According to this year’s World Economic Forum’s Global Risk Report, in the Middle East cybersecurity failure ranks among the top-five risks that have worsened most since the start of the Covid-19 crisis. This is relatively unsurprising given that the widespread dependency on digital systems intensified to facilitate our professional, social and recreational needs during the pandemic.
With many organisations migrating to the cloud in order to meet the demands of hybrid work models, this has led to an expansion of third-party interdependencies and, unfortunately, of attacks too.
In 2021, the SolarWinds and Kaseya attacks heightened concern about the integrity of the software supply chain. Threat actors were quick to comprehend and profit from the domino effect – by compromising one core system, they’re able to traverse across into connected systems and organisations compromising more victims than the original target.
A recent independent study conducted by Forrester Consulting found that almost two-thirds of business and security executives say their organisations suffered business-impacting attacks involving cloud assets specifically.
Threat actors, who traditionally relied on catching users unawares and capitalising on real-world distractions, effectively rewrote the rules on social engineering in 2021. Remote work provides a constant distraction around which attackers can build social engineering attack campaigns, as they take advantage of home networks and the false sense of security felt by those working from the comfort of their living room.
We ended 2021 with the disclosure of Log4SHELL, one of the biggest, most critical vulnerabilities in the history of modern computing given its ubiquity. Because of the way modern applications and services are written, there can be a number of dependencies that could contain this library, and organisations may not even realise it.
It’s not as simple as looking for a particular piece of software and checking the version that’s being run. And threat actors have moved quickly to take advantage of this vulnerability. To date there have been at least 11 publicised attacks that have targeted Log4Shell. In the UK, the NHS warned that unknown hackers were targeting VMware Horizon deployments with Log4Shell exploits.
While unclear if this was connected, ransomware gang NightSky were identified as using Log4Shell to gain access to VMWare Horizon. Meanwhile APT34, another well-known ransomware group, were confirmed as exploiting Log4Shell to distribute a new modular PowerShell toolkit.
Blocking attack paths and strengthening cybersecurity defences
If both the public and private sectors don’t increase the barriers to entry by collectively raising the standards of cybersecurity, malicious activities will far outpace societies’ ability to effectively prevent them.
Security leaders should treat their internal networks as they would physical premises. What this means is that, as their attack surface expands, businesses need to have the same level of strict governance over their digital infrastructure as they would their physical building. This is important not only in the existing programmes in place, but also in developing new applications – security should constantly be on their minds.
Security teams need to adopt solutions that provide appropriate and holistic visibility, security and control across the cloud and converged infrastructure. Identify the critical systems organisations rely on to function, identify any vulnerabilities that affect these systems, then take steps to either patch or remediate the risk. Also, businesses must address excessive permissions in Active Directory that allow attackers to elevate privileges to further infiltrate the infrastructure.
In the digital age, trust is easily lost and hard to gain. The next two years will truly test the mettle of the world’s digital systems as both skilled and unskilled cybercriminals replicate successful methods of attacks from 2021, take advantage of ransomware-as-a-service kits and go after known but unpatched vulnerabilities.
Organisations must do everything they can to demonstrate strong corporate governance around cybersecurity and weave it into the fabric of their digital infrastructure. If organisations are still relying on cyber strategies from two years ago, the increasing numbers of cyberattacks provides an impetus to rethink their approach to managing cyber risk in this new normal.
Bernard Montel, EMEA technical director, Tenable.
Follow us on
