Top Security Predictions for 2020
Sophos recently released it’s 2020 Threat Report, sharing the key cybersecurity challenges it projects the world will be facing over the coming year. Cybercriminals are constantly evolving and adopting increasingly aggressive and sophisticated techniques to circumnavigate security measures. As Joe Levy, Sophos CTO says, by making sense of the security environment we can make better security decisions. Because you can’t defend against what you can’t understand.
Ransomware continues to target more victims every year, so not surprisingly Sophos has focussed part of the report on the new techniques attackers are using to confuse anti-ransomware protection. Although the purpose of ransomware remains the same, to encrypt our data and documents, how it appears is increasingly being changed to get around countermeasures.
One particular example is the targeting of managed service provider’s (MSP) tools and systems like their remote monitoring and management (RMM) solutions. By exploiting vulnerabilities or making use of stolen credentials, criminals can access multiple customers’ infrastructure and endpoints and distribute ransomware remotely, causing exponentially more damage. A key piece of advice from Sophos is to always make sure that any management accounts or tools use multifactor authentication (MFA). If you currently work with an MSP or are looking to start doing so, asking what security measures they have in place to protect their own systems and customer management tools is vital.
Mobile Security Threats
As well as the seemingly unstemmable avalanche of ransomware attacks, Sophos reports a growing variety of mobile attacks. Malicious software remains the biggest concern, with some app developers devising ingenious methods to conceal their apps real intent and avoid the detection measures of the likes of Google. Android phones are particularly at risk, due to the fragmented nature of the mobile phone ecosystem, where the device manufacturers sporadically offer the critical Android OS updates, leaving users open to a broad range of attacks.
Advertising fraud may seem relatively benign, at the end of the day, it is often the advertising brand that ends up paying for fraudulent clicks. However, users are also impacted. Click fraud can continue when the phone is in sleep mode, draining battery life, incurring higher charges for data usage and generally reduced performance.
A more insidious threat is the “bankers”. Apps that are designed to steal financial credentials and logins. With malicious apps designed to exploit Accessibility permissions, criminals can monitor keystrokes when users log into legitimate banking apps and steal credentials.
Remote Desktop Protocol (RDP) Security Risks
Sophos Labs recently found that purposely set up honeypot machines around the world were subjected to over half a million brute force login attempts. Public internet-facing Remote Desktop Protocol (RDP) attacks have been on the rise in 2019. Attackers use RDP as a route into the networks targeted for compromise and this technique has been the cause of some of the most painful and successful ransomware attacks in the past year. It is recommended that everything possible be done to prevent exposure of RDP to the public-facing internet.
Security Threats In Cloud Computing
Sophos highlights how the very scalable and flexible nature of cloud-based storage and data processing brings with it its own very innate challenges. The pace of change and multitude of configuration options means that administrators themselves can inadvertently open up their own customer database to exposure. In fact, Sophos believes that the vast majority of security incidents involving cloud platforms happen as a result of misconfiguration.
A further challenge for cloud computing platforms is that many users cannot closely monitor exactly what their devices are doing, giving criminals a longer window to carry out their attacks. Sophos recommends that having visibility into impacts of configuration changes and the ability to monitor your cloud platform for malicious or suspicious activity are the best ways to combat the threats to the cloud.
Automation and Security
Attackers use a combination of automated tools and human interaction to evade security controls, deploying increasingly stealthy tactics to reach their critical targets. With automated backups now the routine target of attacks, as attackers know that victims are more likely to pay a ransom if they lose their back up, Sophos advises that organisations should be deploying a combination of both backup and recovery strategies as well as preventative rapid threat neutralisation.
Stealthy tactics extend to the use of the apparently benign to conduct malicious intent. Potentially unwanted applications (PUAs) and commonly used admin tools can both be used to deliver and execute malware as part of a well-planned quiet attack. One should not underestimate the sophistication deployed by advanced attackers.
Sophos warns of attackers looking for new and advanced ways to evade machine learning defense models, but also highlights how the use of machine learning on the attack side will bring its own challenges, in particular in the guise of vishing attacks. All these novel approaches highlight the need for multiple layers of protection against attackers.
We have provided our summary of some of the key points within the SOPHOS 2020 Threat Report. If you would like to read the full report, which includes more information and elaboration of each of the key points, you can download a full copy of the report below.
The key message from Sophos is that the pace, scale, and sophistication of threats will only continue to grow. It is vital for businesses and IT providers to keep abreast of these developments and ensure that a multi-layered approach to security is deployed.
If you would like more information about how Firstline IT can help assess your security posture and recommend the right security solution for your business, then please contact us today.