Page 6 - AeM_March_2021
P. 6
RESEARCH, ANALYSIS & TRENDS
Change brings novelty, and novelty brings (SIEM) use-cases that took 12 months to develop had
opportunity for scammers to be scrapped overnight. As working practices contin-
ue to change in unforeseen ways, companies need to
The sudden move to remote working forced internal leverage technology that allows them to continue to
security teams to work at full capacity, racing to roll out operate amidst uncertainty without impeding productivi-
essential remote working tools and changes in authen- ty at this critical time.
tication measures. This provided ample opportunity for
spear phishers to impersonate third parties and clients, For instance, the onset of the pandemic has prompted
drafting up convincing and clickable subject lines ex- an explosion in usage of SaaS applications such as
ploiting the general sense of uncertainty and commo- Microsoft Teams, Zoom, and Webex which heightened
tion that characterized those few weeks. the risks of compromised credentials and insider
threats, especially from malicious administrators with
New risks were exacerbated by the relaxing of security privileged access or assiduous cyber-criminals that
controls in order to facilitate non-standard working lead the user to a fake login page.
practices. Employees taking their work computer home
with them found themselves suddenly stripped of pro- Phishing emails exploiting uncertainty
tection as they traded the office network for home Wi- The cyber-criminals behind email attacks are well-
Fi, with client devices sitting exposed on potentially un- researched and highly responsive to human behaviors
secured networks amongst potentially compromised and emotions, often seeking to evoke a specific reac-
machines.
tion by leveraging topical information and current news.
In addition, widescale remote working increased the It is therefore no surprise that attackers are trying to get
risk of malicious insiders, as data could now be easily users to open emails or click links by using COVID-19
taken from a company device over USB within the pri- news. In fact, a massive surge in spoofing attacks—
vacy of their own home. From a company perspective, accounting for 40% of all attacks over the initial lock-
employee homes are zero-trust environments: confi- down period—has been witnessed by DarkTrace during
dential conversations are conducted within range of the past year. 130,000 newly-registered domains relat-
eavesdroppers and intellectual property is visible on ing to COVID were created—with over half of those
screens and monitors in living rooms around the world. used for malicious purposes.
Traditional tools can be easily bypassed Traditional email security tools resort to ‘sandboxing’,
which creates an isolated environment for testing links
As organizations around the world began adopting new and attachments seen in emails. But most advanced
working patterns at a speed and scale that had never threats now employ evasion techniques like an activa-
been seen before, one word in particular slipped into tion time that waits until a certain date before execut-
the lexicon time and time again. Unprecedented—but ing. When deployed, the sandboxing attempts see a
legacy security tools, by nature, cannot deal with un- harmless file, not recognizing the sleeping attack wait-
precedented. Confined to playbooks and deny lists put ing within.
together solely from previous attacks, these tools be-
came increasingly redundant once the digital landscape Resurgence of Server-Side Attacks
had changed beyond recognition.
Finally, the spinning up of new infrastructure in rapid
Grappling with these new circumstances, employees succession has reinvigorated more ‘traditional’ risks.
and IT teams alike increasingly sought workarounds to With companies rapidly deploying VPN gateways and
get their jobs done and ensure business continuity. Pre expanding their internet-facing perimeter, this rapidly
-existing use-cases and rules that may have been suit- increased attack surface has paved the way for a surge
able in the past did not apply to new cyber challenges, in more ‘traditional’ brute-force and server-side attacks.
as organizations realized the need for a more proactive With poorly-secured public-facing systems rushed out
and dynamic approach to detection and response. in record time, companies prioritized availability—
inevitably sacrificing some security in the process.
Increasing pressure on SOCs Patching vulnerabilities has been as difficult as ever
this year and with IT teams over-stretched and many
All the above changes and risks created a monitoring staff members furloughed or laid off, financially motivat-
nightmare for Security Operation Centers (SOCs) en- ed actors sought to weaponize these weak points in
tering into a period of digital unknown. Data flows and organizations. (Source: DarkTrace) ◊
topology changed overnight. New technology and ser-
vices were deployed in record time. Logging formats By MediaBUZZ
changed. Security information and event management
6 March 2021: Data Privacy & Ethics in Marketing