“Cybersecurity risk has never been greater,” says one security analyst, “as everything is interconnected in a larger digital environment.
That's according to FortiGuard Labs chief of security insights and global threat alliances, Derek Manky. He references FortiGuard Labs' Global Threat Landscape Report, which notes that 2020's threat landscape was fuelled by the pandemic, but greater attack surfaces also presented opportunities ripe for disruption.
The report describes adversaries as being highly adaptable as they conduct sophisticated attacks, particularly against remote workers, digital supply chains, and core networks.
The report notes a rise in attacks on internet of things (IoT) devices, particularly devices that are often found in home offices. Because each IoT device creates a new ‘edge' that must be defended, security monitoring of every device is paramount.
The report also analyses supply chain attacks, particularly in terms of the SolarWinds breach. This breach caused major disruption in 2020 for the company and tens of thousands of customers. Attackers compromised SolarWinds systems and remained undetected for months, enabling them to spy on SolarWinds and its customers.
“Detections of communications with internet infrastructure associated with SUNBURST during December 2020 demonstrates that the campaign was truly global in nature, with the “Five Eyes” exhibiting particularly high rates of traffic matching malicious indicators of compromise (IoCs),” FortiGuard Labs notes.
In the second half of 2020, the report notes a sevenfold increase in ransomware activity when compared to the first half of the year. Predominantly directed at healthcare, professional services, and public sector firms, the increase is driven by ransomware-as-a-service, and increased activity of ransomware strains like Egregor, Conti, Ryuk, Thanos, WastedLocker, Ragnar, Phobos/EKING, and Bazarloader.
“To effectively deal with the evolving risk of ransomware, organisations will need to ensure data backups are timely, complete, and secure off-site. Zero-trust access and segmentation strategies should also be investigated to minimise risk,” notes FortiGuard Labs.
Another major issue is vulnerability exploits. Amongst the 1500 exploits that FortiGuard Labs tracked over a two-year period, many exploits do not seem to spread fast. However, there is a 1-in-1000 chance that an organisation will be attacked through an unpatched exploit. Organisations should prioritise patching and remediation, which should first focus on known exploits and ones that are spreading quickly before ensuring all other systems are patched and secured.
“Cybersecurity risk has never been greater as everything is interconnected in a larger digital environment. Integrated and AI-driven platform approaches, powered by actionable threat intelligence, are vital to defend across all edges and to identify and remediate threats organisations face today in real time,” concludes Manky.