How threat actors have responded to the evolution of remote access security

How threat actors have responded to the evolution of remote access security

The move to remote working has seen an increase of the attack surface which cybercriminals have been keen to exploit. Mark Lukie, APAC Sales Engineer Manager, Barracuda, tells us how the approaches of bad actors have evolved in response to the evolution of remote access security.

Mark Lukie, APAC Sales Engineer Manager, Barracuda

We are now into the third-year of COVID-induced disruptions to our work and personal lives.

One of the most immediate and significant impacts to COVID was the rapid shift to large-scale remote working. This trend inevitably increased the attack surface of organizational IT assets, a development that threat actors of all kinds were quick to exploit.

The initial imperative that precipitated the widescale shift to remote working has now passed. Remote working is now becoming an integral part of Digital Transformation, and good security is being implemented from the outset, not as a best-effort, last-minute add-on to enable the essential shift to remote working.

That’s the good news. The bad news is that just as organizational approaches to remote access security have evolved, so too have those of bad actors of all persuasions. Here are some developments most likely to threaten organizations in 2022 and beyond.

AI-enabled business email compromise (BEC)

The Barracuda Spear Phishing: Top Threats and Trends Vol.7 – Key Findings on the Latest Social Engineering Tactics and the Growing Complexity of Attacks report found that in 2021 cybercriminals sent out three million messages from 12,000 compromised accounts.

While approximately 500,000 Microsoft 365 accounts were compromised, a full 36% of organizations that had an account compromised had hackers set up malicious inbox rules to hide their activity. In fact, hackers on average created two rules for each compromised account.

According to the FBI, BEC garners more revenue for cybercriminals than any other kind of cybercrime, almost US$1.9b in 2020 (A$2.6b). In a BEC attack the attacker usually persuades an employee to initiate electronic payment of a large sum with an email that appears to be from a known and trusted source. Organizations are getting better at thwarting these attacks by requiring additional checks to verify the authenticity of requests for high value funds transfers.

However, attackers are also getting better at impersonating those who routinely authorize large transactions. They are deploying deep fake technology to mimic the voices of such people. They then make a phone call to request a high value transaction. This ploy has already been used successfully several times, including against a bank in the UAE that netted the criminals US$35m (A$48m).

Skills shortage puts cloud security at risk

The shortage of security skills is huge, global and well-known. The (ISC)2 Cybersecurity Workforce Study, 2021, estimated the global shortage of cybersecurity professionals at 2.7 million. In Australia, it said the number of people working in cybersecurity had grown 34%, to 135,000 from 2020 to 2021 and a further 25,000 were needed.

The impacts of these shortages will be felt for years, but as organizations continue to rapidly increase their use of public cloud services the lack of skills needed to ensure correct configuration, and hence the security, of these facilities will make them increasingly vulnerable. In mid-2021 Gartner forecast Australian spending on public cloud services to reach A$13.8b in 2021 and A$16.7b in 2022.

Security incidents related to their cloud-based services will continue to grow, because the skills shortage is not going to disappear anytime soon. The solution is automation. Organizations need to deploy continuous, automated policy compliance tools.

As industrial networks grow, so does the risk

Operational technology to control and monitor industrial systems has been widespread for years. It is now morphing into the Industrial Internet of Things (IIoT) where industrial devices become connected to corporate IT networks and to the Internet, exposing them to all the dangers it brings.

Under the many pressures produced by the pandemic – on supply chains, energy prices and more – organizations of all kinds have increased connectivity of their facilities in search of increased efficiencies and lower costs. When these developments are made under pressure, security tends to suffer.

In August 2021 security researchers revealed four vulnerabilities in the NicheStack TCP/IP stack used to enable communications in IP-connected OT and IIoT devices. These vulnerabilities could enable attackers to mount remote code execution, denial of service attacks and more.

Security measures such as firewalls and micro-segmentation can add additional protection, but these vulnerabilities still must be patched, which can be difficult to do in a continuously operating production environment.

Variety is the spice of a ransomware actor’s life

As the cost of ransomware attacks and cyber insurance payouts rise insurers are demanding increasing stronger baseline security from policyholders. When organizations beef up remote desktop protocols, VPNs and email security, attackers devise new ways to bypass security.

Supply chain attacks like the one mounted against Kaseya are becoming increasingly popular. So any organization with digital links to its business customers could be compromised to gain access to the attacker’s ultimate target.

Attackers will also explore new channels to gain entry, such as SharePoint, OneDrive, Google Drive and Google Docs. These SaaS platforms have already been compromised with new and highly original phishing campaigns, and the number of successful attacks will certainly increase. A high level of visibility and tight control of corporate IT systems and data is essential to detect and thwart these advanced threats

Zero exceptions to Zero Trust for US Government

On 21 May 2021 US President Joe Biden issued an Executive Order on Improving the Nation’s Cybersecurity. To the surprise of many in the cybersecurity industry it required the Federal Government to ‘advance toward Zero Trust Architecture’, in other words, it mandated the use of Zero Trust across federal government entities.

This edict is likely to spur a significant increase in the adoption of Zero Trust security by the US private sector and elsewhere as boards and senior management realize that it not only significantly strengthens their security but confers competitive advantage.

However, they must understand that Zero Trust security is not achieved simply by deploying a product that claims to provide Zero Trust security. Zero Trust is a state of security achieved only by addressing multiple issues with the appropriate solutions.

The first steps are easily achieved with existing security solutions such as host-based firewalls, micro-segmentation, data loss prevention, roles-based access controls, etc.

There are many more point solutions, all of which can contribute to optimizing an organization’s cybersecurity and building adaptability and resilience.

Browse our latest issue

Intelligent CISO

View Magazine Archive