Oct. 11, 2021
It’s October and that means it’s Cyber Security Awareness Month once again. Cyber security threats continue to evolve and proliferate at increasing speed. Opportunistic attackers are taking advantage of everything from remote working and cloud configuration errors to poorly defended operational technology protecting vital infrastructures. And they’re becoming more professional with models like ransomware-as-a-service.
DXC Technology has identified 10 threat types that are presenting major challenges to organizations worldwide. We’ve also outlined our top strategies for defending against these threats.
Top 10 cyber security threats
Businesses are facing threats from every direction, including:
- Supply chain threats. Supply chain attacks, such as the one experienced by Solar Winds, are particularly problematic because even if your own security is robust, they can infiltrate your environment through vulnerabilities in your suppliers’ security.
- Attacks on Linux and other non-Microsoft operating systems. Attackers are increasingly expanding beyond the Microsoft operating system. For example, Vermilion Strike rewrote the Cobalt Strike Windows red team tool to attack Linux systems.
- Persistence of major ransomware players. Major ransomware gangs such as the REvil ransomware-as-a-service operation do not generally disappear, but rather hibernate to avoid increased scrutiny or adopt new names. The ransomware-as-a-service model has enabled these groups to greatly expand their affiliate hackers and revenues.
- Remote work force vulnerabilities. In a recent survey, 67 percent of respondents said attacks had targeted remote workers and 74 percent said an attack had resulted from vulnerabilities related to COVID-19. It appears companies have not sufficiently adapted their security strategies in response to the new remote workforce reality.
- Cloud attacks due to misconfiguration. According to IBM, two-thirds of recent cloud breaches “would likely have been prevented by more robust hardening of systems, such as properly implementing security policies and patching systems.” Issues with credentials and policies “trickled down to the most frequently observed initial infection vectors (including) improperly configured assets, password spraying, and pivoting from on-premises infrastructure.”
- Zero-day threats. New security vulnerabilities not matching any known malware signature have reached new highs this year, with at least 66 zero-day viruses and other malware found in use already.
- Threats to operational technology (OT) systems. Attacks on OT devices – such as the Colonial Pipeline compromise – skyrocketed 46 percent this year. Utilities and manufacturing sectors are particularly at risk. Cyber security measures for OT are still weak or nonexistent in many cases.
- Brand abuse attacks. In almost half of these fraud attacks, cybercriminals impersonated credible brands to harvest consumer login credentials or personal data. These attackers spoofed digital content and experiences by creating fake social media profiles, rogue mobile apps or hoax websites.
- Ransomware recovery key destruction. Some ransomware gangs such as Grief and Ragnar Locker have threatened to delete victims’ decryption keys if an organization involves authorities or a negotiation firm, rendering data unrecoverable.
- Zero-click mobile threats. These insidious attacks, which enable malware to install itself on a victim’s device without the person clicking on a link, are on the rise for Android and Apple devices.
The best defense: good cyber hygiene
In DXC’s experience, the best defense against sophisticated emerging threats is to get the basics right. Simple mistakes such as misconfigured cloud settings, weak passwords, and unpatched or outdated software can lead to major operational disruption and data leaks.
Follow these fundamental security hygiene practices to ensure you’re well-fortified against both known and emerging cyber security threats:
- Get configurations right. Review your configuration management database (CMDB) and plan a decision process that defines security tiers from most to least secure.
- Monitor the security controls that you set up. If an alert is triggered but no one quickly notices it, the hackers will have time to gain a foothold in your environment.
- Improve identity management. Problems often result from having too many highly privileged accounts, especially if some are disabled or unused, or from a lack of multifactor authentication.
- Know your crown jewels. Determine which assets are essential for the organization’s survival and which are less critical, then assign security controls accordingly.
- Increase visibility into third-party suppliers. Identify, document and define the risks associated with all your third-party suppliers and service providers.
- Keep up with patching and updating. Establish good coordination between the IT department and the security organization so you can verify that software and operating systems patching directives are carried out across the entire organization by operational IT teams.
- Keep and secure reliable backups. Perform regular, complete backups for all essential systems and isolate them to protect from attacks. Know how to rebuild quickly from the backup and perform disaster recovery exercises regularly.
- Build security into all new applications and solutions. Security should not be a second thought; it’s more effective and ultimately simpler to build it in from the start, using native capabilities of your cloud platforms and operating systems when possible. Validate security once new systems go live with penetration testing and vulnerability scanning.
Subscribe to DXC's monthly report on the latest threats, breaches, cybercrimes and nation-state activities to improve your enterprise protection.