2020 was a banner year for cyberattacks. From the carefully orchestrated SolarWinds attack, to Marriott suffering its second significant data breach, cybercrimes cost Americans a staggering $4.1 billion in losses last year.
The global pandemic has also exacerbated cybersecurity weaknesses and become a catalyst for cyberattacks — with 74% of security leaders saying they’ve seen more attacks since the pandemic started.
As CISOs continue to lead the charge against cyberattacks and focus on maintaining business continuity, protecting remote workers, and tackling evolving cybersecurity threats, here’s a quick rundown of how threats are evolving and how customers use Axonius to bolster their organization’s security posture.
Application-based Phishing Attacks
Phishers have long moved away from solely baiting users with Nigeraian prince scams. With sophisticated phishing techniques emerging constantly, Microsoft recently warned users against the rise of consent phishing. Also known as OAuth phishing, this application-based attack tricks individuals into providing malicious Office 365 OAuth apps with access to their Office 365 accounts. Once the victim grants the malicious apps permission to their data, attackers are able to take over the target’s Microsoft accounts.
Educating users against today’s evolving phishing techniques is a key to phishing attack prevention.
It’s also important to remember: you can’t protect what you don’t know. In addition to devices, Axonius customers are able to understand how each user adheres to the overall security policy.
Ransomware Attacks Exploiting Top Vulnerabilities
With 2,474 ransomware incidents reported last year, this method of attack remains a top choice for threat actors. From big-game hunting to double-extortion attacks, ransomware techniques are evolving at a rapid pace.
Threat actors are also increasingly relying on exploiting existing vulnerabilities to deliver malware, instead of leveraging phishing campaigns or social engineering techniques to launch ransomware attacks.
The most recent example is the ransomware attack on computer giant Acer, where attackers reportedly gained access to the company’s network by exploiting a Microsoft Exchange vulnerability. A direct attack on an organization’s vulnerable Exchange server allows threat actors to eliminate several initial steps in a ransomware process, like infiltration and reconnaissance.
Implementing a layered approach to security is the best defense for ransomware, which entails deploying a gamut of solutions including antivirus software, firewall, endpoint protection, and DLP solutions.
For our customers, the Axonius platform ensures devices are secured with endpoint protection solutions that can prevent and detect ransomware, and that devices are covered by data loss prevention and recovery solutions. Once the devices missing these solutions are identified, customers can leverage the Axonius Security Policy Enforcement Center to automate response action.
With vulnerability assessment, endpoint protection, and configuration, and patch management adapters connected, customers can also identify all known devices susceptible to a particular vulnerability.
Misconfigurations in the Cloud: No. 1 Threat to Cloud Security
Eight in 10 companies across the United States have experienced a data breach made possible by cloud misconfigurations, according to IDC. The CapitalOne and Hobby Lobby data breaches are recent examples illustrating how malicious actors capitalized on organizations' cloud misconfigurations to steal sensitive information.
Misconfigurations are one of the most common ways cybercriminals gain a foothold in your cloud environment, assault company networks, and initiate cloud-jacking — in which an organization’s cloud account is stolen or “hijacked” by a threat actor.
The four common security group setting misconfigurations, according to McAfee, include:
- Unrestricted outbound access
- Unrestricted access to non-HTTP/HTTPS ports
- Unrestricted inbound access on uncommon ports
- Unrestricted Internet Control Message Protocol access
With misconfigurations, policy lapses, overly permissive access rights, and publicly available data, organizations are challenged to secure their cloud instances. Axonius Cloud Asset Compliance, an add-on to the Axonius platform, connects to the cloud platforms you’re using to map the state of your cloud instances against industry standards and benchmarks.
Account Takeover: More Than Just a Nuisance
Account takeovers (ATOs) can wreak havoc on your IT environment and put your customers at risk. A single compromised account can be leveraged to gain access to sensitive data, perform lateral movement in enterprise networks, compromise additional accounts, or serve as a stepping stone to conducting large scale cyberattacks.
Cybercriminals are focusing more on ATOs, and these attack types are evolving to become highly organized, longer lasting, and more profitable.
Take the SolarWinds breach. Stolen credentials are one possible avenue of attack that nation-state actors may have leveraged for compromising the SolarWinds environment. It’s believed they then used that access to deliver trojanized updates to the software’s users. What’s more, fallout from the SolarWinds breach is expected to last for years.
With over 80% of breaches within hacking involving brute-force or the use of lost or stolen credentials, prioritizing access control, password hygiene, and multi-factor authentication (MFA) have become a business imperative.
While MFA enhances your organization’s security by adding an additional layer of security, solutions like identity and access management and privileged access management help ensure greater control of user access and prevent privileged account attacks.
The Axonius platform continuously identifies users not enrolled in identity and access management, privileged access management, and multi-factor authentication platforms deployed by your organization, as well as help identify users with poor password practices.