New Frontier – IoT, email, cloud threats
The past year has highlighted that business leaders should assume that cyber breaches will hit them.
Please attribute to Sherif EI-Nabawi, Senior Director, Systems Engineering, Asia Pacific
Within months of each other, large-scale cyber breaches including WannaCry and Petya ransomware attacks shook up businesses around the world and reinforced the need to secure critical assets and prevent data loss. Looking beyond traditional desktops and servers, businesses need to start protecting other platforms that are ripe targets for cyber criminals.
The widespread use of mobile devices, and the mainstream adoption of cloud and Internet of Things (IoT) technologies has opened whole new platforms for attacks. Symantec’s Internet Security Threat Report (ISTR) Volume 22, revealed that many emerging threats against these increasingly popular platforms were observed in 2016 and are likely to continue this year.
The Insecurity of Things
When it comes to IoT devices, many would think of smart watches and smart home assistants including Google Home or Amazon Echo. However, the most commonly targeted device could be something as simple as routers or internet-connected cameras.
An experiment conducted by Symantec called IoT honeypot found a two-fold increase in attempted attacks against IoT devices over the course of 2016 and at times of peak activity, the average device was attacked once every two minutes.
Unlike a desktop computer or laptop, which will typically have security software installed and receive automatic security updates, an IoT device’s only protection may be an easily guessed default user name and password. Default passwords are still the biggest security weakness for IoT devices, and the most common password tested by attackers is “admin”.
According to Gartner, 8.4 billion connected “things” will be in use in 2017, up 31 per cent from 2016, reaching 20.4 billion by 2020. While manufactures should take the lead in the security of the products that are released in the market, it is equally important that businesses are aware of the risks and vulnerabilities these devices are exposed to.
The most noteworthy trend observed through 2016 was the uptick in email malware rates. The rate jumped from 1 in 220 emails in 2015 to 1 in 131 emails in 2016. These malicious emails hit businesses of all sizes, commonly disguised as an invoice or receipt with an attachment.
Although a vital communication tool, email is also one of the prime sources of disruption for end users and organizations. This disruption can range from unwanted emails in the form of spam to more dangerous threats, such as the propagation of ransomware or targeted spear-phishing campaigns.
While just over half of all emails (53 percent) are spam, a growing proportion of that spam contains malware. This increase in email-borne malware is driven largely by a professionalization of malware spamming operations. Malware authors can outsource their spam campaigns to specialized groups who conduct major spam campaigns. The sheer scale of email malware operations indicates that attackers are making considerable profits from these kinds of attacks and email is likely to continue to be one of the main avenues of attack in 2017.
Cracks in the Cloud
Cloud apps, such as Office 365, Google and Dropbox, are becoming increasingly commonly used to facilitate the sharing of sensitive information between corporate IT systems, mobile applications and cloud services.
At the end of 2016, the average enterprise organization was using 928 cloud apps, up from 841 earlier in the year. However, most CIOs think their organizations only use around 30 or 40 cloud apps. The widespread adoption of cloud applications in corporations, coupled with risky user behavior that the corporation may not even be aware of, is widening the scope for cloud-based attacks.
This is a major red flag that business leaders should start taking notice of now – especially given that data stored in the cloud could be shared internally, externally, and even with the public. Often, the lack of policies and procedures around how users in an organization use cloud services increases the risk of cloud app use.
While cloud attacks are still in their infancy, 2016 saw the first widespread outage of cloud services because of a denial of service (DoS) campaign, serving as a warning for how susceptible cloud services are to malicious attack. Popular file-sharing apps cannot fully mitigate cyber security risks to this data from employee misuse or account compromise by hackers.
IoT, email and cloud may be new attack frontiers but these platforms combined prove to be lethal, putting business and customer data at greater risks. Many IoT devices gather personal data and rely on cloud services to store that data in online databases. If those databases are not adequately secured then customer privacy and security are at risk. Businesses cannot and should not underestimate the level of risk or it will leave them open to attack from newly emergent threats.
As attackers evolve, there are many steps businesses and consumers can take to protect themselves. As a starting point, Symantec recommends the following best practices:
- Don’t get caught flat-footed: Use advanced threat intelligence solutions to help you find indicators of compromise and respond faster to incidents.
- Prepare for the worst: Incident management ensures your security framework is optimized, measureable and repeatable, and that lessons learned improve your security posture. Consider adding a retainer with a third-party expert to help manage crises.
- Implement a multi-layered defense: Implement a multi-layered defense strategy that addresses attack vectors at the gateway, mail server and endpoint. This also should include two-factor authentication, intrusion detection or protection systems (IPS), website vulnerability malware protection, and web security gateway solutions throughout the network.
- Provide ongoing training about malicious email: Educate employees on the dangers posed by spear-phishing emails and other malicious email attacks, including where to internally report such attempts.
- Monitor your resources – Make sure to monitor your resources and networks for abnormal and suspicious behavior, and correlate it with threat intelligence from experts.