When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom.
Now, in 2021, the threat landscape has changed. Malware sites still exist, although they’re not the threat they once were, and ransomware is one of the biggest threats faced by organizations. Still, some attack vectors are evergreen — phishing and credential theft have never gone out of style.
So, what does your organization’s attack surface look like in 2021?
Common cyber attack vectors in 2021
1. Phishing
Phishing is a social engineering attack, which means that a bad actor is playing on your sympathies, or trying to convince you that they’re someone else in order to obtain sensitive data, like your Personally Identifiable Information (PII), financial information, or credentials.
If you’ve ever been emailed by a prince in Nigeria who needs to get rid of some money, you’ve experienced a phishing attack. Most such attacks – especially those that target businesses – are much more sophisticated and are less easy to spot. Some campaigns target an individual using publicly available information, such as information posted to social media, and look legitimate. Phishing can be conducted via email, text, or messaging. You can avoid getting conned by training your staff to spot the telltale signs of a scam, such as the need to input certain information right now. You should also encourage them to check with the purported sender of a potential message through another means of communication before responding.
2. Malware
Malware is any malicious software that is intentionally designed to harm your devices, network, or system. Malware comes in several flavors: from the traditional computer viruses and self-replicating worms to ransomware, which we will get to in the next section. It is often delivered to a computer or network through a phishing email that was clicked on but sometimes is downloaded from a malicious website by mistake. You can avoid malware by monitoring user traffic online, user email behavior, and by using antivirus solutions.
3. Ransomware
Ransomware has been responsible for some of the biggest data breaches in recent history. The Colonial Pipeline attack earlier this spring is the most recent example. Ransomware is a sort of malware that locks a user out of their systems and data. To obtain the encryption key, they must pay a ransom. If they don’t, consequences are threatened. This can range from posting proprietary information on a public website to simply not getting their data back. That doesn’t mean that the criminals always keep their word when the ransom is paid – they are criminals after all. Avoid ransomware attacks by not clicking on suspicious links, scanning emails for malware, and by keeping a backup of all data. If you are targeted but have your data and systems backed up, you will be able to keep doing business, despite the attack.
4. Denial of Service (DDoS) Attacks
First, the bad news: Denial of Service attacks are one of the most common attack vectors; according to Dark Reading, DDoS attacks in the first quarter of 2021 are up by 31% compared to the same period in 2020. Now the good news: DDoS attacks are easy to prevent. DDoS attacks are designed to overwhelm a system by bombarding it with requests. However, you can mitigate a DDoS attack by monitoring network traffic and filtering incoming traffic.
5. Compromised Credentials
We’ve all heard horror stories about users with 1234 as their passwords, or users who reuse passwords across sites. The numbers back these scary stories up a Google Harris poll found that 65% of users reuse their favorite credentials across multiple — or every — site they use. If those users work for you, that’s not good news for you. It means you’re one credential leak or phishing attempt away from a data breach. What’s the risk of an exposed credential? Well, that depends on the credential: privileged access credentials, which give administrative access to devices and systems, are a much higher risk than your basic user access credentials. Also, the credentials that allow servers, devices, and security tools to integrate with each other would be devastating in the hands of an attacker. To avoid compromised credentials, consider two-factor authentication or do away with passwords by using passwordless authentication for your users.
6. Malicious Insiders
When you think of a bad actor, who do you think of? Do you think of the bad guys outside of your organization, or do you think of someone who might work for your organization? While yes, there are criminals outside your company, it’s potentially far more damaging to your enterprise when the call is coming from inside the house.
Malicious insiders are employees who expose private company information through privileged misuse – using their access to hurt your company or make money by exploiting your data or networks. To avoid this, know who is behaving suspiciously; monitor data and network access for odd behavior and make a point of knowing which employees are disgruntled.
7. Misconfiguration
Not all insider threats are malicious. Some are simply mistakes. Take misconfiguration, for example. When there’s a configuration error, that can leave an organization open to threats and risks. If an Amazon Web Services bucket is misconfigured, that can leave valuable data open to the public internet, and your organization will never know who has seen that data. To avoid this, put processes in place to make sure every part of your network is configured correctly and consistently monitor your networks for inconsistencies.
8. A Lack of Encryption
If you’re sending unencrypted data, you could be inviting a problem. Data encryption translates your data into another form that only people with access to a secret key or password can read. The purpose: protecting your data during storage or transmission between networks. When there’s no encryption or weak encryption, a bad actor who has hacked into a system will simply be able to read your sensitive data. The solution is simple: strong encryption, especially for sensitive data.
9. Web Application Attacks
Web application attacks are any attack on your enterprise’s internet presence. They often target e-commerce but can also target any other web application. These attacks include SQL injection and cross-site scripting. These sorts of attacks are focused on a particular goal, such as repurposing the web app for malware distribution, for example. You can prevent some of these attacks by using web application firewalls, utilizing secure development, and monitoring for vulnerabilities.
10. Your Remote Workforce
In the last year, much of the workforce has remained at home, working remotely. This has understandably caused security issues. Home wireless networks aren’t as secure as they are in the workplace. Also, your average home network doesn’t have firewalls, and some workers may be using their personal devices to access your network. Criminals are understandably focusing on these insecure endpoints as a way into your enterprise. While many workers are returning to the office, you can protect your remote workers by consistently monitoring your endpoint security and responding to incidents quickly.
How can SecurityScorecard help?
SecurityScorecard’s risk ratings can help you monitor your own organization’s safety. Our ratings easy-to-understand security ratings continuously monitor your organization’s information security across 10 groups of risk factors, including endpoint security and application security. Our tools also allow you to monitor the cyberhealth of your vendors, so that you’ll be able to quickly investigate and respond if you or a vendor falls out of compliance.
By continuously monitoring your security, you’ll be able to better protect your remote team and your data.
