Connect with us

Market Research

Gaps in Cloud Security Top Driver of Cyberattacks



UAE organisations have made strong progress in their data protection efforts, with 58% saying that their security measures have kept up with their COVID-led digital transformation initiatives over the past 18 months, according to new research from Veritas Technologies. This is compared to just 43% in last year’s 2020 Ransomware Resiliency Report.

However, there is still significant work to be done. The Veritas Vulnerability Lag Report, which surveyed 2,050 IT executives from 19 countries, including 100 from the UAE, discovered that UAE businesses could still be at risk of ransomware and other data loss incidents that result from IT security vulnerabilities introduced by their COVID-driven business transformation for another two years. And in order to reduce their vulnerability lag faster and extend their protection to the new technology that they’ve deployed since the start of the pandemic, the average UAE organisation would need to spend an additional $2.52m and hire 34 new members of IT staff.

For organisations to protect themselves against vulnerability to data threats, such as ransomware, their production and protection environments must evolve in parallel: as each new solution is introduced into the organisation’s technology stack, protection capabilities need to be extended to cover it. But all too often, the need to innovate at speed throws this balance out of kilter, creating a vulnerability lag, where systems and data are left unprotected and open to attack.

“Over the last 18 months, businesses have been dealing with the consequences of an event they couldn’t have seen coming. To their credit, they did everything they could to make the best of a bad situation. And the survival of many companies is due to the way in which IT teams supported the necessary transitions, including the massive shift to remote working,” said Johnny Karam, Managing Director and Vice President of International Emerging Region at Veritas. “Unfortunately, as a result of their rapid transformation, many organisations are now lagging behind when it comes to protecting their IT environment, leaving them badly exposed to digital risk. The good news is we’re starting to see UAE businesses begin to redress the balance, with 21% confident that they will be able to close the gap this year. But there is still a long way to go.”

Cloud environments are most at risk while this vulnerability lag persists: 77% of UAE respondents implemented new cloud capabilities or expanded elements of their cloud infrastructure beyond their original plans as a result of the pandemic. And 50% of respondents said that they had gaps in their protection strategy here.

Many of the UAE-based IT experts responding to the survey lack clarity about which cloud solutions have been introduced at their companies. Just 46% said they could accurately state the number of cloud services they were now using. They also lacked clarity about the data they might need to protect, with the average respondent admitting that 38% of the data their organisation was storing is “dark” – that is to say, they don’t know what it is – and that a further 49% is Redundant, Obsolete or Trivial (ROT).

Karam said, “In order to properly protect their data, businesses need to have a thorough understanding of the value and location of their data. So, before cloud data sets can be properly protected from threats like ransomware, IT teams need to know exactly what data sits in which cloud services. Worryingly, more than 50% don’t even know how many cloud services their companies are using, let alone what they are.”

The report also highlighted the impact that this vulnerability lag is having on the respondents’ business operations. 99% of UAE respondents stated that their organisation had experienced downtime in the last 12 months. And, on average they had been the victims of 4.2 ransomware attacks that had caused disruption and downtime to their businesses.

However, the global respondents who had managed to eliminate all vulnerabilities and reported no remaining gaps in their technology strategy had, on average, experienced around five times fewer downtime-causing ransomware attacks than those businesses that still had one or more gaps to close.

Karam said, “The UAE is a global hub for talent, expertise, and innovation, and the ‘Projects of the 50’ brings with it the great promise of ushering in the next phase of growth for the country.  This will be achieved when businesses are able to direct their newly hired talent to focus on innovation projects that help to fulfill the country’s aspirations, rather than on ‘catching up’.  Modernising data protection can play a key role in freeing up skilled IT team members to work on transformation projects by allowing Artificial Intelligence (AI) and Machine Learning (ML) to shoulder more of the burden. Also, selecting a single data protection platform that can operate across the entire data estate – both in your data center and the public cloud – can radically reduce the time and effort required to manage data protection.”

Market Research

Malicious Bots Responsible for 40% of Global Internet Traffic: Barracuda Report



Once used primarily by search engines, automated bots now account for nearly two-thirds of all internet traffic. This is according to new research by Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, which found that bad bots – which carry out a range of malicious activities including web and price scraping, inventory hoarding, account takeover attacks, distributed denial of service (DDoS) attacks, and more – now account for a staggering 40% of all internet traffic.

“While some bots like search engine crawlers are good, our research shows that a much larger number of bots are dedicated to carrying out malicious activities at scale,” said Nitzan Miron, VP of Product Management, Application Security, Barracuda. “When left unchecked, these bad bots can have serious consequences for businesses and ultimately lead to a breach. That’s why it’s critically important to be prepared to detect and block these attacks.”

Over the last year, owing to lockdowns and a growing emphasis by organisations on offering digital services, consumer’s utilisation of online shopping and other online services has skyrocketed. Attackers have been quick to attempt to exploit this popularity and Barracuda’s researcher found that eCommerce applications and login portals are now most targeted by advanced persistent bots.

While the internet activity of bad bots now exceeds that of humans, attackers have been developing these automated programs in a manner that mimics human activity. Most notably, Barracuda’s research found that bad bot behaviour peaks during work hours, closely mirroring trends in human internet utilisation. This is in sharp contrast to good bots that aren’t trying to circumvent security defences and therefore maintain traffic rates that are fairly constant throughout the day.

Though the rise of the public cloud has had an undeniably positive impact, it has also empowered cybercriminals. Barracuda’s research shows that most bot traffics now comes for the two large public cloud providers – AWS and Microsoft Azure – in roughly equal measure.

Continue Reading

Market Research

Honeywell Cybersecurity Research Reports Increase in USB Threats



According to a report released today by Honeywell, USB-based threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew. Data from the 2021 Honeywell Industrial USB Threat Report indicates that 37% of threats were specifically designed to utilize removable media, which almost doubled from 19% in the 2020 report.

The research also highlights that 79% of cyber threats originating from USB devices or removable media could lead to critical business disruption in the operational technology (OT) environment.  At the same time, there was a 30% increase in the use of USB devices in production facilities last year, highlighting the growing dependence on removable media.

The report was based on aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period. Along with USB attacks, research shows a growing number of cyber threats including remote access, Trojans, and content-based malware have the potential to cause severe disruption to industrial infrastructure.

“USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by attackers, including those that employ ransomware,” said Eric Knapp, engineering fellow and director of cybersecurity research for Honeywell Connected Enterprise. “Because USB-borne cyber intrusions have become so effective, organizations must adopt a formal program that addresses removable media and protects against intrusions to avoid potentially costly downtime.”

Many industrial and OT systems are air-gapped or cut off from the internet to protect them from attacks. Intruders are using removable media and USB devices as an initial attack vector to penetrate networks and open them up to major attacks. Knapp says hackers are loading more advanced malware on plug-in devices to directly harm their intended targets through sophisticated coding that can create backdoors to establish remote access. Hackers with remote access can then command and control the targeted systems.

The 2021 report includes data from Honeywell’s Secure Media Exchange (SMX) technology, which is designed to scan and control USB drives and removable media. To reduce the risk of USB-related threats, Honeywell recommends that organizations utilize several layers of OT cybersecurity software products and services such as Honeywell’s Secure Media Exchange (SMX), the Honeywell Forge Cybersecurity Suite, people training and process changes.

Honeywell’s Secure Media Exchange (SMX) provides advanced threat detection for critical infrastructure by monitoring, better protecting, and logging the use of removable media throughout industrial facilities. The Honeywell Forge Cybersecurity Suite can monitor for vulnerabilities such as open ports or the presence of USB security controls to strengthen endpoint and network security, while also ensuring better cybersecurity compliance.

Continue Reading

Market Research

FortiGuard Labs Reports Tenfold Increase in Ransomware



Fortinet has announced the latest semiannual FortiGuard Labs Global Threat Landscape Report. Threat intelligence from the first half of 2021 demonstrates a significant increase in the volume and sophistication of attacks targeting individuals, organizations, and increasingly critical infrastructure. The expanding attack surface of hybrid workers and learners, in and out of the traditional network, continues to be a target. Timely collaboration and partnership momentum across law enforcement, as well as public and private sectors, is an opportunity to disrupt the cybercriminal ecosystem going into the second half of 2021.

Ransomware Is About Much More Than Just Money
FortiGuard Labs data shows average weekly ransomware activity in June 2021 was more than tenfold higher than levels from one year ago. This demonstrates a consistent and overall steady increase over a year period. Attacks crippled the supply chains of multiple organizations, in particular sectors of critical importance, and impacted daily life, productivity, and commerce more than ever before.

Organizations in the telecommunications sector were the most heavily targeted followed by government, managed security service providers, automotive, and manufacturing sectors. In addition, some ransomware operators shifted their strategy away from email-initiated payloads to focusing on gaining and selling initial access into corporate networks further showing the continued evolution of Ransomware-as-a-Service (RaaS) fueling cybercrime.

A key takeaway is that ransomware remains a clear and present danger for all organizations regardless of industry or size. Organizations need to take a proactive approach with real-time endpoint protection, detection, and automated response solutions to secure environments along with a zero-trust access approach, network segmentation, and encryption.

One in Four Organizations Detected Malvertising
Ranking the prevalence of top malware detections by malware families shows a rise in deceptive social engineering malvertising and scareware. More than one in four organizations detected malvertising or scareware attempts with Cryxos being a notable family. Although, a large volume of the detections is likely combined with other similar JavaScript campaigns that would be considered malvertising.

The hybrid work reality has undoubtedly encouraged this trend in tactics by cybercriminals as they attempt to exploit it, aiming for not just a scare but also extortion. Increased cybersecurity awareness is important as ever to provide timely training and education to help avoid falling victim to scareware and malvertising tactics.

Botnet Trends Show Attackers Push to the Edge
Tracking the prevalence of botnet detections showed a surge inactivity. At the beginning of the year, 35% of organizations detected botnet activity of one sort or another, and six months later it was 51%. A large bump in TrickBot activity is responsible for the overall spike in botnet activity during June.

TrickBot originally emerged on the cybercrime scene as a banking trojan but has since been developed into a sophisticated and multi-stage toolkit supporting a range of illicit activities. Mirai was the most prevalent overall; it overtook Gh0st in early 2020 and has reigned ever since well into 2021.

Mirai has continued adding new cyberweapons to its arsenal, but it is likely that Mirai’s dominance at least still partially stems from criminals seeking to exploit Internet-of-Things (IoT) devices used by work-from-home or learning-from-home individuals. Gh0st is also noticeably active, which is a remote access botnet that allows attackers to take full control of the infected system, capture live webcam and microphone feeds, or download files.

More than a year into remote work and learning shifts, cyber adversaries continue to target our evolving daily habits to exploit the opportunity. To protect networks and applications, organizations need zero-trust access approaches to provide the least access privileges to secure against IoT endpoints and devices entering the network.

Disruption of Cybercrime Shows Reduced Threat Volumes
In cybersecurity, not every action has an immediate or lasting effect, but several events in 2021 show positive developments specifically for defenders. The original developer of TrickBot was arraigned on multiple charges in June. Also, the coordinated takedown of Emotet, one of the most prolific malware operations in recent history, as well as actions to disrupt the Egregor, NetWalker, and Cl0p ransomware operations represent significant momentum by cyber defenders, including global governments and law enforcement to curb cybercrime.

In addition, the level of attention that some attacks garnered spooked a few ransomware operators to announce they were ceasing operations. FortiGuard Labs’ data showed a slowdown of threat activity following the Emotet takedown. Activity related to TrickBot and Ryuk variants persisted after the Emotet botnet was taken offline, but it was at a reduced volume. This is a reminder of how hard it is to eradicate cyber threats or adversary supply chains immediately, but these events are important achievements regardless.

Defensive Evasion and Privilege Escalation Techniques Favored by Cybercriminals
Studying higher resolution threat intelligence reveals valuable takeaways about how attack techniques are evolving currently. FortiGuard Labs analyzed the specific functionality inherent to detected malware by detonating the samples to observe what the intended outcome was for cyber adversaries.

The result was a list of negative things malware would have accomplished if the attack payloads had been executed in target environments. This shows cyber adversaries sought to escalate privileges, evade defenses, move laterally across internal systems, and exfiltrate compromised data, among other techniques. For example, 55% of observed privilege escalation functionality leveraged hooking, and 40% utilized process injection.

A takeaway is that there is an obvious focus on defense evasion and privilege escalation tactics. Although these techniques are not novel, defenders will be better positioned to secure against future attacks, armed with this timely knowledge. Integrated and artificial intelligence (AI)-driven platform approaches, powered by actionable threat intelligence, are essential to defend across all edges and to identify and remediate shifting threats organizations face today in real-time.

Derek Manky, Chief, Security Insights and Global Threat Alliances, FortiGuard Labs, said, “We are seeing an increase in effective and destructive cyberattacks affecting thousands of organizations in a single incident creating an important inflection point for the war on cybercrime. Now more than ever, everyone has an important role in strengthening the kill chain. Aligning forces through collaboration must be prioritized to disrupt cybercriminal supply chains. Shared data and partnership can enable more effective responses and better predict future techniques to deter adversary efforts. Continued cybersecurity awareness training, as well as AI-powered prevention, detection, and response technologies integrated across endpoints, networks, and the cloud, remain vital to counter cyber adversaries.”

While government and law enforcement agencies have taken actions relative to cybercrime in the past, the first half of 2021 could be a game-changer in terms of the momentum for the future. They are working with industry vendors, threat intelligence organizations, and other global partnership organizations to combine resources and real-time threat intelligence to take direct action against cyber adversaries.

Regardless, automated threat detection and AI remain essential to enable organizations to address attacks in real-time and to mitigate attacks at speed and scale across all edges. In addition, cybersecurity user awareness training is as important as ever with anyone being a target of cyberattacks. Everyone needs regular instruction on best practices to keep individual employees and the organization secure.

Continue Reading

Follow Us


Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.