February 2023: Reddit was hit by a security breach in which it allegedly lost 80GB of data that included documents, code and systems.
February 2023: Technion Institute in Israel was impacted by a ransomware attack.
March 2023: Hospital Clinic de Barcelona suffered a ransomware attack that crippled its system.
June 2023: The file transfer tool MOVEit was hacked, impacting more than 200 organizations and 17.5 M individuals, including multiple US federal agencies.
June 2023: Malware was detected in 190 Android apps on the Google Play Store that had been downloaded over 30 million times.
June 2023: The video game company Blizzard Entertainment suffered a distributed-denial-of-service (DDoS) cyber-attack.
These are just some of the major cyber security attacks that have occurred in recent times. Cybercriminals are keeping pace with rapid advances in technology, coming up with newer and more sophisticated attack mechanisms that enterprises are hard pressed to combat. Added to this, digitalisation has led to a greatly enlarged attack surface that cybercriminals can target, leaving organizations more vulnerable to data breaches that can lead to severe financial losses, reputational damage and possible compliance and regulation issues. Enterprises need to ensure proactive and strong security measures to mitigate risk and safeguard themselves against potential threats. In this blog, we will discuss the top five cyber threats that organizations face and strategies they can adopt to defend themselves against attack.
Ransomware has emerged as one of the most menacing cyber threats organizations face today, accounting for 34% of all cyber insurance claims in the first half of 2022. Cybercriminals deploy malicious software that encrypts the organization’s data, and ransom demands for its release can range in the realm of tens of millions of dollars. Today’s environment of economic instability has added to the number of players entering the game, as has the adoption of ransomware-as-a-service, which enables people to acquire the sophisticated tools they need to carry off an attack. In addition to substantial financial loss, enterprises stand to lose sensitive data, incurring brand and reputational damage, supply chain disruption and in the case of global entities, compliance issues.
Investing in preventive measures such as regular software updates, strong cybersecurity practices, employee training, network segmentation, and data backups is imperative. A multi-layered defense strategy that also includes threat intelligence, incident response plans, and regular backups can significantly mitigate the risk of falling victim to ransomware attacks.
As businesses migrate their data and applications to the cloud, the security of cloud environments has become a paramount concern. Various points of vulnerability exist here. Improperly configured cloud resources and inadequate access controls and identity management mechanisms can create security gaps that attackers target to gain access. Users with varying levels of access to resources and data can pose a threat if their credentials are compromised or intentionally misused. In today’s scenario of hybrid work, with users logging in via various devices from multiple locations, this becomes even more difficult to control.
Many cloud service providers follow a shared responsibility model, where they secure the infrastructure while customers are responsible for securing their own data and applications. This can create potential gaps or weaknesses on either side that attackers exploit. Third-party applications and services that enterprises integrate with their cloud environment can introduce further risks. Those using cloud-based services from multiple vendors have an expanded attack surface that offers potential for supply-chain attacks, caused by a spread of diverse cloud technologies with various security controls that allow for numerous possible weak links.
Data exposure during transmission is another risk factor, as is a company’s frequent lack of complete visibility and control over all its cloud assets. To mitigate these vulnerabilities and enhance cloud security, organizations need to first ensure a good cloud strategy, and perform vendor risk assessments that not only cover vendor security, ethics, compliance and more, but also examine each vendor’s service providers to determine possible vulnerabilities. They can then choose the optimal delivery and deployment model that offers minimal risk.
The shared security responsibility model being adopted should be clearly defined with regard to the responsibility of each party involved. Encryption keys should be made secure, preferably at a location separate from where data resides, and technical safeguards put in place. The company needs to conduct ongoing assessments and audits to identify and address weaknesses by putting controls in place. For those that have operations managed by different cloud deployments, it makes sense to synchronize policies and settings across all operations, and also reduce complexity by introducing a single pane of glass view across workload, data compliance and access control management. They should also ensure strong data encryption mechanisms, automate security processes as far as possible, invest in training their employees on security best practices, monitor constantly and always have an incident response plan in place to respond to attacks.
These are carefully planned attacks where intruders first reconnaissance and then infiltrate networks, remaining undetected over long periods during which they steal sensitive data and obtain unauthorized access to systems, disrupting business. APTs are insidious in that they can target multiple entry points such as the web, email, software, etc via phishing and social engineering, gaining access and compromising accounts. Other than crimes for financial gain, APT intrusions are used for espionage, destroying data, and what is popularly known as hacktivism. Those responsible often include nation-states, organized crime groups and state-sponsored hacking groups.
A case in point is the APT attacks in Ukraine in recent times, apparently engineered by Russian hackers. An emerging area of concern in organizations is the vulnerability of operational technology systems since these are increasingly being digitized. Outdated software, lack of centralized visibility of OT devices, applications, and users, multiple vendors and lack of stringent access control measures all play a part in this. Enterprises need to invest in network access control technology, in employee training, modern API security solutions, with regular patching and hardening of infrastructure, network, and software components to prevent API-related cyber-attacks.
In recent years, supply chain attacks have surged in frequency and impact. Cybercriminals often target third-party vendors and suppliers to infiltrate a primary target's network. Given the complex networks and digital connections that exist between enterprises and their suppliers, vendors, and service providers across organizations, systems and geographies, finding weak links is not difficult for attackers. Managed service providers that service multiple companies are prime targets in supply chain networks, as they present access to numerous networks.
Again, the objective can be cyber espionage or disruption of infrastructure, but financial gain is also a top consideration, the MOVEit hack mentioned earlier being a prime example. Enterprises can largely mitigate the risk by continuously monitoring the security postures of various players in the chain along with those of their extended networks to ensure that they are adhering to supply chain integrity and security best practices. Implementing a zero trust model and least privilege access that entails each connection request passes a strict list of policies before being permitted to access intellectual property is another good practice, as are regular audits for unapproved shadow IT Infrastructure. Security awareness and threat intelligence play an essential role here.
Distributed Denial of Service (DDoS) attacks disrupt online services by overwhelming a target's servers with a massive influx of traffic. These attacks can cause major service downtime, impacting revenue, customer satisfaction and reputation. Often, these attacks are perpetrated by a botnet—a group of hijacked internet-connected devices like IoT devices—to carry out large-scale attacks. Sometimes, these botnets are hired out to other players wishing to launch similar attacks. DDoS attacks may also be used to divert attention while the attacker infiltrates the system for other malicious activities. It can sometimes be difficult to differentiate between regular traffic and attack traffic, so learning how to do that is a key consideration for companies to mitigate these attacks.
Traffic analytics tools can warn of some signs of a DDoS attack like large amounts of traffic from a single IP address or from users with a single behavioral profile, or odd traffic patterns and resource usage. Since DDoS attacks can be either single-source or more complex multi-vector attacks, a layered approach to mitigation is best. Various methods such as blackhole routing, rate limiting, network diffusion, the use of web application firewalls are used as part of the layered approach. Having a DDoS resiliency plan in place is essential. Performing log monitoring can help with early detection, while using a threat intelligence feed all help enterprises keep their DDoS protection up-to-date.
The ever-evolving cyber threat landscape demands that enterprises remain vigilant and proactive in their cybersecurity efforts. A robust security posture, combined with the right mix of preventive and responsive strategies, is crucial to staying one step ahead of cyber adversaries. Partnering with a security expert that offers the tools and expertise can be a valuable addition to an enterprise’s defense strategy against cyber-attacks.