The barbarians at your door. How to identify and defeat the cyberthreats facing your business today
This article was originally published by David Howell.
Many of the cyberthreats your business faces are invisible. Learn how to shine a light on these threats and discover how to take action to protect your business
To create a successful strategy to defend your enterprise’s systems from attack, you need a detailed understanding of the cyber threats currently in the wild and an understanding of the possible future threats your company faces.
To define the current threat landscape, security experts Dmitry Galov and Artem Karasev spoke in detail about how Kaspersky helps explain the threats all businesses now face and how the company is developing applications to help these businesses defend themselves.
Dmitry Galov [DG] Dmitry Galov is a Security Researcher in the Kaspersky Global Research & Analysis Team (GReAT), responsible for researching non-Windows malware, APTs, and IoT-threats. He joined Kaspersky in September 2015 and became part of GReAT in August 2018 .Dmitry has always been interested in programming and reverse-engineering and started participating in different international competitions while still at high school. Nowadays, Dmitry is an experienced specialist with an in-depth knowledge of Android malware. Some of his research, including non-Windows malware and future connected healthcare, has been published on Securelist.com
Artem Karasev [AK] Artem is the Senior Product Marketing Manager responsible for Kaspersky’s extensive Cybersecurity Services portfolio – everything from threat intelligence and threat hunting to incident response and training. With almost a decade’s product marketing and business development experience, working with IT security industry market leaders, Artem is a natural communicator with a passion for applying innovative approaches to today’s and tomorrow’s business security challenges. Has COVID-19 altered the kind of cybersecurity threats all enterprises now face?
[DG] If we focus on the past year as COVID-19 took hold, we have seen two main changes to the threat landscape businesses now face: The first component is the different threat actors we have identified and how they are now attacking business systems. For example, we saw an increase in the cyberattacks on the businesses and institutions involved with developing COVID-19 vaccines and associated enterprises across the medical sector.
Secondly, we saw the agendas and approaches cybercriminals took in their attack campaigns expanding to larger corporations.. Phishing attacks have increased with a clear focus on health and related subjects. And, of course, attacks have grown as a consequence of more remote working. The threat perimeter of many businesses moved to the homes of employees where the digital devices they use can be more vulnerable to attack. This is why Kaspersky always recommends every business conducts a basic security awareness training to help them defend their systems from attack.
[AK] I agree that the attack methods have not radically changed because of COVID-19. Still, the attack vectors now in use to gain access reflects how the threat landscape businesses must pay attention to has shifted. From a security application perspective, the threat vectors that need to be mitigated may have shifted, but how a company combats messaging attacks, for instance, has not changed. Organizations just need to place their security applications within the new attack scenarios cybercriminals use – mainly when they target remote workers. To keep up do date with new tactics, technics and procedures cybercriminals us, ensure you have access to the latest threat intelligence.
[DG] A big issue for many companies is the use of shadow IT – when employees use digital devices and hosted services for work that are not approved by their businesses. This consumerization of IT is a worry to all companies as they have little sight of these devices and services and what level of security – if any – is being used to secure them.
Many remote employees embraced external messaging apps, video services, and a host of collaboration tools – none of which were approved by their businesses. For instance, according to Kaspersky research, 42% of workers say they are using personal email accounts for work and nearly half (49%) have admitted to increasing how often they do this. Additionally, 38% use personal messengers for professional reasons, and 60% say they now do this more often since working from home. File sharing services that have not been approved by IT departments are also being used a lot, with 53% of respondents saying they use these more often for work-related purposes.
The increase in the number of threats and the scale we now see is directly related to this activity. Criminals could see the massive increase in the use of these tools and exploited their security vulnerabilities to gain access to corporate IT systems.
To control and manage shadow IT, organizations need visibility over cloud services that employees’ access from corporate devices. For example, in Kaspersky Endpoint Security Cloud, there is dedicated cloud discovery tool that shows which services are used more frequently, so IT administrators understand which of them can be risky and how to minimize this risk.
Is one of the main concerns business have today regarding their cybersecurity how threat actors will often infiltrate a system just to obtain useful information for a later attack. Are these stealth attacks on the rise?
[DG] Yes, this is a real risk to companies as cybercriminals can remain hidden. This level of system compromise is a clear and present danger for all businesses. We are seeing combined ransomware attacks, where a cybercriminal will gain access to a system yet make no direct changes immediately, choosing to syphon valuable data first and adding the threat of exposure to their list of reasons. Gaining access to the credentials of a legitimate employee is often the method of attack. For example, we see email being used as a first line of attack. Also, threat actors will wait to see the login details of admins, for instance, to gain extra privileges and move stealthier across the business’s systems. This allows the attackers to access important elements of the infrastructure, which is pivotal to multiple attack scenarios. This includes using this strategic advantage for future attacks. Not revealing themselves allows the cybercriminal time to learn a system. The concern is that employees continue to use the applications and access the data as they usually do, without extra security precautions. It is critical that security training teaches all employees – including admins! – about how to use these applications and services safely, reducing chances of attackers ‘piggybacking’ them and gaining access to the corporate inner sanctum. Instances where criminals have gained access to a business’s systems, could also induce data encryption process and serve as proxies for data offloading from the infrastructure depths,, which presents a significant enterprise issue.
In an ideal world, businesses would install the same security application to protect their systems from attack. Of course, the reality is that every enterprise’s systems are different. Is security today about identifying a company’s specific needs and designing a bespoke security policy that considers the individual components of the business’s systems? [AK] That’s right. Businesses need to identify their ‘crown jewels’ and ensure they have robust security protocols in place to protect these systems or data. You can then develop protection mechanisms that protect what is important to your business. After that, more general security can be considered.
Businesses always strive to use new technologies to give them a commercial edge in their marketplaces. AI, IoT, and 5G are good examples. Are these new technologies presenting new types of security threats enterprises must combat? [DG] The issue we have found with IoT, for instance, is the speed at which these technologies are developing, with little attention paid to what I would recognize as good security measures. The sheer number of developers in this space has led to a lack of standards, which leads to low levels of built-in security. With billions of devices now available and that number set to increase, some developers are looking at security, but not enough. As IoT proliferates and creates an ecosystem of connected devices, security is essential to protect these networks from attack. All it takes is one insecure IoT device to allow cybercriminals to access what could be susceptible systems. This is one of the critical foundations behind the development of Kaspersky OS, which we hope will offer developers in spaces like IoT a security layer they can implement within their devices.