Cybersecurity Threats, Like the Pandemic, Still Lurk

The CrowdStrike 2021 Global Threat Report called 2020 one of the most active years in recent memory for those tasked with stopping breaches and protecting organizations against cyberattacks, provided details on trends that emerged throughout the year and called on security teams to become more versatile, proactive and productive to step out in front of threats going forward.

In cybersecurity, everything seems to repeat, albeit with twists and turns–and the occasional startling attack, technique or target. So, the trends uncovered by CrowdStrike weren’t necessarily surprising. But in 2020 it was all about the unusual circumstances we found ourselves in…and the details. The company’s eCrime Index (ECX), used to “understand the ebbs and flows” of eCrime, showed an underground economy continues to thrive with certain parallels to global markets.

Here’s (at least some of) the details you should know:

The health care sector entities continue to fight the pandemic that sparked lots of malicious cyber activity. State-sponsored adversaries wormed their way into networks to nick data on vaccine research and government pandemic response and played on the fears and economic distress of targets around the world, isolated during lockdown. “Ransomware has proven to not be ethical in any way and will target anyone, any company and any government including hospitals and transportation industries at a time when they are under extreme pressure,” said Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify.

China, Russia, Iran and North Korea continued to dominate as nation-state menaces. But, “in 2020, cyber-enabled regional espionage blossomed in South and Southeast Asia, broadening the threat landscape for organizations with operations within this region,” the report found. Noting while “the best defense against nation-state adversaries is recognizing that you can’t stop them,” Rick Holland, CISO, vice president of strategy at Digital Shadows, said, “you can make their lives as difficult as possible.”

He recommends ensuring the basics – implementing vendors’ hardening guidelines, taking a risk-based approach to vulnerability management, not deploying administrative consoles on public-facing networks and enforcing multi-factor authentication. “The basics aren’t glitzy, and they aren’t always easy to roll out,” he said. “Still, they make adversaries’ operations more difficult—anything you can do to slow them down increases your ability to detect and respond.”

The ransomware adversaries that grew like weeds in 2020 are still motivated and use increasingly damaging tactics, techniques and procedures (TTPs). Data extortion a la Twisted Spider (the operators of Maze and Egregor) proved to be a foreshadowing of the tactics eCrime actors will use to capitalize on ransomware infections. Adversaries also added blackmail to the mix. “Ransomware is going to continue evolving; recently it is becoming not just a security incident but also a data breach, with organized cybercrime groups also stealing the data before they encrypt it—meaning that companies are not just worried about getting their data back, but also who it gets shared with publicly,” said Carson.

“2020 was a bad year for attacks and the trend shows no signs slowing down,” added Scott Devens, CEO at Untangle. “As companies continue to pay ransoms, cybercriminals are becoming more emboldened and turning their focus to ransomware attacks as a lucrative opportunity,” said Devens. “These malicious actors are also moving away from holding data hostage and zeroing in on targeting critical infrastructure that can cause disruption to society. The shift came as they realized they could get larger ransoms faster if their attack had the potential to cause severe consumer pain.”

The allure of big game hunting (BGH) dominated the ecosystem of eCrime enablers and spawned the market for network access brokers. For example, threat actor Carbon Spider, which had distinguished itself by targeting point-of-sale (POS) systems, shifted to a focus on BGH. And, Wizard Spider—a BGH actor and established eCrime “megacorp”—retained its status as “the most reported eCrime adversary for the second year in a row,” the report said. “Data theft and the use of a DLS have arguably become as engrained in the BGH ransomware operation as the encryption process itself,” CrowdStrike also noted.

Anyone who might believe that the woes of 2020 are in the rearview must disabuse themselves of that notion. COVID-19 still lingers, as do hackers and miscreants bent on destruction, disruption or dollars (well, cryptocurrency, but that’s not quite as alliterative). CrowdStrike added 19 named threat adversaries in 2020–bringing the global total to 149–that implies a lot of potential malicious activity going forward. Is your security team versatile, proactive and productive enough to take them on?

Avatar photo

Teri Robinson

From the time she was 10 years old and her father gave her an electric typewriter for Christmas, Teri Robinson knew she wanted to be a writer. What she didn’t know is how the path from graduate school at LSU, where she earned a Masters degree in Journalism, would lead her on a decades-long journey from her native Louisiana to Washington, D.C. and eventually to New York City where she established a thriving practice as a writer, editor, content specialist and consultant, covering cybersecurity, business and technology, finance, regulatory, policy and customer service, among other topics; contributed to a book on the first year of motherhood; penned award-winning screenplays; and filmed a series of short movies. Most recently, as the executive editor of SC Media, Teri helped transform a 30-year-old, well-respected brand into a digital powerhouse that delivers thought leadership, high-impact journalism and the most relevant, actionable information to an audience of cybersecurity professionals, policymakers and practitioners.

teri-robinson has 196 posts and counting.See all posts by teri-robinson