Are enterprises ready to tackle the rapidly changing hacker TTPs?

15
Are enterprises ready to tackle the rapidly changing hacker TTPs

IT leaders say that cybercriminals have rapidly modified their attack strategies to circumvent the organizations’ updated security measures.

Enterprises were attacked with a slew of security incidents at the initial stages of the global pandemic. Hackers used the conventional attack methods to benefit from the pandemic and focused on creating the biggest attack surface, which was further expanded by the sudden shift to remote work environments by most organizations. Security teams need to understand the trend for the proper detection of threats and mitigating attacks.

The double-edged sword the SOC and NOC teams face to successfully transfer the employees from functioning inside a conventional perimeter to now working remotely is the biggest security risk. The security teams have to accomplish this task while they are connecting from home as well.

Control and visibility of the system are highly reduced; it exposes organizations to liabilities that didn’t exist previously. Unfortunately, the dangerously unprotected and unpatched home networks are now associated with the extended enterprise network.

Read More: Data-Centric Security Is the Kingpin of Enterprise Cyber Security Budget

Threat actors are aware of the situation and have manipulated their TTPs to match the security measures. CIOs say that IPS signatures have identified a significant increase in the number of attacks focused on home routers and IoT systems. On a further discouraging note, 2020 has seen the release of the highest number of CVEs.

Organizations have reported that hackers even tried to target their network by manipulating issues detected in 2018. Many CIOs said that threat actors have even attempted to manipulate CVEs from as far back as 15 years ago.

The sudden focus on older vulnerabilities indicates the shift in threat actors techniques to target vulnerable and less secured systems based in-home networks. These include DVR systems and unpatched routers. The main goal is to confirm the presence of hackers residing on the domestic network’s coattail and harvesting data from it via the connection to corporate networks.

Security leaders acknowledge that this tactic has worked for hackers. Some older threats like 2016’s Mirai and 2014’s Gh0st are leading in botnet activity worldwide for the past six months. All these observations are directly related to the sudden switch in techniques used for attack campaigns. The pandemic themes have dominated email- and web-based phishing attacks. Browsers have overtaken email as the primary source of attack vector; this element has been widely used as the primary vector for delivering older malware payloads.

Read More: How Neglecting These Cybersecurity Factors can Hurt an Enterprise’s Budget

This practice has gained popularity mainly due to remote employees regularly browsing the internet without using the corporate firewall protection. The email method is still tricky as the vector always gets delivered via corporate secured email gateways. Most of these attacks target naïve remote employees with fake promises of being representatives or authorities from prominent organizations from the WHO or CDC.

CIOs’ role in mitigating such attacks

CIOs are required to understand the threat activities and develop adequate security training for the security personnel. Developing training material requires proper detection and tracking of new IOCs, proper updation to sheet, and monitoring of attack vectors.

Read More: Top Trends Dominating the Identity and Access Management Industry

Security leaders can help the security teams and their enterprises by ensuring secure and upgraded endpoints, inspecting all VPN traffic, increasing the OT defense system, upgrading secure email gateways, and doing a comprehensive review of the security measures.

They must be updated with the latest security trends to create efficient ways to protect the corporate network. Critical threat intelligence will help create threat reports and contribute to intelligence feeds, cross-referencing all devices connected to the network.