2020 was a banner year for cyberattacks. From the carefully orchestrated SolarWinds attack, to Marriott suffering its second significant data breach, cybercrimes cost Americans a staggering $4.1 billion in losses last year.
The global pandemic has also exacerbated cybersecurity weaknesses and become a catalyst for cyberattacks — with 74% of security leaders saying they’ve seen more attacks since the pandemic started.
As CISOs continue to lead the charge against cyberattacks and focus on maintaining business continuity, protecting remote workers, and tackling evolving cybersecurity threats, here’s a quick rundown of how threats are evolving and how customers use Axonius to bolster their organization’s security posture.
Application-based Phishing Attacks
Phishers have long moved away from solely baiting users with Nigeraian prince scams. With sophisticated phishing techniques emerging constantly, Microsoft recently warned users against the rise of consent phishing. Also known as OAuth phishing, this application-based attack tricks individuals into providing malicious Office 365 OAuth apps with access to their Office 365 accounts. Once the victim grants the malicious apps permission to their data, attackers are able to take over the target’s Microsoft accounts.
Educating users against today’s evolving phishing techniques is a key to phishing attack prevention.
With 2,474 ransomware incidents reported last year, this method of attack remains a top choice for threat actors. From big-game hunting to double-extortion attacks, ransomware techniques are evolving at a rapid pace.
Threat actors are also increasingly relying on exploiting existing vulnerabilities to deliver malware, instead of leveraging phishing campaigns or social engineering techniques to launch ransomware attacks.
The most recent example is the ransomware attack on computer giant Acer, where attackers reportedly gained access to the company’s network by exploiting a Microsoft Exchange vulnerability. A direct attack on an organization’s vulnerable Exchange server allows threat actors to eliminate several initial steps in a ransomware process, like infiltration and reconnaissance.
Implementing a layered approach to security is the best defense for ransomware, which entails deploying a gamut of solutions including antivirus software, firewall, endpoint protection, and DLP solutions.
Misconfigurations in the Cloud: No. 1 Threat to Cloud Security
Eight in 10 companies across the United States have experienced a data breach made possible by cloud misconfigurations, according to IDC. The CapitalOne and Hobby Lobby data breaches are recent examples illustrating how malicious actors capitalized on organizations' cloud misconfigurations to steal sensitive information.
Misconfigurations are one of the most common ways cybercriminals gain a foothold in your cloud environment, assault company networks, and initiate cloud-jacking — in which an organization’s cloud account is stolen or “hijacked” by a threat actor.
The four common security group setting misconfigurations, according to McAfee, include:
Unrestricted outbound access
Unrestricted access to non-HTTP/HTTPS ports
Unrestricted inbound access on uncommon ports
Unrestricted Internet Control Message Protocol access
With misconfigurations, policy lapses, overly permissive access rights, and publicly available data, organizations are challenged to secure their cloud instances. Axonius Cloud Asset Compliance, an add-on to the Axonius platform, connects to the cloud platforms you’re using to map the state of your cloud instances against industry standards and benchmarks.
Account Takeover: More Than Just a Nuisance
Account takeovers (ATOs) can wreak havoc on your IT environment and put your customers at risk. A single compromised account can be leveraged to gain access to sensitive data, perform lateral movement in enterprise networks, compromise additional accounts, or serve as a stepping stone to conducting large scale cyberattacks.
Cybercriminals are focusing more on ATOs, and these attack types are evolving to become highly organized, longer lasting, and more profitable.
Take the SolarWinds breach. Stolen credentials are one possible avenue of attack that nation-state actors may have leveraged for compromising the SolarWinds environment. It’s believed they then used that access to deliver trojanized updates to the software’s users. What’s more, fallout from the SolarWinds breach is expected to last for years.
With over 80% of breaches within hacking involving brute-force or the use of lost or stolen credentials, prioritizing access control, password hygiene, and multi-factor authentication (MFA) have become a business imperative.
While MFA enhances your organization’s security by adding an additional layer of security, solutions like identity and access management and privileged access management help ensure greater control of user access and prevent privileged account attacks.
Interested in learning more about how Axonius can bolster your organization’s security posture by offering a comprehensive asset inventory, uncovering security solutions coverage gaps, and automatically validating and enforcing security policies? Book a demo to see the Axonius platform for yourself.