- Cyber criminals are changing their tactics to take advantage of emerging vulnerabilities, according to a new report.
- Five key factors are influencing the cyber threat landscape.
- By taking certain steps, organizations can build a more security and agile environment.
Since the COVID-19 pandemic radically shifted the way people work and live, there’s been a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities, according to a new report from IT services provider and consulting firm Accenture.
“Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world,” the report said. “CISOs who understand these challenges and can pivot their security approach can help their organizations to emerge stronger.”
The firm’s annual Cyber Threatscape Report predicts some of the key cyber security trends that will shape the upcoming year. One is that state-sponsored and organized criminal groups will mask their identities by using a variety of new, open-sourced tools and penetration testing methods to carry out attacks and hide their tracks. Another is that criminals are actively exploiting corporate email systems to steal data and gather credentials for espionage efforts.
The study describes five key factors that are influencing the cyber threat landscape:
The COVID-19 pandemic is accelerating the need for adaptive security, as it has opened the door to opportunistic threats.
The pandemic has opened the door to opportunistic threats, the study said, creating social engineering opportunities such as new phishing campaigns. The global health crisis has also put unprecedented pressure on organizations as they struggle with business continuity, travel restrictions, and remote working.
As profits increase for bad actors, they can innovate and invest in more advanced ransomware and take advantage of the greater vulnerabilities of remote working, the report said. Accenture expects threat actors using these tactics to continue to evolve and proliferate.
Companies in all industries should plan for these challenges to persist indefinitely and to have long-term effects.
Bad actors are aiming sophisticated new tactics, techniques, and procedures at business continuity.
Cyber criminals, possibly including state-sponsored actors from a range of countries with aggressive and capable cyber programs, continue to develop powerful capabilities for command and control, intelligence gathering, and defense evasion at tactical and technical levels.
Accenture has seen operators from some of the most skilled and best-resourced groups targeting Microsoft Exchange and Outlook Web Access (OWA) and using them as beachheads to hide traffic, relay commands, compromise e-mail, exfiltrate data, and gather credentials for onward espionage.
Masked or noisy cyber attacks are complicating detection efforts.
Sophisticated adversaries are masking their identities with off-the-shelf tools. They’re using techniques such as spear phishing and going after supply chains as targets.
Groups have stepped up indiscriminate approaches, reportedly conducting mass scanning or widespread phishing to try to achieve footholds to conduct espionage or conceal directed activity in a broader campaign. Initial access, and subsequent movement
within and around business environments is also still frequently enabled by supply chain compromise, the report said.
Once on the network, many cyber criminals can benefit from the availability and effectiveness of built-in system tools and penetration testing frameworks to conduct post-compromise activity. Common penetration testing tools continue to feature heavily in complex cyber intrusions, the study noted.
Ransomware is feeding a profitable, scalable business.
Ransomware attackers have seen new success in 2020, having established a profitable and scalable business model, the report said. Along with finding new ways to infect businesses with ransomware, they are stealing company data, turning ransomware attacks into data breaches.
This data is used to extort victims, sometimes through public channels such as the news media, turning what was a potentially expensive recovery process into a longer-term problem that involves notification requirements and brand reputation damage.
Malicious actors are copying and adapting existing ransomware strains, applying new tactics, and incorporating the use of new strains of ransomware as they are created, the study said.
Being connected has consequences.
As the report noted, in a period of unprecedented uncertainty within the operational technology (OT) space, “the security of some of our most critical systems is being called into question. As more of these technologies are connected and workflows are streamlined, it can be difficult to judge the added risk that this can pose.”
Entire classes of vulnerabilities that might not have been relevant 10 to 20 years ago are showing up in unexpected places, it said, and attackers are now finding novel ways to exploit them in this new environment. Much of this has been encountered with the Internet of Things (IoT), and useful lessons can be learned from this experience.
There are various devices scattered throughout enterprise networks—printers, surveillance cameras, wireless routers, etc.—and each of these has an associated risk.
Organizations should expect cyber criminals to become more brazen as the potential opportunities and pay outs from attacks increase, the study said. In such a climate, enterprises need to put the right controls in place and leverage reliable cyber threat intelligence to understand and address the threats.
The report suggests several steps organizations can take to create a more secure environment. One is to secure all users, devices, and network traffic consistently with the same degree of effectiveness, regardless of where they are located. “Secure network access and applications are just as fast with security as they are without,” it said.
Another is give end users access to what they need when they need it. Changes related to security should be transparent to users, so they can do their jobs effectively even as security implementations are being put in place.
It’s also important that security leaders be seen as catalysts for change, “using empathy and compassion to deliver a more agile response,” the report said. Deploying adaptive security creates confidence. For example, organizations can use the cloud or expand access to more remote users.
Companies should also consider using managed services and automating where it makes sense.
Finally, IT and security executives should engage with business leaders to plan, prepare, and practice for greater cyber security resilience, backed by the right resources and investments.