In 2022 Cyber Criminals Continue to Recycle Malware. Don’t Fall Prey to Outdated Attacks.
It’s a known fact that cyberattacks are on the rise, but not because innovative criminals are executing new strategies or deploying novel attacks. Ironically, cyberattackers are doing what many good business people do — building off what already works. This explains why 75% of attacks utilize two years or older vulnerabilities. Because businesses have been notoriously lax at maintaining systems and security, bad actors simply choose an easy target and deploy a known exploit. Why invest time or research to “reinvent the wheel” when you can leverage attacks with a history of success?
Focusing on existing security best practices offers the twin rewards of getting the most mileage out of your security budget and preventing a majority of attacks. Concentrating on potential cutting-edge attacks certainly is an easier sell to leadership, but organizations should start with tried and tested solutions like vulnerability management tools. Hardening infrastructure creates a security foundation that makes your organization a daunting target for attackers.
This article will explore some of the different cyberattacks expected to grow in the coming years and how a solid foundation in existing security best practices will help thwart them.
Prediction 1: Supply Chain Attacks
Supply chain attacks have been a part of many major cybersecurity headlines after the recent attacks against SolarWinds, Colonial Pipeline, and Kaseya. This style of attack plays off of existing malware that has already proven to be quite profitable in its own right. Criminals build off the existing malware platform and place listeners and backdoors into organizations to create a situation where they can farm valuable data in a long-term persistent attack.
This shift from a one-time attack model to an advanced persistent threat (APT) style attack makes the impact far more significant. It creates a recurring loss of data that the business may be unaware of and may create a state of non-compliance. This is especially relevant for highly regulated industries such as Healthcare and Financial, where non-compliance can lead to significant fines and even mandatory corrective action plans, impacting productivity as resources are dedicated to meeting plan goals.
The other significant impact of a long-term attack is the damage to the organization’s reputation. Customers have an increased interest in how their data is handled and protected. When information comes out about a breach, it is often picked up by the news media. This damages the reputation of a company for years after it occurs.
Prediction 2: Operational Technology
Operational technology (OT) has long been a prime target for attackers due to its nature of infrequent updates and limited technological support post-production. Vulnerabilities persist for an average of 150 days before patches are released for OT systems, and organizations still need time to test and implement before they are deployed. These basic vulnerabilities create accessible pathways for attackers to gain control of this technology.
Attackers targeting these devices can have an extremely high impact on the organization and sometimes nationally, as was the case for Colonial Pipeline. Because many of these devices are part of critical infrastructure, attackers believe they have a better chance of receiving a ransom payment to get them online quickly. This assessment makes sense as the loss of these systems has wide-reaching implications. Factory OT systems can shut down production lines, and turning off heating or cooling systems can make offices unbearable to work in, which leads to a loss of productivity. Businesses want to get back to operations as quickly as possible, so they often pay the ransom.
Prediction 3: Internet of Things (IoT)
IoT utilization has been expanding for quite some time to account for almost 4.8 billion devices. These devices are not simply smartphones and tablets but instead provide actual functionality to the business. They manage office environments, process shipping and receiving, and integrate into physical access control for an organization such as badge readers that control entryways. These devices are so prevalent that they account for nearly 30% of all endpoints in existence today.
The problem with IoT is that it is notoriously poorly maintained by manufacturers, and can be challenging to test and update. This has led to more than half of all IoT devices in production having critical vulnerabilities. These vulnerabilities make it easier for attackers to access protected internal resources because these devices often reside on internal networks where more protected assets reside. This can give attackers the access they need to cripple large portions of your IT infrastructure and steal vast amounts of data on assets that were thought to be inaccessible from the outside world.
Organizations looking to address IoT security problems do not have to implement complex security measures. Instead, they simply need to implement basic security processes of patch management and network isolation. This helps protect devices with resolved vulnerabilities and lessen the impact of the device being compromised by ensuring it only has limited network access to other resources.
Evolution of the Same
Attackers see no reason to reinvent the wheel when it already works. Rather than playing off new and novel attacks, scaling up what is already effective simply makes sense. Most attackers already take the path of least resistance to gain access; there is no reason to complicate already simple and effective attacks.
Vulnerability scanning offers an easy way for your organization to stay one step ahead of attackers by identifying devices and assessing them for vulnerabilities before the attackers do. For more information on how a vulnerability assessment can protect against device risks without crippling efficiency, check out Frontline's vulnerability management solution.