What You Can Do About Cyber Threats Not Slowing Down in 2022
2021 was a year that saw cybercriminals up their threat game in a big way, delivering highly coordinated and more advanced high-profile cyberattacks than ever before. Simple endpoint attacks became complex, multi-stage operations while ransomware attacks hit small businesses and huge corporations alike, and crypto-mining attacks gave cybercriminals an easy foothold into company networks. It was a year of massive data leaks, expensive ransomware payouts, and a vast, new, complicated threat landscape.
Cybersecurity experts predict that attacks will continue to increase in 2022, leaving IT teams scrambling to cover every possible avenue of attack. This will be incredibly challenging because the attack surface will simultaneously be expanding as organizations transition to more hybrid environments and workspaces, adopt more AI and ML-based technologies, develop new connectivity options, and deploy additional business-critical applications and devices into the cloud.
Here’s what you need to know in 2022 to protect your organization from cyber threats.
Rise in Ransomware Triple Extortion Threat
Ransomware is a cyber security problem that just won’t go away. The first half of 2021 saw a 102% increase in ransomware attacks compared to the beginning of 2020, so it’s a security problem that’s only getting more prevalent. To make matters worse, ransomware groups are increasingly adopting an even more troubling approach to their criminal activities: doubling down on the threat that they pose.
Hackers have moved from single to double to triple extortion, making it harder and harder for businesses to shake off an attack unscathed. Ransomware attacks are now about encrypting the data, extracting and compromising it, and using it as additional leverage for extortion negotiation. Triple extortion incidents typically include distributed denial-of-service (DDoS) attacks whereby, if victims refuse to negotiate with hackers and pay a ransom, the cybercriminals will launch a separate DDoS attack which will cause business interruption by disrupting the corporate network by overwhelming it with a flood of internet traffic.
This creates a significant challenge for companies – as they have to deal with one emergency on top of another – which often drives the company back to the negotiating table. Attackers are also expanding their reach to demand payments from customers, partners, and other third parties related to the initial breach to grab even more cash for their crimes.
Here’s how you can protect your company from a ransomware attack:
- Implement a zero-trust security architecture, where all users are verified and authenticated before they are allowed to access organizational resources. Having been gaining in popularity for years, zero-trust is soaring now due to widespread remote work. With distributed workforces connecting from multiple devices and locations, zero-trust is the only model that ensures that everyone logging onto the organization’s network is who they claim to be.
- Up-to-date patches: Keeping computers up-to-date and applying security patches, especially those labeled as critical, can help limit an organization’s vulnerability to ransomware attacks.
- Mandate the use of multi-factor authentication (MFA)on all accounts that support it. This way, even if a cybercriminal gets hold of a working password without the second or third authentication factor, it will be useless.
- Anti-ransomware: Protecting against this ransomware that “slips through the cracks” requires a specialized security solution. Anti-ransomware solutions monitor programs running on a computer for suspicious behaviors commonly exhibited by ransomware, and if these behaviors are detected, the program can take action to stop encryption before further damage can be done.
- Invest in employee cybersecurity training: Training users on identifying and avoiding potential ransomware attacks is one of the most important defenses an organization can deploy. Many cyber-attacks start with a targeted email that does not even contain malware but a socially engineered message that encourages users to click on a malicious link.
Cybercriminals will Leverage API Vulnerabilities
Application Programming Interfaces (APIs) underpin today’s digital ecosystem as the vital connective tissue that allows companies to exchange data and information quickly and securely. Yet APIs remain one of the most vulnerable elements of any organization’s application or software stack. The most common threat vector is misconfigurations, and weak links between APIs deployed in each piece of software.
Gartner predicts that API attacks will become the most-frequent attack vector in 2022, causing data breaches for enterprise web applications. According to Salt Security, API attacks increased 348% in the first six months of 2021, and 94% of companies had an API-related security incident in the past 12 months. It’s clear that cybercriminals are increasingly turning their attention towards APIs as an attack vector and will undoubtedly develop more advanced tools and methods for exploitation.
The first step in fixing the API security problem is taking stock of how many APIs your organization has deployed and how they are interacting with one another – each API is unique and needs individual attention and detailed understanding. Teams need to be given specific responsibilities regarding API security maintenance to ensure that nuanced differences between APIs are addressed.
Here are the best practices to protect APIs against abuse:
- Monitor and manage API calls coming from bots
- Stop using obsolete and insecure authentication methods
- Implement measures to prevent API access by sophisticated human-like bots
- Use robust encryption to safeguard log-in processes
- Deploy token-based rate-limiting equipped with features to limit API access based on the number of IPs, sessions, and tokens
- Comprehensively log all system requests and responses
- Scan incoming requests for malicious intent
- Support clustered API implementation to handle fault tolerance
- Track the usage and paths taken by API calls to find anomalies
Attacks on Connected Devices and IoT to Increase
The Internet of Things (IoT) is a rapidly evolving ecosystem of connected devices driving innovation in the business world. Everything from autonomous manufacturing robots to self-driving cars relies on this interconnected network of things to function. The global Internet of Things (IoT) market is projected to grow from $381.30 billion in 2021 to $1,854.76 billion in 2028. While this massive increase in IoT devices will undoubtedly drive innovation within countless industries, it will also come with new threats and security concerns.
Operational technology (OT), connected devices, and IoT tend to be less protected than most IT environments. The majority of the IoT devices are interconnected, which compromises the security of multiple devices if one device gets hacked. Cybercriminals typically exploit these vulnerabilities by attempting denial-of-service attacks, exposing valuable data, or hijacking a user’s computing power for botnet armies or clandestine crypto-mining operations. For example, the Mirai botnet launched the largest DDoS attacks in history by compromising IoT devices.
Here’s how you can secure your IoT devices and protect them from cyberattacks:
- Evaluate the security at each layer of the IoT stack: This includes the devices themselves, their embedded software, the WiFi network, the cloud platform, and the native applications. Ideally, devices should have customizable passwords, regular security updates, and automated configurations.
- Set system-wide protections: Businesses that use IoT devices heavily should install systems specifically designed to protect IoT devices.
- Protect against physical tampering: Ensure that the product has no exposed ports or connectors that are easily accessible to non-employees, set locks or access restrictions on devices, keep IoT devices in secure spaces, and don’t leave portable IoT devices unattended.
- Create network segmentation and firewalls: IoT devices should not have access to your entire system as they can be used as exploitable gateways.
- Create a guest network: By creating a guest network for your devices, an attacker will not be able to use the device as a gateway to other technologies such as your phone, computer, or network.
ECW Can Help Secure Your Organization Against Cyber Threats
Cyber threats show no sign of slowing down, and defending against an ever-evolving wave of these threats requires a holistic, integrated approach to cybersecurity. At ECW Network & IT Solutions, we provide comprehensive cybersecurity services to SMBs and enterprises in Fort Lauderdale, West Palm Beach, Miami, and South Florida. Whether you need cybersecurity training, managed security, or assistance with your cyber defenses, we’re confident we can help your organization improve its cybersecurity posture. Contact us today to schedule a consultation with our cybersecurity experts!
Thanks to Kelly and Sean at Orbis Solutions a Las Vegas IT services company for their support and help over the years with some great content advice.
ECW Computers is an information technology company. Headquartered in Deerfield Beach, FL, we specialize in providing unique, specially-tailored Managed IT solutions to businesses in Fort Lauderdale, West Palm Beach, Miami and across South Florida.