As 2020 comes to an end and we anticipate gleefully tossing our calendars in the garbage, we can all agree it was one of the most tumultuous years in recent history. It was a difficult time for almost every person and industry, and cybersecurity was certainly no exception, with shocking breaches, mass transitions to remote working, and threat actors thriving as the pandemic raged on. Though we’re as eager as everyone else to look forward, let’s look back at 2020 one more time to identify trends that may help you plan for a better 2021.
1. Political Interference
2020 was an election year in the US, so it’s not surprising there was a drastic increase in suspicious activity targeting the political sphere. Fake news, for instance, flooded social media from both sides, causing the rapid spread of misinformation. Fake news was also more convincing than ever before, with deepfake technology not only improving, but also becoming more accessible for people to use. This enabled just about anyone to create videos impersonating political figures, some of which were eerily difficult to discern from real footage.
Companies like Twitter and Facebook had to prioritize efforts to manage and monitor this type of content. They took more control than in the past, acknowledging the damage false information could cause. Posts were reviewed at a faster pace, especially when it came to accounts with a large number of followers, and content was clearly flagged as unverified or fictional.
2. Old Operating Systems Easily Targeted
While technology continued to evolve, many organizations were unable to keep pace with these updates. This may have been for any number or reasons—staffing limitations, budget constrictions or reductions, or simply a lack of awareness. Additionally, operating systems like 2008R2 and Windows7 reached end of life and patches were released on a regular basis for any number of devices. All of this made upkeep more time consuming than ever.
Unfortunately, this led to an increase of attacks on outdated operating systems. Attackers were able to use a number of known exploits that were out in the wild, taking advantage of unpatched vulnerabilities to make their way into a system.
3. Trickier Threats
To put it simply, hackers are getting smarter, and 2020 was a showcase of their intelligence as organizations dealt with more complex threats. For example, there were a number of fileless malware attacks, which do not use executable files to install new software, but instead are a type of living off the land attack, leveraging pre-existing software and applications. These attacks are particularly treacherous since they typically leave no signature, can evade detection, and often have a significantly longer dwell time. According to the Ponemon Institute, fileless malware is far more likely to succeed than other types of threats.
Additionally, 2020 saw more UNIX and Linux malware threats. Since massive amounts of valuable data are stored on large servers, more malware families are now porting their systems to Linux and UNIX. For example, RansomEXX was initially made for Windows but was ported to Linux. This Linux strain was used in the Konica Minolta breach earlier this year, which managed to keep their website down for a week.
4. Fringe Devices More of a Focus for Attackers
From smartphones to SCADA systems, fringe devices are now as critical to our businesses as workstations and servers. Unfortunately, safeguarding these devices is still a challenge, and a general overconfidence in their security made them an ideal target for threat actors. With so many IoT devices connected to an organization’s network, it is unsurprising that 2020 saw an increasing amount of them serve as a doorway for attackers, be it through using unknown networks, poor access administration, or other means. The rapid transition to remote work did not help either, as everyone’s home network introduced even more potential attack vectors.
Attacks on these devices are especially problematic, since attackers not only use them as a foothold into a system, they also are a fairly discreet way to enter. This allows attackers to linger for longer, stealthily exfiltrating data before launching more visible attacks.
5. Better Use of Analytics and Intelligence
Machine learning was a buzzword in 2020 for a reason—the year saw analytics and intelligence become increasingly useful to cybersecurity professionals. For example, identity governance tools use ongoing analysis and machine learning to determine environmental changes and activity that affect access risk, suggesting modifications to ensure access requirements are appropriate and effective.
Additionally, machine learning has boosted the ability to identify malicious activity and stop attacks. Monitoring solutions like Network Traffic Analysis tools continuously observe traffic, flagging traffic abnormalities as possible security threats. Machine learning has proven so useful it’s estimated that by 2021, its role in cybersecurity will increase spending in big data, artificial intelligence (AI), and analytics to $96 billion.
Unfortunately, even this bright spot has a bit of a dark side, as cyber criminals have also taken advantage of this technology. For example, threat actors are using machine learning to refine algorithms for guessing users’ passwords. Additionally, data poisoning attacks on machine learning models can also render them useless or dangerous, as the model “learns” something it shouldn’t.
Resolving to Create Healthy IT Infrastructures
Since 2020 has taught us how deeply unpleasant it can be to be caught off guard, what can we do to better prepare our IT environments for different threats? The best way to readily respond to any type of security threat or disruption is with a layered strategy that is both proactive and reactive, creating a complementary portfolio of solutions that reduce risk and manage both internal and external threats. Ultimately, organizations must commit to dynamic risk management, staying flexible and regularly evaluating the status of their safeguards to adapt to change—whether those be organizational, within the broader cybersecurity sphere, or on a global scale.
Let's Talk About How We Can Help.
Find out how Core Security solutions work to help you detect and remediate access and vulnerability risk. If you have any questions or want to know more about our innovative solutions, let us know.