The on-going effects of the COVID-19 pandemic are significantly impacting the security of businesses and individuals worldwide. While some industries have been severely hit, others are experiencing sudden and exponential growth in demand for their services.
Not surprisingly, this difficult time became a great breeding ground for cybercriminals who are using the pandemic crisis and our dependencies in online services for various gains.
The Latest Threats
What are the latest cyberthreats CIOs need to be aware of in the APAC region?
Ransomware – The #1 risk to remote desktop services. Almost two-thirds of ransomware contains an infection vector based on RDP and one of the most persistent services when it comes to account takeover attacks.
Servers from enterprises are much wanted resources for malicious actors as they can be abused for spam distribution, lateral movement and exfiltration of sensitive information followed by ransom, command and control server for botnets, attack stations for attacking other organizations, cryptocurrency mining and finally deploying ransomware, sometimes after the previous scenarios have been tried and dried, as a last resort to monetize a successful breach.
Encrypted attack protection – More than 90% of web traffic is now HTTPS encrypted. While HTTPS is crucial for data protection, it opens the door for new DDoS attacks. HTTPS requires many more resources from the target server than the client, meaning hackers can unleash devastating attacks with limited requests. Protection against encrypted DDoS floods is a critical requirement.
Massive global capacity – Internet of Things (IoT) botnets are growing larger and more sophisticated and becoming more capable of launching larger attacks. They can be purchased on the dark net for relatively small sums, for example the cost of a cup of coffee. Botnets are a significant threat during the massive COVID-19 public health emergency.
Application layer (L7) DDoS attacks – These pose a unique challenge for DDoS defenses, as they require insight into application behavior, and it is difficult to tell whether a request is legitimate or malicious simply by looking at the network-layer traffic. Moreover, as more and more web traffic is encrypted by SSL and HTTPS, DDoS defenses are frequently unable to look at the contents of the packet itself.
As a result, many types of DDoS defenses are unable to tell the difference between a legitimate spike in customer traffic (for example, during a flash crowd or a holiday peak) and an actual attack. Examples of attacks are: HTTP/S floods, SSL negotiation attack, Low and Slow attacks, HTTP/S bomb attack and large file download.
Account takeover/credential theft– Compromised accounts have been traded for financial gain for years. Email addresses, passwords and credentials are low-hanging fruit, as they are relatively cheaper and go in masses. Payment details are another favorite, with prices dictated by different parameters such as country of issue, credit score and more at the highest end.
The decisions and tools that organizations choose now, and the training they provide to their employees, will have enduring effects on security for years to come. It’s crucial that companies get it right.
Note: A version of this article first appeared in Intelligent CISO.