Cyber threats in 2021 have exceeded the total for 2020 costing companies worldwide an estimated $10.5 trillion. Alarming are not only the costs associated but also their increased sophistication, making the security industry one of the most fast-paced and versatile this year.
The term “hack” was coined at MIT in 1955, while the first mention of computer hacking occurred in 1963. As we know them today, hacks have had more than 50 years to evolve into sophisticated malware tools and are sometimes created by top computer scientists. Cyber security professionals have to deploy new security measures to keep up with these targeted attacks, specially adapted to the new work-from-anywhere normal. In this article, we retrospectively look at the most notable cyber threats of 2021 and share insights on how to protect against popular cyber attacks.
Targeted DarkSide Intrusion or Ransomware as a Service
The Colonial Pipeline attack will be remembered as the most devastating cyber threat of 2021, showing the villain power of cybercrime as well as the incredible governmental interest it has spurred — creating an unprecedented federal response.
In May 2021, cybercriminals managed to get inside the network of Colonial Pipeline, one of America’s largest oil and gas companies. They then deployed ransomware from DarkSide (a Ransomware as a Service specialized hacking group) and caused a short-lived energy crisis throughout the Southeast creating panic in several U.S. states. Due to its dimension and negative impact, the FBI and other governmental institutions stepped in. They managed to trace and seize a significant portion of the cryptocurrency ransom payment that Colonial made to the hackers. This action has led to an unprecedented federal initiative to crack down on cybercriminals, including a new ransomware task force directed by the Justice Department followed by other defensive policies under the Biden administration.
Since the attack saw such an unprecedented federal response and even the release of new defensive policies, it’s no wonder the Cybersecurity and Infrastructure Security Agency has published a set of best practices for preventing business disruption from ransomware attacks in the U.S. As simple as it might seem, the first mitigation step to reduce the risk of compromise by ransomware attacks is to require multi-factor authentication for remote access to OT and IT networks.
Such a recommendation clearly indicates the importance of MFA in preventing access to crucial information. TypingDNA Verify 2FA is a new technology based on typing biometrics that allows a two-factor authentication, which is inband and offers a seamless, rapid authentication flow. By deploying TypingDNA Verify 2FA, employees or customers can authenticate by typing four words in the same login screen of the application they want to access. Since the patent-pending method replaces SMS OTP’s, no phones or additional authenticator apps are needed. The stellar user experience derives from a seamless login process during which the innate typing behavior of the user is analyzed, and companies don’t have to compromise user experience for strong security. TypingDNA Verify 2FA can be deployed in less than 10 minutes, and the starter plan allows up to 1,000 users per month for free.
Identity Theft in pandemic times
According to the Federal Trade Commission (FTC), identity theft cases have doubled from 2020 to 2021. The FTC received roughly 1,400,000 cases of identity theft in 2021. Cybercriminals targeted internet users affected by the COVID-19 pandemic financially, and over 394,280 identity theft cases were reported in the U.S. alone. Personal information such as email addresses, social security numbers, or phone numbers must be kept away from prying eyes. Sensitive information shared on social media can have disastrous outcomes and affect entire households and businesses.
The FTC advises users to never share personal information or upload sensitive information on suspicious websites. Also, users should always manually enter URLs and disable apps that track device location. Adding MFA to sensitive accounts like email or e-commerce websites where credit cards are stored is highly recommended to avoid identity theft and cyber threats.
Insider cyber threat – the zero-trust approach
Astonishingly, as Forbes data reveals, 57% of all database breaches involved insiders. Insider threats originating from within the organization involve a current or former employee or associate who has access to sensitive information or privileged accounts within an internal network and misuses that access. Some examples of insider threats include malicious insiders, careless insiders, and privileged account takeover — all of which can compromise a company’s network. Companies looking to protect against such insider attacks must limit privileges to internal structures and apply a zero-trust policy where the identity of any actor can be verified.
Applying a zero-trust security policy is probably the best scenario for most businesses, especially smaller ones at greater risk, as employees can access more parts of the internal network than larger businesses.
The issue with insider threats is that most of them go unseen by the security teams and the anti-malware systems. Unauthorized use of company data can be seen as legitimate once employees gain privileged access. Deploying ActiveLock by TypingDNA enables continuous authentication for all employees and verifies that only authorized users have access to the company’s data. The authentication process is performed constantly, and only successfully authenticated users are granted access.
The malicious advertisement – Fileless Malware Hijacking
Independently discovered by cybersecurity researchers at Microsoft and Cisco Talos, the malware is primarily distributed via malicious online advertisements and infects users with a drive-by download attack. First spotted in July 2021, the malware has been designed to turn infected Windows computers into proxies. According to Microsoft, attackers can use computers as a relay to hide malicious traffic. Other researchers believe the proxies are used for click-fraud to generate revenue for attackers.
The malware primarily focused on targeting Windows home users. Still, attacks were also aimed at organizations from trade sectors and education, healthcare, finance, retail, and business and skilled services. While the malware stands out as fileless, the execution of scripts and tools is considered abnormal behavior, and most anti-malware programs are designed to recognize it.
Updating anti-malware software is crucial to prevent such attacks, and scanning for abnormal behaviors can save a company’s reputation and finances. Also, keeping employees up to date and educated towards recognizing the latest attacks is vital since most cyber threats require a point of vulnerability — be it an open door such as unpatched software or just a click performed by any employee.
Looking at the most notable cyber threats of 2021, one recognizes their versatility as well as sophistication. From ransomware as a service, 0-day attacks, and exploiting human errors, the current cyber threats are designed to capitalize on any attack vendor. In 2022, cyber security professionals will have to keep businesses secure while relying on multiple layers of defense, from endpoint security to identity verification and secure and seamless authentication methods.