The InfoSec Threat Lineup: Biggest Threats from 2019
As we approach year-end and look forward to future tech trends, we also reflect on the lessons learned over the past year. In the information security realm, things seem to stay the same even as they change.
Pervasive and persistent threats that are hardly new to the scene have made their way past small fry to take down some of the biggest service providers around. In many ways, 2019 proved the most effective threat vectors remain the most difficult to protect against, with the crucial attack point coming in the form of people – the hardest thing to control for within your organization.
There are some newer threats to consider as well, of course. Hackers never sleep!
Here’s our lineup for the nastiest InfoSec baddies of 2019.
The Career Criminals: Ransomware, DDoS, Phishing, Spoofing
Ah, the usual suspects. They’re still out their wreaking havoc even though we are all prepared for them with training and mitigation plans in place – or so we thought.
Ransomware has persisted as one of the biggest threats of the decade. While the original ransom-demanding malware was developed in 1989 and the idea remained popular into the 2000s, ransomware truly exploded into the infosec community consciousness in the mid-2010s with Cryptolocker. It has remained a staple in the bad actor’s toolbox ever since.
Though ransomware supposedly dipped towards the end of 2018, the attacks picked up again in 2019. Recent headlines about a targeted ransomware attack hitting prominent data center services provider CyrusOne demonstrate that ransomware seems to be hitting bigger and bigger targets these days, with targeted attacks routinely shutting down large regional hospitals and other critical service providers.
Distributed Denial of Service (DDoS) attacks are another vector that have remained popular for some time now. A DDoS attack, in a nutshell, relies on a flood of network traffic to overload a web service. They too are often highly targeted and seem to follow a similar trend to ransomware, with a small dip in the overall number and size of attacks in 2018 followed by an explosion in early 2019. One high profile DDoS attack this year took down Amazon Web Services for many customers with outages lasting over 8 hours.
Finally, social-engineering attacks such as phishing and spoofing remain popular and extremely difficult to defend against. Even highly trained employees can fall victim to a well-designed spoof site or phishing attack, especially if their attention lapses. Both phishing and spoofing often rely on impersonating legitimate sources to obtain sensitive information or install malware on workstations and devices.
A worrying phishing method reached prominence in 2019, using the victim’s own address book to spoof the sender address. From there, links lead to websites that appear to be real Office 365 portals, prompting login credentials which are quickly swiped. This method was being used to target O365 administrators in a spearphishing (phishing attacks that target specific individuals) campaign.
The Well-Connected: State-Sponsored Attacks, Supply Chain Attacks, and Insider Threats
Attacks often come from those who have connections to the target organization. As cyberattacks also hit the world stage, those who are well-connected often have hackers of their own. Cyberwarfare is no longer a sci-fi concept but a reality facing large corporations and state organizations alike.
One prominent example occurred this fall when Airbus was targeted by a suspected state-sponsored Chinese hacking group, which accessed a VPN that connected suppliers to the aerospace behemoth. That segues perfectly into our next threat: supply chain attacks.
Major news broke earlier in the year when it was revealed that hardware manufacturer Asus had fallen victim to a supply chain attack, with insider access used to inject malware into legitimate software update processes. Supply chain attacks can also be delivered within the supply chain itself, with the actual hardware compromised. In either case, inside access is required. We can expect these tyopes of attacks to proliferate as consumer demand for devices continues, more and more devices are connected to the internet, and the monetary interest in cyper-espionage and cyberattacks keeps growing.
New-ish Kids on the Block: Living off the Land (LOTL) Attacks and Formjacking
While neither is entirely novel, both Living Off the Land (LOTL) and formjacking attacks have grown significantly in prominence over 2019.
Formjacking is quite simple: malicious code is loaded onto websites and used to steal credit card and other sensitive information which can then be sold. Of course, this is just a newer form of a classic attack vector, which is code injection. However it takes advantage of the proliferation of common ecommerce platforms to quickly spread throughout popular shopping, travel, and other sites that require credit card processing. Some reports claim formjacking accounts for 71% of all web breaches today.
LOTL attacks are a way for intruders to attempt to remain undetected by avoiding the use of malware or brute force attacks and instead taking advantage of software that is already in use at an organization. This allows them to blend into typical network, server, or workstation activity and avoid raising any red flags. Examples include Powershell scripts, memory-only threats, fileless persistence, macros, and dual-use tools such as netsh or PSExec.exe.
The Opportunists: Misconfigured Cloud, Storage, and Databases
Finally, we have the attack vectors that leave you kicking yourself. Crimes of opportunity are rife with unsecured cloud resources such as storage buckets (probably the biggest offender in this category) and databases leaving highly sensitive information free for prying eyes to see – and steal.
There are many ways for your cloud configuration to leave a backdoor for hackers. Many users assume that because their cloud offers security protocols, compliance certifications, and monitoring tools, that their data is inherently secure. That is not always the case.
To learn more about the shared responsibility model for cloud security, join our webinar next week! Infosec Manager Dan Deter will walk through which parties are responsible for which pieces of the cloud infrastructure stack, as well as offering some tips on securing your cloud environment and creating audit trails.
So there you have it: a motley crew of attack vectors all waiting to be leveraged against your corporate systems. While it may seem as though the odds are against you, the odds can tip in your favor with consistent and persistent monitoring, antivirus and antimalware tools, a strong SIEM like Azure Sentinel, and a backup or disaster recovery plan for critical business systems.