The Dangerous New Normal

Covid19 has created a rich environment for cyber criminals to thrive due to the combination of the shift to working from home, ‘digital transformation’, the boom in e-commerce and rising geopolitical tensions. In this ‘new normal’ everyone is a target. The pandemic has helped reveal that the common denominator between governments, car manufacturers, pharmaceutical agencies, and indeed all of us, is just how vulnerable systems are to attack.

This daunting time for businesses and governments should be seen as a window of opportunity to shore up cyber defences against these threats. More sophisticated preparedness and mitigation strategies are key to reduce the impact of cyber attacks.

Types of Attacks

Ransomware

So far ransomware attacks have been the most common type of attack carried out by cyber criminals, having increased by up to 90%. High-profile ransomware victims have included Honda and the city of Florence, Alabama, but the most recent ‘big news’ attack targeted GPS smartwatch business Garmin. Garmin were offline for three days and reportedly paid a $10M ransom to Russian criminal gang Evil Group. Without more urgent investments in cyber security, we expect more such high profile attacks to succeed, as you can read in the full story from Wired’s article. Despite no significant increase in new malware, an increased number of employees working from home rewarded adversaries with a larger attack surface of systems to target.

IoT Infrastructure Attacks

Since January, SonicWall’s 2020 Cyber Threat Report recorded 20.2 million IoT attacks; January, February and March each racked up more attacks than their 2018 and 2019 counterparts combined. Basic, essential items in the home such as WiFi routers connect to endpoints that connect to corporate networks, which then provide cyber criminals with access to large corporate networks. A lack of awareness on cyber hygiene and overall cyber security has further contributed to this issue.

Encrypted Malware

Regular security controls such as legacy firewalls lack the capacity required to detect, inspect and mitigate cyber-attacks sent via HTTPS traffic, making this a highly successful avenue for hackers to deploy and execute malware within a target environment. The total amount of encrypted threats in June, 378,736, is not only the highest number recorded in all of 2020, it’s also higher than at any point in the latter half of last year.

Remote Desktop credentials

A further cause of concern, highlighted by McAfee, relates to weak policies implemented by organisations to facilitate a virtual working environment via Remote Desktop Protocol (RDP), one of the most used breach vectors. For cyber criminals, this is an easy way to quickly spread malware, spam, or perform other malicious activities. The number of RDP ports exposed to the internet grew from 3 million to 4.5 million from January to March 2020. This led to a growth in attacks against RDP ports as well as an increase in the volume of RDP credentials sold on underground markets. Countries linked to the highest number of stolen credentials include China, Brazil and Hong Kong, the main issue being weak passwords. This further stresses the need for greater compliance and security measures to be implemented in a virtual working environment.

Policy Reform

The volume and variety of attacks over the last 6 months has transformed the threat landscape and bamboozled policy makers seeking to tackle this issue, compounded by the proliferation of criminal forums and closed networks that allow cyber-criminals to work together with impunity and without concerns relating to physical location. A recent report by RUSI, Rethinking the UK response to Fraud: Key Policy Challenges, emphasised that a range of expertise must be leveraged across the law enforcement, financial and cyber industry to successfully fight cyber crime.

This is particularly significant as data-sharing is restricted across many national boundaries, hindering collaboration between law enforcement agencies and governments’ ability to adequately tackle cyber criminals. As for the global pandemic has highlighted, international collaboration is key to addressing cyber crime. However, as the UK seeks to redefine its international position post-Brexit, grand, long-term policy solutions around data sharing may take too long to come into fruition. Smaller fixes are needed sooner.

Short Term Solutions

Preparedness: Business Continuity Plan (BCP)

Some changes can be implemented by organisations at a micro level. Organisations should seek to integrate better cyber resilience practices by updating their BCPs. Greater emphasis should be placed on threat intelligence analysis to provide up to date risk assessments factoring in particular impacts related to the pandemic. This includes a need to re-imagine BCPs by developing human and technical resources that provide more guidance to employees on dealing with these new types of risks. Communication between IT managers, employees, customers, suppliers, and external stakeholders such as legal teams, should be consistent and transparent to address potential liability issues resulting from the rising number of threats.

Mitigation: Intelligence-informed Cyber Defence

As the number of threats to be analysed by cyber security professionals continuously expands, solutions leveraging the MITRE ATT&CK threat intelligence framework are needed efficiently operationalise this preferred source of knowledge on adversary tactics and techniques. Artificial intelligence and machine learning in cyber threat intelligence that incorporates ATT&CK and integrates with other security technologies can effectively mitigate the complexity and variety cyber security threats that defenders need to tackle, without adding even more to the workload of cyber threat analysts.