Emerging Cyber Threats & Supply Chain Attacks in 2021
Expert Profile
Rohit Gautam is Founder at Hacktify Cyber Security and an avid security researcher with a special interest in network exploitation and web application security analysis. He has worked as a cybersecurity consultant and dealt with various confidential organizations and projects. He has delivered many conferences and trained individuals across India. He has helped and secured various multinational organizations like Apple, Google, Acorns and many more by responsibly reporting vulnerabilities. He is an online security instructor in 150+ countries and has 50,000+ students across the globe. His top skills include Cyber Security analysis, Malware Analysis, and Threat & Vulnerability Management. Being a Cyber Security Trainer he has taught and made aware various students and professionals about Cyber Security, new attacks, and how to be safe on the internet. He is right now a cyber security instructor and teaches regarding what happens in web applications pen testing, mobile application pen testing, cloud security, and so on. At Hacktify Cyber Security, he is always focusing on Mitigating Information Security Risks and Providing a Safer Internet. He has been honored with numerous awards such as National Level Networking Geek Championship. Hall of Fame - Acorns Grow, Hall of Fame - Dark Matter, and 10 times with Apple Hall of Fame award and many more.
Foreground
Due to the global pandemic, all the businesses were shut down. So a survey was done on the number of jobs that were released on LinkedIn. It was noticed 261,545 in a total number of jobs vacancy for different cyber security roles. In IT & services-103,001, Financial services-67,473, Computer software-66,341, Defence & space-49,708, Hospital & health care-4948
All people have web, web applications, all are so connected to the internet in a way to book flight tickets, medical assistance, everything is available on fingertips. Therefore cyber security is the primary aspect to remember with this technological advancement. Everyone has to take security as prime focus and understand what possibly goes wrong, So, This session was really helpful and detailed numerous aspects of Cybercrimes and Supply Chain Attacks in 2021. Let's have a glimpse of the session from this short article
Impact of Remote Work - New Threats and Solution
Due to every business shift to work from home culture, all are moving forward with this new culture, but there are new threats such as,
- Exposed Attack Surface- When organizations open up their platforms to log in remotely, those platforms were never exposed to the public internet, and they are just publicly exposed to employees to login which creates an attack surface for a lot of success.
- Lapse in Security Policies- As with working in any organization, we (employees) are enforced certain policies that have to be followed. But in work-from-home culture, there are no such policies enforced due to which security concerns arise.
- Insecure Logins- People just login in to their VPNs or maybe the organization's network infrastructure through different computers, and it happened that those computers may not be running up a secured channel or maybe there are already some harmful malware, wireless worms, trojans that are already running into their systems, that may extract the information from where the information has been established to the organization.
- Using Personal Emails for Business Purposes- Maybe the company email is set up to combat email viruses, but the employees' personal email accounts may not have that level of protection. One employee opening up an email virus on a company computer can leave the company's entire business vulnerable.
Takeaway- Always identify the area of weakness that left the company vulnerable to threats that basically the attach surface.
Ransomware Attacks - New Threats as Challenges
Ransomware attacks have been used by attackers in several ways to compromise a lot of confidential systems of government and private organizations.
- Sophisticated Techniques- that include identifying new exploits or zero-days in software solutions may be like MS word. Zero-day exploit that recently was dropped basically utilizes the MS HTML exploitation of MS word document through which an attacker can get remote code execution on the system and encrypt all the files in the system.
- Users Click on Unwanted Links- always keep in mind whenever logging in from a computer we should not click any links, any websites that we didn’t recognize, do not try to open them, and never download anything from torrent.
- Encrypt all the Files & Data- When ransomware comes into the computer, it basically encrypts all the files and data & then it going to ask or extort or money i.e., basically always paid in cryptocurrency like bitcoins.
Takeaway- Do not download any 3rd party software.
Increase Attacks on Cloud Services
Because of covid-19, lots of organization has moved towards cloud services provider AWS, DIGITAL OCEAN, AZURE. There are a lot of configuration, access control, IAM issues that all would keep in mind. If we do not configure our cloud service settings properly then attackers could potentially download our data from these cloud service providers. There are a lot of configuration issues like S3 bucket issues where anyone could download all your source code from your cloud
- Downtime or Misconfigured Cloud Settings- According to a survey, it was identified that misconfigured cloud settings cost in a total of $4.41 million in the loss for organizations in 2020.
Takeaway- before migration to the cloud, make sure the organization is aware of the security measures it should have in place to avoid data breaches.
COVID-19 Phishing Schemes
One of the most common & prevalent attacks in recent times is when lots of people are getting phishing emails that are related to COVID-19, maps or vaccine information about COVID-19, fake or fraudulent documents that have been supplied. And by installing these fake COVID-19 maps applications, we allow attackers to exfiltrate all data from our computer. So always keep in mind, that do never click on unwanted links getting through emails, do not indulge through any such activities i.e. downloading any potential untrusted harmful software in a computer & giving it admin rights.
Always Keep 3A's in Mind to Avoid Phishing
- Analyze
- Avoid
- Alert
Insider Threats on Rising
- Disgruntled Employees/Angry Employees- They want to take revenge from the organization, so they take out information from their organization and maybe sell it to their competitors or sell it onto the dark web or deep web, by this the integrity, confidentiality, availability of the organization’s data gets tampered. For this to not happen they should always keep excess control for all their employees.
- More than Required access to an Organization's Infrastructure- It could also potentially leave the organization to one of the victims of insider threats. Organizations try to safeguard themselves by doing quality pen tests and fixing all the issues from the outside attack vectors but they forget to keep their internal infrastructure safe by implementing proper access control, group policies
- Poor Logging & Monitoring- If an organization would correctly log all the activities that have been done on the systems in an organization by their employees they could potentially try to identify certain patterns in the logs of these users that they are doing certain activities that are not correct or maybe these activities are not required
Takeaway- Different levels of access controls for employees and companies should have the proper tools and systems in place to detect malicious activities that have been done by the users.
How to Combat Emerging Threats
This is for the organizations, how one organization can identify all the risks i.e. discussed above.
- Adopt Zero Trust Model- This model says that we did not trust anything that is into an organization it could potentially be employees while sharing the data between two parties or it could be the systems that have been put in place. The zero trust model basically helps us out in identifying the early stages of breaches and it also helps us to mitigate or at least minimize the impact of these types of risk.
- Create an Incident Response Team- they identify what are the systems that are running into an organization with continuous monitoring and logging of all the activities that are being done. This would be useful to us to avoid any data breaches or attacks on our organization in the future.
- Fix Complex Security Environments – Every organization doesn’t have a security team or a sock team in case they have it, it is very complex. They are multiple layers of processors that have been involved in it which restricts security researchers or cyber security analysts or consultants in identifying potential issues for that specific environment.
- Implementing a Holistic Approach for Cyber Resilience- To protect themselves from cyber-attacks, the organizations implement antivirus software or other SIEM solutions. By just implementing this software, not going to help them. There should be a holistic approach to this. This means that attackers are getting way too smarter to bypass this EDR software or SIEM software. For this, we need to check up on these by doing proper security assessments, periodic audits of our infrastructure and doing social engineering simulations in organizations. We should always keep in mind no matter how much we try to implement cyber security from our sides i.e. in terms of software solutions, teaching security awareness to employees, we should always have to put a holistic approach and proactively put out solutions to this.
Supply Chain Attacks
SCA are more prevalent in 2021. These are new threats that are coming as challenges to the industry.
Here the attackers try to attack the weakest link within the organization’s network/product/codebase so the attackers or hackers can hit multiple targets at once.
Example: NotPetya – Backdoor was implanted into an accounting software called as M.E.Doc which was widely used by Ukrainian firms for tax reporting and this software is released and supplied to all other organizations, they installed it and now they become vulnerable to this because it was a vulnerable code base so there was in total loss of $10 billion.
Tips for Digital Hygiene & Safety for Individuals
- Login securely on HTTPS websites
- Check app provisions
- Block ads, use safe brewers like brave
- Share less personally identifiable information (PII) on social media
- Beware of personal assistants
- Avoid public Wi-Fi
- Stay alert, and doubt everything at first place.
Conclusion
Apart from businesses and organizations, at an individual level, a cybersecurity attack can result in everything from identity theft, extortion attempts, to the loss of basic important data like family photos. Cybersecurity is extremely essential because it encompasses everything that includes protecting our sensitive data, Personally Identifiable Information (PII), Protected Health Information (PHI), personal information, intellectual property data, and many more from theft and damages attempted digitally by criminals.
Personal Note
It is more than just a lecture, kind of detailed information regarding cyber security, cyber threats, supply chain attacks, and methods to mitigate them, all mentioned by Mr. Rohit Gautam. He stated cybersecurity risk is increasing, driven by global connectivity and the usage of cloud services to store sensitive data and personal information. Poor configuration of cloud services paired with increasingly sophisticated cyber-criminals means the risk that your organization suffers from a successful cyber-attack or data breach is on the rise. A successful cybersecurity approach contains numerous layers of protection that are spread across computers, networks, and programs. In an organization, hence, it is essential to ensure that the people, the processes, and technology in it must all complement one another in order to create an effective defense from cyber-attacks. This session was amazing and informative which is really of great importance for all.
Note- For more details of this talk, you can visit the YouTube Channel forenisc365.