ploys, attempting to trick attackers by distributing traps and decoys across a system’s infrastructure to imitate genuine assets while creating a paradigm to hide critical data.
We expect deception technology to continue gaining popularity in the new year as it can act as a magnet to “draw out the needle”, removing threats entirely in real-time. More organisations will also build on identity security programs and existing cybersecurity defences to guard against increasingly sophisticated cyber threats.
Ransomware evolving and becoming more targeted
Every industry is keeping a close watch on ransomware developments. In particular, Active Directory (AD), with all the privileges and credentials that it holds, has become a high-value target for attacks. Yanluowang recently appeared in Asia, the latest targeted ransomware attack that enumerates Active Directory.
Additionally, technologies like cryptocurrencies and blockchain have made it significantly easier for cybercriminals to collect ransoms anonymously from organisations without being traced. With human threat actors able to control malicious software – finding vulnerabilities, overcoming defences, and maximising the impact of their attacks – we expect that attackers will continue to target the bottom line and seek monetary returns.
As ransomware evolves and the stakes rise, more organisations will gear up against ransomware infiltration before it can do excessive damage.
Alliances for forming (from both sides)
Recently, we have witnessed the entrance of a new class of attackers with the formation of criminal groups like DarkSide and REvil gathering individual hackers to strengthen their destructive capability. Notably, criminal group ALTDOS has used double extortion techniques to extract ransom from companies in Singapore, Thailand, and Bangladesh.
With the rising threat of ransomware, organisations and governments are coming together to combat ransomware alongside emerging cybercriminal groups exploiting new opportunities.
Singapore has continuously improved its OT Cybersecurity Masterplan to enhance the security and resilience of Singapore’s critical sectors and strengthen partnerships with stakeholders. Last month, US President Biden gathered officials from 30 countries, including Singapore, to form a Counter-Ransomware Initiative in an alliance to fight against cyberattacks and other cybercrime.
These are the first crucial steps, and we expect to see more regional and international efforts as allies continue to pool resources together to combat this pressing issue.
Identity and trust back in style
Hybrid workplace and technology trends from 2021, such as remote working and the ubiquity of SaaS and IoT, are here to stay. A common thread among these trends includes a need to identify and distinguish unique users and devices as well as threat actors impersonating employees.
Credentials (60%) remain among the most sought-after data types by attackers. Recently, ransomware attacks hit Taiwanese computer giant Acer, reportedly stealing the login details of at least 3,000 Acer retailers or distributors.
With the world re-emerging from the pandemic into a new sense of normalcy, we expect identity and credentials to become even more important. This trend has renewed focus on the zero trust model for identity security, which advocates verifying every user or device while granting just enough access to do their work.
As the work-from-home trend continues, organisations should tightly guard identities and credentials by reducing access to critical corporate data from home and increasing authentication standards. Organisations also need to go through the crisis drill, ramp up monitoring for any suspicious activities within the network, and have a contingency plan to deter cybercriminals.
Regain visibility in the cloud
Over the past year, the rapid deployment and expansion of cloud technology have led to a dangerous level of over-provisioning of the privileges as well as the rise in misconfigurations in the AD, creating vulnerabilities that cybercriminals are only too eager to exploit. These additional attack surfaces and misconfigurations can arise as companies merge and grow in scale while migrating legacy configurations.
Within organisations, business units are also getting powerful, creating their own cloud instances and credentials as they operate. However, creating these instances can open gaps to create cybersecurity loopholes, and security teams are often unaware of these developments.
Many cybercriminals, especially those who have worked in similar organisations, intimately know these too often neglected blind spots. As such, they are targeting these exposed areas as a way to gain entry to the network and access to Active Directory to escalate privileges and gain domain dominance.
In 2022, organisations will increasingly look to tools such as Identity Detection and Response (IDR) solutions to gain visibility to vulnerabilities that exist on-premise, remotely, and in the cloud, rectifying loopholes.
With increased visibility, organisations can define an effective strategy to remove exposures, minimising the time, effort, and cost needed to resolve cybersecurity emergencies.
At present, there is no longer a one-size-fits-all approach to defending against cyberattacks, especially in APAC, where organisations are at different levels of cyber-maturity. APAC organisations must thus understand the cybersecurity landscape and predict its evolution, so they can set up traps and speed bumps along the way to slow down, or even prevent, the next big attack.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise