The Attacker Playbook Hasn’t Changed
Businesses are dealing with a unique and challenging scenario as they navigate the COVID-19 pandemic, but attacker tactics haven’t changed. They’re the same as they were yesterday, the difference is their grammar has improved. Going further, we haven’t really seen an increase in attacks—just a shift in investment.
The cyber black market industry is no different than any other industry when you take a step back. These attackers have built profitable enterprises wrapping services around their skillset and tools. We see botnets-as-a-service—buy your DDoS (distributed denial of service) attacks by the hour—and malware kits that enable anyone to build out their own botnet—C&C (command and control) servers included. We have even seen ransomware helpdesks and call centers to support victims in purchasing money packs, the list goes on.
This billion-dollar industry is focused on taking advantage of vulnerable technologies and people lacking knowledge about the sophistication of these ploys and what to look out for. All these attackers have done, amidst this pandemic, is double down on their user-focused attack portfolio. So, we must be prepared. The good news is we have already solved a lot of these problems.
On a positive note, this kind of pressure always results in some very creative outcomes. As the saying goes, necessity is the mother of invention. I look forward to hearing about all the creative ways companies are adjusting to the new world.
With that said, there’s never a bad time to reinforce the basics and take control of the things that are within your grasp.
Get Visibility into Your Remote Assets
Renew your focus on endpoint protection and visibility. Given the current state of the world, attackers know users are exposed and are largely unprotected on their home network. A study from the Ponemon Institute found that nearly two-thirds of respondents indicated a lack of confidence in their ability to monitor endpoint devices off the corporate network.
Reduce Friction for Users
Make sure there’s a low friction and safe method that allows your users to share information internally and with customers. Security needs to become the department of “YES,” instead of “NO.” If you sanction a tool, then people will use it. It’s also important to ensure it can accommodate large files—don’t give your people an easy excuse to go off-script.
Shift Your Mindset to Passphrases
Two-factor (2FA) and multifactor (MFA) authentication are a good thing, but a simpler place to start, that doesn’t require the introduction of new technologies is with passphrases. The average number of letters in an English word is 5. The average words in a phrase is 20. Not all password fields allow for that many characters, but the point here is the defense is length not complexity. With every additional character, you make guessing or cracking the passphrase exponentially more difficult.
Going further, password managers are your friend, too. There are plenty of them out there. If If I’m able to get my Grandma using a password manager (and I have), I’m confident we’re all capable regardless of technical aptitude. If you want even more protection, then implement and enforce 2FA or MFA. Just be prepared to support it.
It’s important to understand that nothing much has changed for attackers. The way we live our lives and the way companies conduct business day-to-day has shifted dramatically in response to the COVID-19 pandemic. Some of the changes expose organizations to new or greater risks, and attackers are always looking for ways to exploit chaos and change. Following these recommendations and cybersecurity best practices, however, will help you stay secure even during quarantine.
About the Author
*** This is a Security Bloggers Network syndicated blog from Alert Logic - Blogs Feed authored by Tom Gorup. Read the original post at: https://blog.alertlogic.com/the-attacker-playbook-hasnt-changed/
