Despite efforts by organisations globally to layer up their cyber defences, hackers and saboteurs continue to lead the race in cybersecurity. And they are innovating faster than ever too.
Our connected world has become a playground for cybercriminals who now have multiple ways to steal a company’s data – and often go unnoticed. The availability of innovative technologies like AI, robotics and automation means cyberattacks are now happening at machine speed.
The NTT Ltd. 2020 Global Threat Intelligence Report (GTIR) reveals that some 21% of malware detected in 2019 was in the form of a vulnerability scanner. It supports the premise that automation is a key focus point of attackers. Additionally, botnets such as Mirai, IoTroop and Echobot have advanced in automation, improving propagation capabilities.
Attacks on technology
The hardest-hit industry has been technology. The weaponisation of IoT attacks has contributed to technology becoming the most attacked industry in 2019.
It’s arguably no surprise. After all, organisations in the technology industry often maintain large amounts of sensitive data. They also tend to function in a collaborative environment and are often seen as pathways to other industries as they provide business enablement capabilities.
Attackers, therefore, wishing to gain a competitive advantage, or shrink a competitive disadvantage, often target these organisations to steal insider information such as technical secrets. One of the most common ways to target them is through ransomware. Businesses are too familiar with this form of malware, yet often fail to implement even the most basic measures to mitigate it.
The GTIR shows that the technology industry had the highest rate of detected ransomware of any industry. The devastating WannaCry, which first emerged in May 2017, continues to circulate. Although patches are available, variants of WannaCry ransomware are still the most commonly detected variant in 2019. They account for 88% of all ransomware detections.
Application-specific attacks focused on technologies supporting the industry’s web presence have spiked. Most notably, this has been Content Management Systems (CMS) with attacks accounting for about 20% of all attacks.
Cybercriminals are targeting popular CMS platforms like WordPress, Joomla! and Drupal. It gives them a route into technology businesses to steal valuable data and launch additional attacks.
The COVID-19 effect
Technology isn’t the only industry to fall victim to attacks on CMS. As described in our Monthly Threat Report for May 2020, attackers are also using the current COVID-19 pandemic to launch attacks on organisations responsible for helping people through this health emergency.
Organisations are relying more on their web presence during COVID-19 – such as customer portals, retail sites, and supported web applications. It risks exposure to attacks through systems and applications that cybercriminals are already targeting heavily.
COVID-19 has also brought cyber threats along with the actual virus. Phishing attacks leveraging the coronavirus started in mid-January 2020 with cyberattack type and volume escalating daily. Websites posing as ‘official’ information sources but hosting exploit kits and/or malware, for example, were created at an incredible rate. Sometimes, it exceeded 2,000 new sites per day.
From reactive to proactive security
What’s clear is that no industry is immune from an attack – and there is no use in standing still. It means organisations must transform from a reactive mindset to a more effective and proactive, intelligence-driven approach. Organisations that keep a close watch on the current threat environment will have a significant advantage in addressing threats. As will those that are practising cyber-resiliency and implementing solutions which are secure by design.
Organisations must implement the basics first. Understanding critical business assets that need to be protected, reducing the attack surface through patch management, as well as ensuring data is secured at rest and in motion. As hackers continue to innovate, leveraging threat intelligence capabilities is important. But traditional practices are and will remain, inadequate against modern threats.
It means conducting regular scans looking for vulnerabilities in externally facing systems, establishing procedures to rapidly patch systems if a critical vulnerability is discovered or disclosed, particularly if it’s known to be exploitable, and instituting a patch schedule for non-critical vulnerabilities. Prioritisation is key, and those organisations who invest in a risk-based approach to vulnerability remediation focusing on threats most likely to be exploited will be better off.
Organisations should also employ modern endpoint protection software designed to prevent, detect, and respond to malicious behaviours such as infected files from downloading or executing malicious payloads.
To protect against attackers targeting CMS suites specifically, organisations need to pay particular attention to hardening the default configuration of CMS services. This includes updating software with the latest patches, disabling unnecessary functionality and plugins, changing default usernames and passwords. It is all too often something organisations forget or neglect.
The threat landscape is changing
Now more than ever, organisations need to pay attention to improving their security posture. Focus on what’s critical in the organisation and mature their approaches to be secure by design. Pursue intelligence-driven cybersecurity and monitor the threat environment are also important.
Organisations should also look to leverage standards and frameworks defined by global leaders in the security space like MITRE ATT&CK and NIST Cybersecurity Framework. These frameworks exist to help organisations mitigate risks and provide excellent information to assess risk.
Absolute security is not possible, but they can be better prepared if they bolster their efforts.
NTT Ltd. is a leading global technology services company. We partner with organizations around the world to shape and achieve outcomes through intelligent technology solutions. For us, intelligent means data driven, connected, digital and secure. As a global ICT provider, we employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, trading in 73 countries and delivering services in over 200 countries and regions. Together we enable the connected future.
Visit us at hello.global.ntt