Connected digital tech means infinite attack surface
By Kirsten Doyle
Continued global expansion of connected digital technology, combined with the emergence of crimes such as malware as a service, make the many broad sets of criminal tools and services available to a much broader audience.
Today, we regularly see logical fingerprints of nation states co-mingle with criminals in the daily flood of cyber threat information we struggle to ingest and digest, and this is in the context of an already overburdened cyber crime fighting workflow.
“South Africa had the third-highest number of cyber crime victims in the world as I understand the statistics available publicly. This cost South Africa somewhere in the neighbourhood of 2.2 billion rand according to Accenture,” he adds.
In 2021, web applications, e-mail applications and virtual private networks were compromised at every level. In addition, 66 zero day exploits were detected, roughly twice the number from the previous year.
“We’ve also seen a proliferation of tools to assist in detection, and there's been a great deal of money funnelled into the exploit industry, which has served to counter that phenomenon,” he says.
“Nation states continued to develop zero day exploits. China, for example, was attributed to have nine zero days in 2020 and 2021, and the net result of that is an increase in cost and complexity, an exploit chain in layers and bundled exploits being developed,” adds Emerson.
Third-party attacks and supply chain issues also headlined the news in 2021 and 2022. “We saw software vendors such as SolarWinds experience breaches, and we also saw common service providers increasingly become the target of attacks, particularly as related to access to government or even law enforcement and criminal justice systems.”
The increased globalised threat of ransomware, particularly ransomware as a service, also has quite a few unintended consequences and repercussions for the supply chain. “If we look back to WannaCry..., while there was a dramatic effect on healthcare, many other sectors found themselves dealing with the outcomes related directly and indirectly to that particular strain.”
Critical common vulnerabilities and exploits in 2021 numbered more than 13 000, adds Emerson. “We saw major software products, and the operating system level in mail services on that list. We also saw open source, which has given way to some discussion as we move into the reality of critical vulnerabilities coming out of the open source environment.
“Then there was Log4J flaw in Apache’s software. In immediate weeks after proof of concept of Log4J, more than 100 hacking attempts were happening per minute. The broad scope of that particular vulnerability led to an obvious difficulty in finding all the instances in the different suites where that software was used for development,” he explains.
Moreover, it was a point of intrusion for ransomware attacks as well as nation state attacks. “We saw it automated, and coming from botnet sources, reverse shell attacks that lead to an effective fillers execution so malware executed in memory without leaving forensic touch points on the file system, or the kind of artefacts that we would normally expect to find as we evolve into 2022.”
In addition, Emerson says he’s seen a number of notable points of multi-factor authentication exploited in a default sense, and development teams in corporate environments being targeted for certificate breaches, to try to piggyback on those certificates to pivot into other environments.
“We've seen devices effectively attacked, and source codes stolen as relates to common major market mobile devices, and most recently, we've seen attacks on a carrier grade appliances from major brands,” he adds.
The bottom line? "We are seeing a slew of critical vulnerabilities targeting a broad swathe of technologies," he ends.