by Itai Greenberg*
If you look back at early 2020 "new year predictions", you will find nowhere a reference to an unprecedented global pandemic that will shut down, in many ways, the way we live and begin a new normal.
But it happened. And with the new normal came "new everything".
With the rapid shift to more cloud servers, the popularity of network-connected smartphones, in addition to the shift to remote work, organizations had to quickly adapt their security measures to make sure they are secured at all times, from any remote places they might connect from. This has now become the new security perimeter.
The new landscape has generated a surge of sophisticated fifth-generation cyberattacks. As organizations adapted to remote work, and all its digital implications, cyber-criminals seized the global crisis to launch a series of large-scale cyber exploits.
The era of ‘weapons-grade’ hacking
Cyberattacks have reached a new level of sophistication, ranging from international espionage to massive breaches of personal information to large-scale internet disruption.
Advanced “weapons-grade” hacking tools have been leaked, allowing attackers to move fast and infect large numbers of businesses and entities across huge swaths of geographic regions. Large-scale, multi-vector mega-attacks have sparked a need for integrated and unified security structures.
Most businesses are still in the world of second- or third-generation security, which only protects against viruses, application attacks and payload delivery. Networks, virtualized data centres, cloud environments and mobile devices are all left exposed. To ensure a cybersecure organization, businesses must evolve to fifth-generation security: advanced threat prevention that uniformly prevents attacks on a business’s entire IT infrastructure.
The SolarWinds supply-chain attack
Just as we thought 2020 could not have brought any more bad news or cybercrime advancements, along came the SolarWinds incident, which swiftly qualified for the title of the most significant attack of the year: sophisticated, multi-vector attacks with clear characteristics of a cyber pandemic, where the malicious activity is spread within the organization in a manner of seconds. This was a manifestation of fifth-generation cyber-attack.
The scope of the incident became clearer several days later when Microsoft, FireEye, SolarWinds, and the US government all admitted they suffered an attack made possible by a hack to SolarWinds, a common IT-management software. Further investigation revealed that the attackers added a backdoor, called Sunburst, to a component of the SolarWinds system, which was then distributed to its customers via an automatic software update. That granted remote access to multiple high-profile organizations – making it one of the most successful supply-chain attacks ever observed.
Several aspects of the SolarWinds supply-chain attack make it unprecedented in the ever-evolving cyber-landscape. Its scope was uniquely broad, with an estimated 18,000 SolarWinds customers affected, including most Fortune 500 firms.
COVID ushers in a cyber-pandemic
COVID-19 forced organizations to set aside their existing business and strategic plans, and quickly pivot to delivering secure remote connectivity at massive scale for their workforces. Security teams also had to deal with escalating threats to their new cloud deployments, as hackers sought to take advantage of the pandemic’s disruption: 71% of security professionals reported an increase in cyber-threats since lockdowns started.
As COVID-19 continues to dominate headlines in 2021, news of vaccine developments or new national restrictions will continue to be used in phishing campaigns, as they have been through 2020. The pharma companies that developed vaccines will also continue to be targeted by malicious attacks from criminals or nation states looking to exploit the situation.
Recent Check Point research shows that healthcare is currently the most targeted industry in the US, with a 71% increase in attacks compared to September. The chart below shows the sharp increase of healthcare-sector attacks compared to the global increase; since November, there has been an increase of over 45% in the amount of attacks in the sector, double the global increase in amount of attacks over the same time period (22%).
Remote vulnerabilities
As the coronavirus spread worldwide, the social distancing policies enacted due to the COVID-19 pandemic shifted a substantial portion of businesses from corporate offices to employees’ home offices. Network admins had to rapidly adjust to the requirements of working remotely and implement remote-access platforms within their organizations. Unfortunately, these often resulted in misconfigurations and vulnerable connections, allowing attackers to leverage these flaws to access corporate information.
As a result, the first half of 2020 saw an increase in attacks against remote access technologies such as RDP (Remote Desktop Protocol, developed by Microsoft to provide an interface for remote connection) and VPN.
Schools and universities have pivoted to large-scale use of e-learning platforms, so perhaps it’s no surprise that the sector experienced a 30% increase in weekly cyberattacks during the month of August, in the run-up to the start of new semesters. Attacks launched by these digital “class clowns” will continue to disrupt remote-learning activities over the coming year, if and when the pandemic spread will peak.
Fifth-generation solutions
With this new world, comes a new opportunity to redefine the role of cybersecurity and ensure every organization is stepping up the fifth generation of security. Below are three guiding principles:
1. Real-time prevention
As we‘ve learned, vaccination is far better than treatment. The same applies to your cybersecurity. Real time prevention of attacks, before they infiltrate, places your organization in a better position to defend against the next cyber-pandemic.
2. Consolidation and visibility
Solutions applied in individual areas of attack will probably leave you with security gaps, fragmented visibility, complex management and limited options to scale. Consolidated security architecture will guarantee you the security effectiveness needed to prevent sophisticated cyberattack. Unified management and risk visibility fill out your security posture.
3. Keep your threat intelligence up to date
To prevent zero-day attacks, organizations first need incisive, real-time threat intelligence that provides up-to-minute information on the newest attack vectors and hacking techniques. Threat intelligence must cover all attack surfaces including cloud, mobile, network, endpoint and IoT.
*Vice-President, Product Management, Check Point
**first published in: www.weforum.org
By: N. Peter Kramer
