Cybercriminals are always busy plotting ways to attack, scam, and infect potential victims for financial gain and other reasons. Organizations can be especially tempting targets because they hold vast amounts of data, user information, customer accounts, and other assets to be compromised. Protecting your business from cyberattacks is a never-ending challenge. But to make sure your security eggs are in the right baskets, here’s a look at the most common cyberattacks we’ll likely see this year and how to defend against them.
Phishing will remain one of the most popular methods of attack by cybercriminals in 2020. By convincingly impersonating legitimate brands, phishing emails can trick unsuspecting users into revealing account credentials, financial information, and other sensitive data. Spear phishing messages are especially crafty, as they target executives, IT staff, and other individuals who may have administrative or high-end privileges.
Defending against phishing attacks requires both technology and awareness training. Businesses should adopt email filtering tools such as Proofpoint and the filtering functionality built into Office 365, said Thor Edens, director of Information Security at data analytics firm Babel Street.
Business-focused mobile phishing attacks are likely to spread in 2020, according to Jon Oltsik, senior principal analyst for market intelligence firm Enterprise Strategy Group. As such, IT executives should analyze their mobile security as part of their overall strategy.
“Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink,” said Greg Miller, owner of IT service provider CMIT Solutions of Orange County.
But user awareness is vital for combatting phishing attacks. Employee error has been and will likely remain one of the top causes of security incidents, according to Paige Schaffer, CEO of Global Cyber & Identity Protection Services at Generali Global Assistance.
“Even if your organization has implemented the latest and greatest security, it won’t matter if your employees are uninformed,” Schaffer said. “Exercises that include fake phishing email simulations to ‘test’ employees can be effective in helping them better differentiate legitimate emails versus malicious ones.”
Business Email Compromise
Another type of attack that will continue to plague organizations is Business Email Compromise (BEC). In this scam, cybercriminals and hackers masquerading as trusted executives or outside vendors send fraudulent emails to employees who have access to company funds, such as in the finance department. The goal is to trick the victim into wiring money to supposedly legitimate bank accounts that actually belong to the scammers. In 2018, Business Email Compromise scams generated around $1.2 billion, according to the FBI.
“Emails requesting payments to be sent to new bank accounts should also be investigated thoroughly before responding,” said Steven Weisman, a lawyer and college professor who teaches white collar crime at Bentley University, and a leading expert in cybersecurity. “Verification protocols for wire transfers and other bill payments should be instituted, including dual-factor authentication when appropriate. Companies should also consider the amount of information that is available about them and their employees that can be used by scammers to perpetrate this crime.”
But the right email security, security awareness, and filtering tools also are necessary components to protect against this scam. This means using security tools with expanded detection capabilities that can identify an email’s possible risk by analyzing the relationships, communication patterns, and technical fingerprints unique to senders and receivers, according to Kevin O’Brien, co-founder and CEO of security provider GreatHorn.
Ransomware will continue to be a top cybersecurity threat in 2020. Cybercriminals are using more targeted approaches to trick and infect users, while employees may have trouble spotting malicious emails. Once infected, many organizations opt to pay the money rather than see their critical data held hostage.
To defend against malware, users training and education are vital. From an IT standpoint, backing up your critical user and business data is paramount in the event such data is compromised and held for ransom.
The No More Ransom Project website provides decryption tools for some older versions of ransomware that are still in use, Weisman said. Before trying to decrypt the ransomed data, you’ll need to remove the ransomware, which you can do through antivirus software.
In its report “Defend Against and Respond to Ransomware Attacks,” Gartner recommends the following actions if you’re hit by ransomware:
- Disconnect and isolate systems immediately if an infection is discovered. Segregate networks (where the infected systems are hosted) from unaffected systems and networks where possible.
- Initiate your incident response plan (read “How to Implement a Computer Security Incident Response Program“). If you have cyberinsurance or a ransomware response expert, engage those individuals. Read “Market Guide for Digital Forensics and Incident Response Services” for further guidance on selecting and engaging with incident response professionals.
- Determine the scope of the infection. Sanitize the system(s) if possible. This process should aim to revert the system to its last known good state or install a new image (read “How to Prepare for and Respond to Business Disruptions After Aggressive Cyberattacks” and “5 Core Security Patterns to Protect Against Highly Evasive Attacks“).
- Determine the Ransomware variant (e.g., CryptoWall or WannaCry). This can easily be done by uploading information to ID Ransomware.
- Before assuming payment is the only option, submit your encrypted files to the No More Ransom Project and research any other free ransomware decryption tools and additional decryption keys that are made publicly available. If suitable decryption keys are available, restore systems and conduct a full risk assessment, then document the recovery procedure to prevent future attacks.
- Perform recovery steps:
- Locate your backups.
- Ensure all files and media are available and have not been corrupted or encrypted.
- Verify the integrity of backups (i.e., media is readable and correct).
- Check for backup snapshots or shadow copies of data if possible (newer ransomware may affect these, too).
- Check for any previous versions of files that may be stored on cloud storage (e.g., Dropbox, Google Drive, and OneDrive).
- After removing ransomware and restoring files, determine the original infection vector and address related security gaps. Investigate all systems in contact with the impacted resource, including file servers, application servers, workgroup/peer systems, and system backups.
Another threat in 2020 for businesses and individuals, password-based cyberattacks succeed because users tend to adopt the same or similar passwords across multiple sites and services. A security breach on one site can open the door for account compromises on other sites.
“For users that reuse passwords across personal and professional accounts, this also puts enterprises at risk of being breached,” said Ben Goodman, CISSP and SVP at digital identity company ForgeRock. “In fact, new research from the World Economic Forum found that 4 out of 5 global data breaches are caused by weak/stolen passwords. Organizations have reacted to this risk by increasing their password policies and requiring more and diversified characters, as well as more frequent password changes; however, this still allows users to reuse usernames and passwords across different accounts.”
To defend your organization against password-based threats and breaches, Goodman recommends the use of password-free authentication methods, such as out-of-band steps on mobile devices, a form of two-factor authentication (2FA). The type of authentication requires users to confirm their identities during the login process through a separate channel.
Distributed Denial-of-Service (DDoS) attacks
In 2020, DDoS attacks will continue to pose a large threat to websites. A successful Denial-of-Service attack can flood a web server with traffic, thereby causing it to slow down or crash. Hima Pujara, digital marketing executive at Signity Software Solutions, notes three types of DDoS attacks that can target organizations.
- Volumetric attacks. These flood the server’s network bandwidth with false data requests on every open server port. Since the machines continually deal with malicious data requests, they’re unable to process legitimate server traffic.
- Application-layer attacks. These focus on the topmost layer of the OSI network model. Attackers who go after the application layer focus mainly on HTTP, HTTPS, DNS, or SMTP. This type of Denial-of-Service attack can be hard to catch as it sometimes hits only one machine.
- Protocol attacks. These focus on damaging connection tables in network areas by sending slow or malformed pings and partial packets. The memory on the affected machine is overloaded, causing it to crash.
To help organizations respond to DDoS attacks, Pujara offers the following advice:
- Develop an incident response plan. Make sure your data center is prepared, and your team is aware of its responsibilities. As part of the plan, create a systems checklist, form a response team, define notification and escalation procedures, and keep a list of internal and external contacts to be informed about the attack.
- Devise a strategy based on the type of attack. For volume-based attacks, increase the capacity of the system to handle the fake bandwidth. For protocol-based/application layer DDoS attacks, blacklist IP addresses that are identified as being part of a DDoS attack.
- Set up a disaster recovery and business continuity solution to help minimize the impact of DDoS attack.
Internet of Things (IoT) attacks
As more devices become internet-connected both at home and at businesses, IoT attacks have grown and will continue to grow. Cyberattacks on IoT devices jumped by 300% in 2019, according to Chris Hass, director of information security and research at security firm Automox. Such devices typically use default credentials and so are ripe for unauthorized access and infection.
“There are currently no common standards and certifications applicable to the IoT domain, and vendors tend to be silent on the specific capabilities they use to secure their service,” said Tom Anderson, principal technologist for The Alliance for Telecommunications Industry (ATIS). “As such, the user has little assurance that best-in-class security methods are being applied, or not. To help mitigate this situation, ATIS and other industry organizations have coordinated to create a baseline set of IoT security requirements: The C2 Consensus on IoT Device Security Baseline Capabilities. Large businesses can demand that their IoT vendors provide a comprehensive security review of their systems prior to purchase and deployment.”
To defend against IoT attacks, organizations should use network segmentation and firewalls, suggests Jonathan Langer, CEO of IoT security firm Medigate. By micro-segmentation, organizations can limit the possible damage an IoT attack can cause on the network, while making sure that similar devices are getting patched and updated regularly.
Just as security professionals are using artificial intelligence (AI) to help detect and prevent cyberattacks, so cybercriminals are starting to use AI to launch more effective attacks. As one example cited by Paul Lipman, cybersecurity expert and CEO of security firm BullGuard, an attacker can launch malware that collects information to determine why the attack may not have succeeded and use that information to launch a second attack.
“An AI-based attack may not succeed at first attempt, but its adaptability can enable hackers to succeed in following attacks,” Lipman said. “The real danger is when AI-weaponized malware has developed to such a point that it is sold widely as-a-service in the cybercriminal underground.”
Such attacks may sound like more of a future threat, but Lipman said that the seeds of this approach are starting to grow and will likely develop more widely and quickly this year. The onus is on security professionals to learn more about AI-powered attacks to create and deploy effective protection.