Connect with us

Expert Speak

Cybersecurity Predictions for 2022

Published

on

Written by Saket Modi, CEO, and Co-Founder, Safe Security

As we look forward to the security threat landscape for 2022, here are some predictions from Safe Security:

  • The First Phygital Catastrophe is Coming: A central mission-critical application will go down and create a ripple impact across businesses and for consumers around the world. For example, a hack on a major central system like an internet gateway, public cloud provider or a healthcare system like Epic will impact millions of people and we will see the physical ramifications in our everyday lives. Healthcare could be upended, businesses unable to provide digital services, flights cancelled, food and supplies not delivered and more.
  • The Consumerization of Cyberattacks Will Rise for Easier Wins: The attack perimeter is becoming more personal, and the consumerization of attacks will rapidly increase. For example, the last iOS update alone had 11 zero-day attacks. Hackers will amplify attacks on mobile apps and people. This issue will proliferate because as zero-day attacks are rising, consumer cyber awareness and the steps people need to take to protect themselves have not increased in tandem.
  • Cybersecurity and Data Science Fields Will Unite: Cybersecurity and data science have been disconnected fields that served two distinct purposes, but they will come together to help organizations better understand and proactively protect against increasing threats. The fields will collide and continue to grow together out of necessity, as the application creation and enterprise data continue to explode and dramatically expand the attack surface.
  • Cyber Insurance Will be Mandated: In the next 12 months, the quantum of cyber insurance needed to protect against ransomware and other attacks will be mandated, at least in some geographic regions and industries. In a similar manner to requiring everyone to have auto liability insurance, high at-risk industries will be mandated to have a minimum level of cyber insurance. For example, companies may be required to have insurance to cover at least two percent of their annual turnover. In the next five years, almost all industries and geographic regions will mandate cyber insurance.
  • A Healthcare Cyber Regulator Will be Established: Healthcare continues to be the most targeted and attacked vertical, putting consumers at risk while not effectively protecting itself. A healthcare regulator or governing body will be put in place soon, like the SEC for the highly regulated financial services industry, to help strengthen the healthcare industry’s security and consumer protection.
  • More Cybersecurity Services will be Sold by Non-Cyber Companies in the Next Five Years: Cell Phone service providers and device manufacturers will embed cybersecurity as a service into their plans to help consumers manage their security. Businesses will purchase cybersecurity offerings within their IT plans to protect employees and infrastructure. A large chunk of cybersecurity, both personal and enterprise, will be sold by large technology companies rather than solely through cyber vendors.

Cyber Security

Why Context is Everything When it Comes to Cybersecurity?

Published

on

Written by Hadi Jaafarawi, managing director – Middle East, Qualys

The cybersecurity threat landscape has never been more challenging, sophisticated, and severe. Research suggests that in the UAE alone, around $746 million is lost every year to cybercrime, and the country faced a 79% increase in the problem from 2019 to 2020. For firms and IT departments across the region, it’s a constant battle to stay ahead of the bad actors.

Add in the fact that several security teams are either stretched or under-skilled, not to mention, that many face pressure to keep budgets in check and it really is a perfect storm. In an effort to level the playing field, security teams are turning to technology. But that comes with challenges of its own.

A lack of clarity
There’s no shortage of security tools offering what professes to be the solution. And it’s no surprise that security teams reach for them in the hope of coping with the issue and reducing their risks. More and more, companies are adopting an increasing number of tools to add further layers of security and protect against risk. Today an organisation’s security infrastructure will include everything from Security Incident and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) to Network Detection & Response (NDR) and Extended Detection and Response (XDR)

Admittedly, the tools each have value, so that’s not the problem. The challenge is that each new tool adds another data silo. Each separately reports its own specific data based on its own particular use and area of the network. And it’s then down to the analysts, who are faced with multiple alerts from multiple systems and solutions, to make sense of it all.

When there are too many alerts, issues can be notified to lots of different teams, or worse missed altogether. Alert fatigue — where the team is exposed to constant alerts and consequently fails to act when it really matters — is a real problem. This is why XDR tools are designed as a holistic, top-layer solution that collects data from multiple sources to provide a comprehensive picture, enabling real-time incident detection and response. But again, it’s not that simple, as XDRs vary in quality, effectiveness, and even function.

Some SIEM and XDR tools simply deliver raw data to analysts, who then have to interpret the data and make endless decisions about any actions that are needed. They collect disparate, unrelated data, and it’s up to the analyst to deal with the notifications, analyse, prioritise and then act, or not. Busy security analysts are likely to be faced with multiple alerts in any given day, many of which are actually false alarms. It’s little wonder that it’s easy to miss or ignore that one really vital alert.

Context is key
Enter the value of contextual insight. Rather than simply churning out data and leaving it to the over-worked analyst to handle, some XDR tools can go a step further by providing that all-important context. All alerts may look basically the same in one tool. But, when brought together with external threat intelligence and other security data, that harmless-looking alert will suddenly have more meaning and jump up the priority list. XDR is designed to break down data silos and provide the context required to help analysts get better insight, by creating a consolidated view of the entire enterprise technology stack and any threats. It pulls together all security solutions and functions into one place, giving analysts a single, comprehensive view of threats across the entire network.

By correlating data from asset inventory and vulnerability information, high-quality threat intelligence, network endpoint telemetry, and third-party log data, analysts get more context on what’s happening — leading to a far more effective and quicker response to threats. Without this context, too much time is wasted on manual tasks and important alerts can easily be missed. This context allows the rapid, focused investigation to be carried out where it’s actually needed.

Providing context using XDR gives security professionals the visibility and insights they need to reduce risks and improve their security approach. It empowers busy teams with the clarity and context to enable them to make the right decisions and deal with potential issues — and quickly.

Continue Reading

Cyber Security

How Cybersecurity Readiness Prevents SMBs from Fuelling Supply Chain Attacks

Published

on

Written by Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East

Supply chain attacks aren’t new. If the past couple of years has taught businesses anything, it’s that the impact of supply chain cyber-attacks is now, universal, from the fallout of the SolarWinds software breach to the exposed Apache Log4j vulnerability and Kaseya last year. Unfortunately, when such supply chain attacks hit smaller businesses who are usually the suppliers to larger enterprises, their impact is especially prohibitive.

For SMBs already feeling the prolonged impact of the pandemic, the added pressure of dealing with sophisticated and frequent cyber attacks in real-time, is a heavy burden, as they try to protect their business against financial, legal, and reputational damage, as well as their own suppliers and larger clients’ security. It is now more important than ever for SMBs to implement strict security hygiene and effective cybersecurity processes to ensure their business is prepared for the event of cyber attacks happening.

SMBs as an indirect avenue of cyber attacks
The ‘new normal’ opened the door to several new vulnerabilities; cyber-attacks globally increased by 50% on average in 2021, compared to 2020. Our Check Point Threat Intelligence report revealed that an organisation in the United Arab Emirates is being attacked on average 906 times per week in the last six months. While security breaches are on the rise, the top threats impacting SMBs have remained the same. In Check Point’s Small and Medium Business Security Report from 2020/2021, we revealed phishing, malware, credential theft, and ransomware to be the top four threats impacting these businesses. So, what does this mean for them?

The reality is threat actors have taken advantage not only of the now-entrenched remote working model to target organisations, but also the usual limits preventing SMBs from bulking up on their cyber security defenses, mainly lack of budget and expertise. SMBs often do not have a dedicated IT or security department, meaning with no in-house security expertise and reduced focus on security patching, these companies are easier to socially engineer and infiltrate.

Adding to this, SMBs usually have employees doing multiple roles, and thus wider access to valuable areas of the business and information is given to them, and so if breached, they pose a  threat to multiple areas within the business. In addition, the business IT infrastructure is often shared for personal use communication as well eg. social media, personal emails allowing easier access to hackers, as the data is often not secured.

Threat actors often target SMBs as low-hanging fruit for their vital role in supply chains. This is especially so as such attacks wreak havoc on not only one organisation but entire businesses within the supply networks. By leveraging tactics such as phishing, cybercriminals gain access to an organisation to launch a malware attack, steal data and credentials or instigate ransomware.

Take, for example, the attack against Target USA where hackers used stolen credentials from an SMB vendor that serviced the HVAC systems in Target stores, to gain access to the retailer’s network and then laterally move to the systems that kept customer payment information. As a result, the global retailer was breached and 40 million credit and debit card details stolen.

The key factor to preventing cyberattacks is threat prevention. With minimal time and lack of cyber expertise or manpower, SMBs must adopt a prevention mindset to minimise potential cyber-attacks and threats.

Why cybersecurity readiness is paramount for SMBs
Beyond the immediate financial impact and reputational blow as a trustworthy, reliable partner, SMBs can also face legal or regulatory repercussions, operational disruption, flow-on costs for system remediation and cyberattack response, customer churn, and the loss of competitive advantage that can make or break a smaller business. In fact, a tarnished reputation as an avenue of attack can be even more detrimental to an SMB organisation, as the loss of trust with a larger organisation could mean a loss of potential business and revenue down the line with them or other new, potential customers.

With this in mind, budgetary constraints to keep computers and corporate networks protected should never be an excuse, as keeping sensitive data and information protected will bring many advantages and benefits to companies. This can range from overall cost savings, compliance with data protection laws, gaining the trust of customers and suppliers, to protecting your documents and information to the maximum by preventing any type of data breach.

How SMBs can prevent supply chain attacks
By applying stronger cyber defences, SMBs are in a position to provide larger organisations with assurance that larger companies they supply to will not be compromised via the SMB partner or third-party vendor. Whilst there are multiple means to prevent such supply chain attacks, the first step is to have good software capable of covering the entire company, protecting the company’s endpoints and devices, supported by regular backups so that, in the event of a cyberattack, they have the possibility of restoring all the data.

Any device that connects to the network can become a security breach, so it is important to secure all endpoints. It is especially critical for remote or hybrid workforces to avoid security breaches and data compromise. Also, all employees should be trained in cybersecurity so that they themselves become the first barrier to any attempted attack, such as phishing via email or SMS. Keep in mind that prevention is one of the best protection measures available.

A viable option for SMBs is to also consider engaging an experienced Managed Security Service Provider (MSSP), who will have the skilled resources, updated security software and experienced expertise to monitor for and analyse threats on behalf of the SMB player. This is especially useful for SMBs who have neither the time nor resources to adequately enforce threat detection and response.

Partnering with a cybersecurity expert equipped with best-in-class security and scalable solution such as Check Point Software can put SMBs in good stead to protect against the most sophisticated attacks and generate trust among larger potential players. Ultimately, SMBs seek a simple plug-and-play solution with best-in-class threat protection, given their lack of financial funding and skills. With an effective cybersecurity strategy, SMBs are better placed to demonstrate their credibility as secure partners to larger organisations, opening up more business opportunities.

Continue Reading

Cyber Security

How Cybercriminals Target Cryptocurrency

Published

on

Written by Sherrod DeGrippo, Vice President for Threat Research and Detection at Proofpoint

As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies.  The rise and proliferation of cryptocurrency have also provided attackers with a new method of financial extraction. It’s commonly believed that cryptocurrency provides more anonymity via less governmental and organizational oversight and visibility coupled with the inherent fungibility, thus making it an appealing financial resource for threat actors. The financially motivated attacks targeting cryptocurrency have largely coalesced under pre-existing attack patterns observed in the phishing landscape prior to the rise of blockchain based currency.

Proofpoint researchers observe multiple objectives demonstrated by cybercriminal threat actors relating to digital tokens and finance such as traditional fraud leveraging business email compromise (BEC) to target individuals, and activity targeting decentralized finance (DeFi) organizations that facilitate cryptocurrency storage and transactions for possible follow-on activity. Both of these threat types contributed to a reported $14 billion in cryptocurrency losses in 2021. In fact, Business Email Compromise topped the list of types of attacks CISOs in UAE expect to face in the coming months with 35% of CISO’s being concerned of potential BEC attacks.

While most attacks require a basic understanding of how cryptocurrency transfers and wallets function, they do not require sophisticated tooling to find success. Common techniques observed when targeting cryptocurrency over email include credential harvesting, the use of basic malware stealers that target cryptocurrency credentials and cryptocurrency transfer solicitation like BEC. These techniques are viable methods of capturing sensitive values which facilitate the transfer and spending of cryptocurrency.

There are multiple DeFi applications and platforms – such as cryptocurrency exchanges – that people can use to manage their cryptocurrency. These platforms often require usernames and passwords, which are potential targets for financially motivated threat actors.

Despite public keys being “safe” to share, researchers are seeing actors solicit the transfer of cryptocurrency funds via BEC type emails that include threat actor-controlled public keys and cryptocurrency addresses. These email campaigns rely on social engineering to secure the transfer of funds from targeted victims.

Credential Harvesting and Cryptocurrency
In 2022 Proofpoint has observed regular attempts to compromise user’s cryptocurrency wallets using credential harvesting. This method often relies on the delivery of a URL within an email body or formatted object which redirects to a credential harvesting landing page. Notably these landing pages have begun to solicit values utilized in the transfer and conversion of cryptocurrencies.

Crypto Phishing Kits
Credential harvesting landing pages are often built with phish kits that can be used to create multiple landing pages and used in multiple campaigns. Phish kits give threat actors the ability to deploy an effective phishing page regardless of their skill level. They are pre-packaged sets of files that contain all the code, graphics, and configuration files to be deployed to make a credential capture web page. These are designed to be easy to deploy as well as reusable. They are usually sold as a zip file and ready to be unzipped and deployed without a lot of “behind the scenes” knowledge or technical skill.

It is no wonder that CISOs around the world consider phishing as one of the most prevalent and challenging cybersecurity threats. A 2021 Proofpoint study found that almost a third of CISOs in the UAE believed they were at risk of suffering a phishing attack. Proofpoint researchers have observed multiple examples of phishing threat actors create and deploy phishing kits to harvest both login credentials to cryptocurrency related sites and cryptocurrency wallet credentials or passphrases.

Business Email Compromise – But For Crypto
A popular form of financial crime vectored through phishing is business email compromise (“BEC”). In 2022 Proofpoint regularly observes cryptocurrency transfer within the context of BEC attempts. Primarily these requests are observed in the context of employee targeting, using impersonation as a deception, and often leveraging advanced fee fraud, extortion, payroll redirect, or invoicing as themes.

The initial BEC email often contains the safe for public consumption values, including public keys and cryptocurrency addresses. By impersonating an entity known to the user and listing an actor-controlled public key or address, actors are attempting to deceive users into transferring funds from their account willingly based on social-engineering content. This is like the way actors use routing and bank account numbers during BEC phishing campaigns.

Conclusion
Financially motivated threat actor activity attempting to steal or extort cryptocurrency is not new. However, cryptocurrencies, digital tokens, and “Web3” concepts are becoming more widely known and accepted in society. Where once “crypto” was a concept that thrived in certain parts of the internet, it is now a mainstream idea, with cryptocurrency apps and services advertised by professional athletes and celebrities, and major events sponsored by cryptocurrency and block chain companies.

But threat actors are way ahead of general adoption of cryptocurrency, with existing infrastructure and ecosystems long established for stealing and using it. And as mainstream awareness and interest increases, it is more likely people will trust or engage with threat actors trying to steal cryptocurrency because they better understand how DeFi operates or are interested in being a part of “the next big thing”.

Users should be aware of common social engineering and exploitation mechanisms used by threat actors aiming to steal cryptocurrencies.

Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.