Cisco reviews 2020 security challenges and predicts what’s next

0
566

Stephanie Chan from Cisco looks back at the year like no other, and how it impacted the cyber security landscape in profound ways. She predicts that this trend will continue into 2021. “2020 was an unusual year where circumstances shifted at record pace. Amidst the scramble and confusion, security teams rose to the occasion. Perhaps most significantly, organisations had to rapidly protect and scale their remote access while facing new security risks.

“The past year has shown us just how cyber threats can impact our lives, and the need for everyone to prepare for evolving attacks in the future.” says Stephanie. Here she examines what happened last year in the world of security, celebrates those who were able to keep governments, businesses, and individuals cyber safe, and looks at five key trend elements that she suggests we can all prepare for 2021.

Elections
According to Cisco’s cyber threat intelligence team Talos — 2020’s election security landscape was more complicated and yet more secure than it was in 2016. While many were focused on foreign election interference, domestic disinformation campaigns were quick to rise as well. Talos Director Matt Olney says that the commercialisation of disinformation campaigns, or Disinformation-as-a-Service, is now more widespread but also easier to spot. State and local officials were able to take what they saw in 2016, build the right procedures, and come better prepared four years on.

“As a result, a conversation with an election official in 2020 is fundamentally different than how it would be in 2016,” says Olney, “Gone are the times where I would say, ‘Let me tell you about this threat,’ because they’ve spent the last four years learning about those threats.”

In that time, the federal government created procedures and processes for election security as well—the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) created in 2018 uses network sensors and network flow monitors to be available at low cost to any state. The Cybersecurity and Infrastructure Security Agency, also created in 2018, works towards the security of the United States’ cyber security and communications infrastructure.

Healthcare
Healthcare also became a critical point of 2020 with the coronavirus outbreak, and CISO of Steward Healthcare Edmond Kane says that some bad actors used this to their advantage. Massive upticks in threats emerged through the pandemic, whether because of the rapid move to remote working or luring unsuspecting users into phishing, disinformation campaigns, and even Covid-related scams.

Kane says that this is insidious because healthcare IT is the essential backbone of modern patient care—individual’s lives depend on whether this infrastructure is secure. A big challenge in the healthcare industry is legacy and outdated technology. Healthcare professionals and businesses are constantly balancing the risk of introducing new IoT technology and devices that may be insecure, while legacy technology may not be up to speed. Ultimately, communicating the value of security is vital because every person in the industry needs to know how to be vigilant. In healthcare, the consequences move beyond just information.

“Healthcare is not about cyber security, it’s about patients,” says Kane, “And it’s our role to get in there and help them make sure that security doesn’t enter the bedside of the patients.”

Remote work
The shift to remote working in 2020 meant two things— making sure all employees could safely work from home and ensuring that they could still access the company resources and assets. Because of this, many turned to Remote Desktops, the technology that allows users to connect to a computer from a remote location. Voila, your office computer is now at your home desk, but RDP (remote desktop protocols) often pose security concerns as well.

These include stolen credentials, man-in-the middle attacks (a cyber attack where a bad actor puts themselves in the communication line between two parties), and remote code execution (a vulnerability where an attacker can run their own code on a machine or server of their choosing). Any remote desktop solution, if compromised, grants an attacker entry into the organisation. Organisations who use RDP must implement extra security measures to keep themselves and their employees safe.

Ransomware
Ransomware trends saw the adoption of new tactics, techniques and procedures (TTP) on corporate networks in 2020. As malware gained traction and popularity, many actors refined their approaches and adopted new strategies like adding countdown timers on their ransom, threatening permanent deletion of data, and even big game hunting.

Big game hunting is when attackers leverage compromised systems as initial access points to the network. From there, the attack moves to gain access to additional systems while escalating privileges. The ransomware is only activated once these systems are accessed, so that the attacker creates maximum damage on the victim.

Online sales postings have also become more frequent, where attackers try to sell access to multiple networks to other threat actors. In addition, bad actors are now exfiltrating large amounts of company data before unleashing ransomware to conduct what is called “double extortion.”. Double extortion also creates massive disruption in businesses who have to deal with compromised networks as well as the threat of the actors releasing their intellectual property, trade secrets, and other confidential information.

Passwords
According to Verizon’s 2020 Data Breach Investigations Report, stolen credentials are the second most common activity conducted by attackers during a breach. This is crucial because using authorised passwords is one way bad actors can gain access to a network while staying under the radar.

Like the ransomware trends, credentials are being used for future attacks—“credential dumping” is a technique when an attacker scours a computer for more credentials for further intrusions. Because there are plenty of areas within operating systems where credentials are stored, like memory, databases, or files, attackers can easily attempt to copy passwords once they have infiltrated and dump the credentials.