Threats that may define 2020 in the issue of corporate cybersecurity

security-it

One cannot resist the impression, that within the context of technological development, we are entering the third decade of the 21st century with much more reserve, than in the previous years which, both in terms of the consumer and the corporate market, would mostly approach innovation without criticism and with hyper-enthusiasm. It would be naive to claim, that the last 10 years have taught us critical thinking about technology, but one will not exaggerate when saying that it open the masses’ eyes to the issues, that would be mostly considered by a narrow group of experts and enthusiasts – the thing being cybersecurity.

Simultaneously, one may note the increasing marginalisation of the consumer market, in favour of the enormous assets committed to the development of the enterprise offer. This tendency may be seen in all important IT corporations, and nothing seems to show, that it would soon change. No wonder – currently the consumer devices are once again being reduced to the thin client role, a terminal allowing to connect with services which work in an external infrastructure of the provider. The resultant of the both tendencies indicates the issue, which in the upcoming decade will be important as never before – the security of corporate services.

Ransomware and data leaks – it takes two to tango

Following the 2017 WannaCry ransomware attacks campaign, a flawed belief had become dominant, that we were dealing with a new, exceptionally dangerous threat. While the second part of the thought is quite reasonable, ransomware cannot be considered as a new threat – it had its 30th birthday in 2019. However, at the turn of 2019, one could notice a certain innovation, that would definitely affect corporate security in 2020. Hacker groups had begun to employ a new attack tactic, resulting directly from the refusal to pay ransom by a portion of the victims of the traditionally perceived ransomware. In result, the attack itself, and the encryption of the ransom data, would become only the first phase of the attack. The second one – if the victim would be hesitant to pay ransom – would be the publication of vulnerable data, which, for organisations, may often be much more hazardous, than simply the loss of data. The attackers may publish the data in portions, possessing an endless amount of leverage, to cause increased pressure, and extort money with much more ease.

Instead of ransomware – discrete mining rigs

Ransomware – regardless of whether it is based on encryption itself or on an attack combined with a data leak – is an attack method that focuses on turning the attention of the victim, being incredibly invasive, paralysing the infrastructure of entire corporations or cities. It is absolutely barbaric in comparison to the cryptocurrency mining rigs, which gain increasing popularity, also among enterprise infrastructure attacks. Not only does the cryptocurrency mining not require the attacker to take such drastic and risky measures, such as encryption for ransom, but also, it may be conducted for years without notice, granting the assailants enormous financial benefits. For example, one could note the exploitation of the vulnerability of BlueKeep – when everyone thought that it would be used for the realisation of a ransomware campaign similar to WannaCry, the attempts to exploit BlueKeep were indeed noted in September 2019, but not by means of a noisy ransomware, but discrete and concealed cryptocurrency mining rigs.

Supply-chain attacks are here to stay

A long-lasting penetration of infrastructure, may lead to a large-scale attack, from which we cannot protect ourselves efficiently at the brink of a new decade. We are talking about the supply-chain attacks, i.e. the exploitation of the infrastructure of organisations with crystal opinion, and enjoying the trust of business partners, to distribute malicious software, e.g. the aforementioned ransomware or cryptocurrency mining rigs. The 2017 Petya/NotPetya campaign was an example of the efficiency of supply-chain attacks. Despite employing the strictest possible norms of security, the infrastructure of numerous corporations that operate globally (e.g. Maersk) was paralysed as a result of the attack of a small Ukrainian software producer. However, he would provide tools used for the exchange of documentation between the private sector and the Ukrainian public administration. In result, if someone did business in Ukraine, he would, as a result of an update of the given tool, receive a malicious code injected by the attackers. Years pass, and we still have no guarantee, that every link is entirely safe… and probably, we never will.

It’s an ill wind

Obviously, the catastrophic tone of the aforementioned remarks should not dominate the narrative regarding the cyberthreats in 2020 and subsequent years. We have reasons for optimism. Suffice to examine the latest release of the Microsoft Security Intelligence Report, in order to learn, that in some aspects we are more safe than ever. Based on the data gathered by Windows Defender, the experts at Redmond were able to determine, i.a. a fall in the number of detected malicious software. Just at the beginning of 2017, the number of detected malware was detected on 6-7% of machines with Windows. At the end of 2019, it was just 4,15%. The general number of ransomware and cryptocurrency mining rigs has also fallen.

Another reason for contentment, is the popularisation to multi-factor authentication as a response to the increasing number of gigantic data leaks. Indeed, the number of weakest passwords has not changed much – still, a lot of individuals uses phrases such as „12345”, „qwerty” or „password”. The thing is, in an increasing number of situations, gaining access to the password does not grant access to the account or the vulnerable data. Due to additional biometric authentication, device authentication keys, or tokens sent via SMS, the user accounts are currently much more safe, than at the time, when the decade was just starting.

Author:

Janusz Krzemiński

Vice-President of Eversoft

Work with veryfied partner

Schedule a free 15-min consultaion

X

What Can We Help You With?

    How useful was this post?

    Click on a star to rate it!

    Average rating 0 / 5. Vote count: 0

    No votes so far! Be the first to rate this post.

    Let's talk about your project

      Fields marked with* are required.










      +48 22 882 25 16