With 2021 nearly in our rear-view mirror, one thing is clear: attacks are on the rise and bad actors will continue to seize every opportunity to cause disruption in a world still navigating the effects of a global pandemic.
This year, cybersecurity has remained a top priority and business imperative for organisations and CIOs across the board. While some believe the industry is making progress, and tools and practices are slowly improving, adversaries are similarly evolving, and are quick to devise new and sophisticated ways to foil the best efforts at protecting data and other critical assets. Although the technical controls are continually improving, the human factor is often a stumbling block to thwarting the machinations of attackers.
A look back on the year reveals many high-profile cyber attacks, one of the most potentially dangerous being the Colonial Pipeline attack in April. Bad actors breached the entity’s networks through a private account, which was used by its staff members to access the network remotely. Even though the account was no longer in use, attackers could still access it after its password was leaked on the Dark Web. In May, an employee found a note demanding a ransom in cryptocurrency. The employee notified an operations supervisor who immediately started the process of shutting down the pipeline, something that had never before happened in its 57-year history.
Although it happened at the end of 2020, the effects of the SolarWinds attack were still being felt in 2021. In December 2020, a commercial software application created by the IT management specialist fell victim to a highly sophisticated cyber intrusion, enabling the bad actors to infiltrate SolarWinds’ supply chain and plant a backdoor. Once customers downloaded the infected installation packages, they were infected by a Trojan, and attackers were then able to access the systems that ran the products.
Fellow IT management firm Kaseya was also victim to an attack in 2021. Another victim of ransomware, the company disclosed in early July that hackers had exploited a vulnerability in its VSA software. Not unlike the SolarWinds attack, the bad actors were able to compromise the software to enable them to push malicious code updates to thousands of customers. The full extent of the incident and its impact is yet to be fully determined.
“The SolarWinds attack was certainly an eye-opener in how anything is possible and anyone is a target,” says Judy Winn, head of information security at Peach Payments. “Compromising a software supply chain will probably continue to be a trend to watch out for. There’s a huge payoff for the criminals from these types of attacks in terms of the number of systems that become compromised when trusted vendor software that has been unknowingly and maliciously altered is installed on multiple devices.”
To pay or not to pay
Another scourge is ransomware. Says Winn: “I think there were and continue to be many unscrupulous individuals and groups preying on unsuspecting and vulnerable people during the pandemic. People are overloaded with additional stresses from a variety of areas, so it can be hard to keep one’s guard up. In addition, the social engineering attacks like phishing and vishing are becoming so sophisticated that it becomes difficult for even highly suspicious and careful people not to be caught out.”
Ransomware, she says, is a major threat globally and can have a severe knock-on effect on multiple economic players. “Major examples of this include the attacks on Transnet’s ports, the Department of Justice, and the South African National Space Agency. Criminals appear to be using ransomware in more of a weaponised approach, and when these attacks are successful in crippling key economic players or critical infrastructure providers, the effects can be felt far and wide.”
Compromising a software supply chain will probably continue to be a trend to watch out for.
Judy Winn, Peach Payments
Speaking of how cybersecurity evolved last year, Winn says it has moved to a higher priority level than before, given the radical change to the work environment and the associated attack surface.“According to PwC’s Global Digital Trust Insights Survey for 2021, over 51% of organisations are increasing their cyber budgets. I think the spotlight has really been on endpoint security and user awareness to combat attacks aimed at compromising information via the weakest link.”
On the horizon
Looking ahead to threats and trends we can expect to see in the coming months, Winn says the attack surface of most companies has increased drastically. Traditional network boundaries where one had a feeling of control over the network, devices, and information, have changed. There’s no longer a central view of all devices, unless they have the appropriate software installed and are connected to a (hopefully secure) internet connection.
As the Internet of Things continues to grow, with evermore devices being added, especially to home networks where WFH employees are connected, the risk potential here grows too. IoT devices are infamous for not being very secure, with default passwords often being left active, or devices remaining unpatched for extended periods of time. It will be interesting to see what the attacks of tomorrow look like, says Winn, and how information security professionals will detect and contain them.
Winn believes that many of the trends we’ve seen over the past year will persist into 2022. Businesses should start looking towards controls such as security orchestration and automation to keep up with the complexity of environments. Extended detection and response or XDR solutions are also likely to become more popular as organisations look to achieve greater visibility across all the devices that link to the organisation, including the slew of IoT devices. Such tools can help organisations speed up incident response by enabling an automatic reaction to certain types of incidents.
Share