Over the past day, we've heard about the recent escalations between two particular countries. Nation-states usually will retaliate with one of their favorite weapons, cyber attacks.
We are only on day three of 2020, and the year has already started off tumultuous. Obviously, there have been some concerns in regards to the latest escalation and how it could influence the already dire issue of cybersecurity for businesses.
Hysteria aside, one thing we do know is that if a country does not have the physical ability to do something to retaliate, most rogue states do have the ability to attack other countries via malware, DDoS, and espionage. The whole world is connected, and cyber criminals make a lot of money working with disgruntled nation-states to find any means to cause trouble for business and infrastructure, such as the aging electrical grids, for instance.
For those in IT and Cybersecurity, the recent news does affect you, at least indirectly. Back in June 2019, Homeland Security sent out a memo warning about how nation states could possibly retaliate.
Here are some likely types of attacks that could be used in the near future as a form of advanced persistent threats. So it’s essential to be aware of all kinds of cyberattacks and how and where they could use them.
Ransomware is one of the main ways that rogue states and bad actors can collect funds that can circumvent sanctions. For instance, one nation is still suspected to be the main reason for the WannaCry outbreak in 2017. There were strings of code that resembled other code that originated from that same nation before that, so these indicators act as a sort of fingerprint for digital forensics teams.
WannaCry alone was responsible for taking down much of the NHS in the UK. It isn’t entirely known how much damage or loss of life there was, but there were instances of people in critical care having to be moved due to systems on healthcare networks going down. This is an important reminder that our lives are more reliant on apps and services than ever before.
It is crucial to make sure that you have your own backups in place. Due to the fact that businesses are working more and more in hybrid cloud environments, cloud service providers are going to be an obvious target for some bad actors.
This is another type of attack that is nothing new. Misinformation has already been used to influence elections abroad.
This type of attack is not as directly relevant to businesses, but on a personal level, it is always important to be wary of everything you read or hear. Social media companies like Facebook and Twitter are working hard to fix these issues, but they have a long way to go.
3. Phishing Attacks
Social engineering will always be a goto for hackers working privately or for nations seeking revenge. It feeds on the very instincts that make us human. There has been so much written about this type of attack that if it’s happening on your networks, then you have bigger issues than the other types of cyberattacks and exploits in this article.
Training your employees will always be the go-to answer for this one. Teach them about how fake websites and emails work. Tell them how hackers can pretend to be someone their not. And most importantly, make sure you train them on the importance of strong passwords and not sharing them in their personal lives too, because many times, employees are using the same passwords at home that they do at work.
There are lots of companies out there that will help you create fake phishing attacks on employees to see who is getting the idea. It’s a great way to re-educate those who fail to understand the warning signs of phishing attacks.
4. Denial of Service Attacks
This type of attack is a no brainer for bad actors. It has the ability to take down swathes of the internet. Consider that the Internet is essential for everything nowadays, from making phone calls to running critical applications on healthcare networks. DDoS wreak havoc on communications systems when they occur.
Unfortunately, there isn’t much a company can do if the Internet goes down, but it's essential to make sure that your systems are patched and secured with multi-factor authentication so that your devices are parts of a botnet that could exacerbate a DDoS attack. Don’t forget that poorly protected IoT devices were the cause of the Mirai botnet that took down much of the internet in the 2016 attack on Dyn.
5. Zero Days
There aren’t much IT and Security teams can do about Zero Days. These types of attacks can lay dormant for years before they are used to cause trouble and takedown business networks. The important thing here is to make sure that you are staying up to date with the news cycle and are taking countermeasures when possible when zero-day exploits are exposed. Sometimes it can take a company, such as Microsoft, months to patch zero days. Other times they will ignore vulnerabilities outright if they don’t see them as much of a threat or if the vulnerability is so embedded in the basic functionality of their products and services.
Kernel vulnerabilities are types of security loopholes that come to mind. They are so deeply seeded in the fundamental ways our computers work that fixing them is a monumental task even for the biggest tech companies.
6. Supply Chain Attacks
These types of attacks are even more elusive than others. These are the attacks that go after the very process that IT teams use to patch serious security flaws in business applications and services. If a bad actor can expose security issues in the upgrade processes of popular tools, then security patches can end up becoming routes for malware to propagate.
One attack that comes to mind is NotPetya which targeted companies doing business with Ukraine via an accounting software that Ukraine government used called M.E. Docs. NotPetya was a cyberattack on Ukraine and its affiliates, but these types of attacks have also gone after businesses like British Airways via 3rd party plugins on websites.
Many IT teams will opt to test plugins and updates before pushing them onto the rest of the network in case an update causes more issues than its worth. However, this could also help in the case of supply chain attacks. The problem here is that is the malicious code inside the update processes if the apps we use go unnoticed for too long, then there really isn’t much anyone can do except hope that was the one update you forgot to patch on systems within your network.
It’s a real threat to business and the economy so we all must do the right thing and implement tools and training services that keep our systems and end-users safe from harm. This could be ensuring you have end-to-end encryption in place, network monitoring to detect malicious devices connecting to your networks, and even multi-factor authentication (aka 2FA and MFA) to help with password protection.
Even if you’re a small business that may not seem ripe for being targeted, it doesn’t mean you should keep your guard down. We’ve seen all too often that as these cyber threats become more and more sophisticated, many businesses get caught up in it just by being collateral damage. Enemies, whether they are rogue states, private blackhat groups, or even disgruntled individuals, are harvesting our data wherever and whenever they can and building databases that will be used to increase the damage done in the future.
Stay safe out there and hold on tight, it’s going to be a bumpy ride ahead.