Phil Robinson, December 23rd 2021
Many businesses will still be grappling with the seismic shifts of the pandemic as they eye 2022. The rush to roll-out systems to support home working and to activate virtual versions of real-world business channels saw unprecedented digital transformation equivalent to years achieved in just a few months. But this rapid expansion came at a cost, leaving systems and networks overly exposed.
We’re already seeing the manifestation of more attacks, with the World Economic Forum reporting a 50.1% increase in cyber attacks due to the pandemic with 30,000 related to COVID-19 as well as huge spikes in phishing and ransomware. This has caused many organisations to task their security teams with retroactively fixing any security gaps.
Our top three issues to address going into 2022 and beyond include:
Research claims 90% of businesses are now susceptible to attack due to misconfiguration so businesses need to identify and assess how well configured cloud systems are to enforce access restrictions, overly permissive storage policies, clamp down on compliance, apply least privilege and practice credential hygiene, and look at virtual network functions. At the same time, they can’t afford to stand still and need to continue to expand their cloud presence to remain competitive, so will need to focus on how they can continue to build-out in the cloud but in a more resilient fashion.
2. Ransomware and phishing
Ransomware-as-a-service or RaaS gaining ground, synonymous with groups such as DarkSide, Babuk and Cuba. These attacks typically involve the installation of malware which comes about by employees installing new software or through the security team failing to lock-down admin privileges.
Phishing can vary, from scatter gun email phishing, to targeted spear phishing, or text based attacks known as “smishing” . These attacks usually involve the attacker emailing or co-ercing an employee to execute a malicious file or visit a website to provide their credentials. This then allows the attacker to establish a command-and-control (C&C) server connection within the environment to establish a further foothold and attempt to escalate privileges. A recent example is the texts and emails offering an NHS pass/certificate for travel purposes with a request for payment (even though these are legitimately available for free via the NHS app).
Regularly educating users on how to spot phishing attacks and not to click on suspicious links or execute unknown attachments is imperative and you can make this relevant by running a test to see how many do fall foul of a staged attack.
When it comes to the user device, businesses need to protect user workstations with anti-virus and EDR (Endpoint Detection and Response) solutions and to prevent the execution of unknown files or scripts as well as ensuring that all Operating Systems and applications are kept up to date.
You can also stop a lot of this from getting through in the first place by blocking unnecessary file attachments at the email gateway or cloud solution (e.g. macro files, htm/html files, executable files/scripts) and marking inbound email as ‘EXTERNAL’. But you also need a failsafe so that in a worst-case scenario you’re prepared so ensure offline backups/snapshots are being made of critical data and regularly test that these can be restored.
3. Abuse of collaboration tools
We expect to see increased attempts to copy common notifications sent from business services such as Office 365 (e.g. sharing and encryption emails). Attackers could start utilising alternatives to email to attempt to deliver payloads and this could include messaging systems such as Teams. Additionally, there will be more attempts to exploit open file sharing mechanisms such as Onedrive and Sharepoint sites that allow guest access, which is more common than you might think.
If you’d like help with attack mitigation or remediation, cloud configuration or advice on how to make remote working more secure, email us at contact@prisminfosec.com or call 01242 652 100 for a one-to-one consultation.
