Statistics gathered from 2021 indicate that the pace of cyberattacks increased dramatically, with organizations experiencing 50% more attacks than the previous year. The hardest hit was the Education and Research sector, which was targeted a whopping 75% more than in 2020, and suffered an average of 1,605 weekly attacks. These are of course, alarming numbers, and they mark a clear trend by cyberattackers who seem determined to cash in on vulnerable companies, especially those which don’t take the threat seriously. Many companies are aware of the seriousness of these attacks, and that’s why security software vendors also experienced record growth last year, with the industry as a whole earning 146% more than the prior year. Still, it’s almost impossible to stop determined attacks, so all a company can do is prepare itself in the best possible way to avoid being victimized by cyber criminals.
2021 also saw a significant increase in attacks on mobile devices, more concerted attacks on cloud services, and the unexpected revival of the infamous botnet known as Emotet. Check Point Research issues a comprehensive report each calendar year, and since the firm is one of the leading cyber security solutions providers, this report carries a great deal of credibility. As always, the report contained information on the most targeted sectors of industry, as well as the techniques used by attackers. Here are some of the key highlights contained in the 2022 security report issued by the company.
2021 Cyber Security Highlights
Early in the year, the notorious SolarWinds attack began the year by signaling it would be one which included numerous attacks on supply chains, a trend which would be continued over and over throughout the year. In April, the powerful Codecov attack was unleashed, and later in July, the Kaseya attack gained serious traction. When December rolled around, one of the nastiest attacks of the year was unveiled when the Log4j attack surfaced. All these attacks made it clear that global supply chains are ripe targets for cyberattackers, and this fact would be exploited numerous times. If nothing else, it points up the built-in risk that supply chains have, and which companies are therefore exposed to in that sector.
Cloud services also came under serious and repeated attack during the year. Far more than in any previous year, cloud services were attacked and exploited by criminal masterminds. Many cloud services which were though to be safe, were laid bare to attackers who accessed significant amounts of private and business-critical data, found ways to cross over different environments, escalate to acquire root privileges, run arbitrary code, and to do all these for varying amounts of time before being detected.
There were some major developments on the mobile device landscape as well. All through the year, attackers made use of smishing (SMS phishing) in order to distribute their malware, and they made constant attempts to hack social media accounts for the purpose of gaining open access to owners’ mobile devices. Since the banking industry continued to digitize its operations during the year, various apps were created with the intention of reducing face-to-face interactions, and those have opened the door to new and dangerous threat possibilities.
Emotet was one of the most destructive and dangerous botnet threats in history, and during the 2021 year, this attack came back in full force. After being defeated in January of 2021, it re-emerged in November, and as soon as it did reappear, it quickly achieved a 50% activity level compared to its most active time earlier in the year. That level of activity increased all through December and on into 2022, and will undoubtedly claim new victims until someone finds a way to again take it down.
If there were any positive developments during the year, it was probably the fact that government agencies became much more proactive about going after ransomware attackers. Whereas in the past, their stance was largely reactive, in 2021 it became much more proactive, largely because of the Colonial Pipeline attack which occurred during the month of May. Following this hugely successful attack, the Biden administration became aware that the existing policy was only leading to failure and exploitation. After that attack, the government actually began to initiate offensive operations against attackers, their funding sources, and their entire network of supporting infrastructure.
The Challenge Presented By Remote Workers
In both 2021 and 2022, the challenge presented by having much of the workforce operating from home, is expected to provide fruitful ground for cyberattackers. There are now 48% more people working from home as opposed to before the COVID-19 pandemic began, and even as the pandemic winds down, most companies say they will allow as many as 74% of their workers to remain at home while working. One area of vulnerability is virtual private networks, which theoretically protect your identity and your browsing activity from the watchful eyes of cyberattackers.
However, the U.S. Department of Homeland Security has uncovered at least two major flaws in the architecture which make it possible for exploitation to occur. Microsoft’s Remote Desktop Protocol also is vulnerable, and has undergone repeated brute-force attacks ever since 2020. That’s because it also has at least two major vulnerabilities, and these have become known to attackers as well as defenders. Several other types of remote desktop software have also been successfully targeted, for instance TeamViewer, Netop 4, LogMeIn 4, and VNC 121.
Another tool necessary for home operations is email, and following the pandemic, a major increase in the number of attacks on email quickly came into prominence. Two of the most common areas for attack continue to be business email compromise (BEC) and the traditional phishing attacks. Phishing attacks are likely to continue indefinitely, because not all organizations take the time to train their employees about how they can be tricked and scammed by attackers into giving up valuable company data or security information. It is known that attacks carried out through email annually cost organizations in the neighborhood of $1.8 billion.
Almost all malicious emails are comprised entirely of text, which means they cannot be filtered out by firewalls or other protective software. Many of the most successful email attacks from last year were related to COVID-19, which gave them the look and feel of legitimacy. Cybercriminals can easily spot fake email domains which attempt to mirror actual domains, so they aren’t easily dissuaded from their business by half-hearted attempts to thwart them.
Operational Technology Companies Face Increasing Attacks
Healthcare and manufacturing companies are also facing an escalating volume of cyberattacks, primarily because both these industries rely heavily on operational technology. There are a number of reasons why the operational technology systems used in these industries are susceptible to attack, starting with the fact that the technology used is often old and less sophisticated than newer systems. Even if security updates are available for these systems, they are often avoided because they have a tendency to make the original system fail or run sluggishly. In prior years, this really didn’t matter much, because those systems were standalone, and not at serious risk of penetration. Since they weren’t connected to any networks, there was no real danger. Now that cloud technology and the IoT have entered the picture, that is no longer the case, and these systems have become ripe for exploitation.
Zero Trust Will Become A Standard Networking Requirement
Traditional network security is recognized as a castle-and-moat model, which means everyone inside the castle is trusted, and no one from outside the castle is. This obviously leaves the threat of insider attack wide open, and since we now have cloud technology, IoT, and people working remotely, any company’s private network is far more open to potential threats. Even insiders can be cyberattackers, and if so, they are ideally positioned to carry out attacks with no one being the wiser. Up to now, companies have tried to manage this threat by allowing the least possible privileges to most users, and the lowest level of security access. This is what’s referred to as the Zero Trust model, and it can be summarized by the well-known motto, “Never trust, always verify”.
There are three different ways that companies can implement Zero Trust architecture. The first is through enhanced identity governance, which calls for having the right person or device receive the right level of access by confirming their assigned attributes and their identities. The second method is through micro-segmentation, wherein related groups of resources are situated on different network segments, with each one having its own gateway security. The third way to implement Zero Trust is by using Network Infrastructure and Software-Defined Perimeters (SDP). The strategy behind SDP is to conceal the servers and routers of your network by replacing any hardware definitions with software definitions. That effectively makes the infrastructure invisible to everyone, including cyberattackers. It can only be accessed by people with top-level authorization, making it as safe as possible for the company.
Many companies such as Google and Netflix have already built their own Zero Trust models successfully, and having shown the way, it is expected that this will become a major trend throughout 2022. Of course, most companies lack the resources to construct proprietary Zero Trust architecture, but packaged versions can be purchased, and it is expected that a great many more companies will do so this year and next.