Securing Your Network in the Age of Cyberattacks

Brought to you by: Patrick Sullivan

Date: 07/20/2021

On a sleepy Friday afternoon leading up to America's 2021 Independence Day weekend, hackers exploited a zero-day vulnerability in the remote management infrastructure of a Florida-based software maker and pushed a malicious update infecting more than 1,500 of their customers around the world, according to news sources. Pulling off one of the world's worst ransom attacks, the criminal group then demanded an unprecedented $70 million to provide a universal decryptor.

While the cascading effect and ultimate outcome of this cyberattack remains unknown as of this writing, it’s clear that hackers and hacking syndicates are getting increasingly sophisticated in their craft, and widening their net to include organizations of all sizes.

According to the Verizon 2021 Data Breach Investigations Report (DBIR), 85% of data breaches during 2020—including the incident this past July—involved a human element. With many companies undergoing digital transformation and supporting employees’ post-pandemic requests to work remotely on a more permanent basis, increased security protocols and processes are needed to protect sensitive information and keep vital technologies safe from outside attack.

 

The Digital World Stage

All the world's a stage, but rather than play many parts, threat actors typically repeat the same performance to get what they want from their audience. Pursuing financially motivated ransomware attacks continues to be successful, and hackers continue to increase the volume of attacks, seeking out unprepared and vulnerable companies around the globe.

Verizon’s latest DBIR shows these attacks are being carried out through credential theft, social attacks (phishing + business email compromise) and errors (misdelivery + misconfiguration) in the majority of breaches.

Unfortunately, there is a splurge of freely available open-source malware on the Internet that can turn any vulnerable computer systems into a remotely controlled "bot" that can be used as part of a "botnet" in large-scale network attacks. Malware such as Mirai for example, primarily targets online consumer devices such as smart fridges, remote cameras and home routers - any device that uses an operating system and is connected to the Internet.

Once a computer system is infected with a virus like Mirai (effectively becoming a "bot") it will continue to function normally, except for occasional sluggishness and an increased use of bandwidth. The bot will then monitor instructions coming from a command and control server, which when the time is right, announces the target of a Distributed Denial of Service (DDoS) attack. Once the bot is activated, the device will start making fake page requests from the unsuspecting target website. Scale these fake requests up by millions of devices all simultaneously making them and you soon have a tsunami that quickly overwhelms the available web server resources causing the target website to crash. All DDoS attacks have the same objective - to flood the targeted computer or resources with superfluous requests in an attempt to overload the system. Not only are public facing websites vulnerable, but critical applications and business processes dependent on communication networks are also susceptible to this type of disruption.

However, network architecture has evolved, and many companies now have in-line hardware based DDoS detection and mitigation countermeasures. The challenge, like in any arms race, is that the threat actors simply adapt their techniques to overcome them and have steadily increased the size of their botnets (easily accomplished given the proliferation of IoT devices) which can now overwhelm these hardware countermeasures by simply exhausting their available resources. Couple this with a number of successful high-profile ransomware attacks, and it would seem that cybercriminals have seen the potential upside of including an extortion element into their DDoS attacks and are now demanding a ransom payment to stop them. Complicating this situation further is that cheap "DDoS as a Service" tools are now readily available on the dark web, lowering the barrier for entry to anyone who wants to operate in this unscrupulous market. DDoS attacks are notoriously difficult to predict which means that company security leaders need to think about a whole new way of fighting back.

As we saw in May 2021 with the Colonial Pipeline ransomware attack, hackers now have the means to take anonymous, largely untraceable payments using cryptocurrencies, presenting few hurdles and easy monetization.

 

Securing Your Network for the Future

In today's defend-or-be-attacked cyber climate, company leaders are well advised to embrace an internal culture that promotes information security as an enabler of overall success, and a means of both achieving and protecting desired business outcomes. The future likely will only bring about more frequent and advanced attacks, requiring even more sophisticated cyber protection.

Government regulation across the globe, though improving, struggles to keep up, leaving company to manage vulnerabilities largely on their own. Embracing SaaS (Software as a Service) and PaaS (Platform as a Service) services is a low-cost option for any-sized business to nimbly address the volume and sophistication of incoming DDoS attacks.

Verizon Partner Solutions’ portfolio of Security and Security Professional services—including DDoS Shield and Network Detection Response (NDR)—provides support for organizations in the areas of threat detection and prevention, attack mitigation, security assessment and consultation. For more information, contact your VPS sales representative. 

 

 

Brought to you by: Patrick Sullivan

Date: 07/20/2021

On a sleepy Friday afternoon leading up to America's 2021 Independence Day weekend, hackers exploited a zero-day vulnerability in the remote management infrastructure of a Florida-based software maker and pushed a malicious update infecting more than 1,500 of their customers around the world, according to news sources. Pulling off one of the world's worst ransom attacks, the criminal group then demanded an unprecedented $70 million to provide a universal decryptor.

While the cascading effect and ultimate outcome of this cyberattack remains unknown as of this writing, it’s clear that hackers and hacking syndicates are getting increasingly sophisticated in their craft, and widening their net to include organizations of all sizes.

According to the Verizon 2021 Data Breach Investigations Report (DBIR), 85% of data breaches during 2020—including the incident this past July—involved a human element. With many companies undergoing digital transformation and supporting employees’ post-pandemic requests to work remotely on a more permanent basis, increased security protocols and processes are needed to protect sensitive information and keep vital technologies safe from outside attack.

 

The Digital World Stage

All the world's a stage, but rather than play many parts, threat actors typically repeat the same performance to get what they want from their audience. Pursuing financially motivated ransomware attacks continues to be successful, and hackers continue to increase the volume of attacks, seeking out unprepared and vulnerable companies around the globe.

Verizon’s latest DBIR shows these attacks are being carried out through credential theft, social attacks (phishing + business email compromise) and errors (misdelivery + misconfiguration) in the majority of breaches.

Unfortunately, there is a splurge of freely available open-source malware on the Internet that can turn any vulnerable computer systems into a remotely controlled "bot" that can be used as part of a "botnet" in large-scale network attacks. Malware such as Mirai for example, primarily targets online consumer devices such as smart fridges, remote cameras and home routers - any device that uses an operating system and is connected to the Internet.

Once a computer system is infected with a virus like Mirai (effectively becoming a "bot") it will continue to function normally, except for occasional sluggishness and an increased use of bandwidth. The bot will then monitor instructions coming from a command and control server, which when the time is right, announces the target of a Distributed Denial of Service (DDoS) attack. Once the bot is activated, the device will start making fake page requests from the unsuspecting target website. Scale these fake requests up by millions of devices all simultaneously making them and you soon have a tsunami that quickly overwhelms the available web server resources causing the target website to crash. All DDoS attacks have the same objective - to flood the targeted computer or resources with superfluous requests in an attempt to overload the system. Not only are public facing websites vulnerable, but critical applications and business processes dependent on communication networks are also susceptible to this type of disruption.

However, network architecture has evolved, and many companies now have in-line hardware based DDoS detection and mitigation countermeasures. The challenge, like in any arms race, is that the threat actors simply adapt their techniques to overcome them and have steadily increased the size of their botnets (easily accomplished given the proliferation of IoT devices) which can now overwhelm these hardware countermeasures by simply exhausting their available resources. Couple this with a number of successful high-profile ransomware attacks, and it would seem that cybercriminals have seen the potential upside of including an extortion element into their DDoS attacks and are now demanding a ransom payment to stop them. Complicating this situation further is that cheap "DDoS as a Service" tools are now readily available on the dark web, lowering the barrier for entry to anyone who wants to operate in this unscrupulous market. DDoS attacks are notoriously difficult to predict which means that company security leaders need to think about a whole new way of fighting back.

As we saw in May 2021 with the Colonial Pipeline ransomware attack, hackers now have the means to take anonymous, largely untraceable payments using cryptocurrencies, presenting few hurdles and easy monetization.

 

Securing Your Network for the Future

In today's defend-or-be-attacked cyber climate, company leaders are well advised to embrace an internal culture that promotes information security as an enabler of overall success, and a means of both achieving and protecting desired business outcomes. The future likely will only bring about more frequent and advanced attacks, requiring even more sophisticated cyber protection.

Government regulation across the globe, though improving, struggles to keep up, leaving company to manage vulnerabilities largely on their own. Embracing SaaS (Software as a Service) and PaaS (Platform as a Service) services is a low-cost option for any-sized business to nimbly address the volume and sophistication of incoming DDoS attacks.

Verizon Partner Solutions’ portfolio of Security and Security Professional services—including DDoS Shield and Network Detection Response (NDR)—provides support for organizations in the areas of threat detection and prevention, attack mitigation, security assessment and consultation. For more information, contact your VPS sales representative.