The cyber security landscape has shifted inexorably with the changes to our working and day-to-day lives in the past 18 months. In this article our Head of Offensive Security Andy Swift reviews the cyber security landscape as it stands in winter 2021/22, providing insights that will help organisations better protect themselves from the ever-present threat of cyber-attack.
As we move towards Christmas and the New Year, it becomes that time when we begin to have a better view of how various trends and products identified in earlier quarters have had an effect on the cyber security landscape we find ourselves in now. Let’s take a look at some of the key trends we’ve experienced at Six Degrees.
The Impact of Remote Working
The increased adoption of remote working has been one of the biggest changes we’ve experienced over previous years, and that acceleration has only continued over the last few quarters. With this sudden change has come a shift in the way people work and the systems they connect to daily.
This has resulted in a wide array of both success and failure stories. The burden on IT teams has been immense, and for those ill-prepared it’s meant new environments having to be stood up quickly to handle remote working. It’s also led to a sudden increase in the numbers of mobile devices and laptops connecting to networks. In some cases where supply has failed to meet demand, personal devices have filled the void. This has created a dramatic expansion of attack surface.
All of this has provided attackers with a great deal more in the way of opportunity. Add to that one of the most successful years for ransomware on record, and we soon find ourselves in a world where ransomware is still paying – increasingly well at that! Worst of all, success breeds success in these arenas. There will be more to come.
The Evolution of Ransomware
While on the topic of ransomware, changes in deployment have also been interesting to watch over the last year or so. Each incident response our team at Six Degrees has carried out for ransomware victims this year has seen an increasing level of manual attack before deployment, with a focus shift towards identifying targets of interest, rather than the somewhat automated spray and pray approach of yesteryear.
With this level of investigation prior to deployment has also come a step up in techniques for privilege escalation. One of the issues with automated deployment is that attackers can never be sure of the environment their malware is being dropped into; malware authors need to consider operating system, account level, how they are going to escalate, if there is antivirus or Managed Detection and Response to evade first, and an almost endless list of other variables.
Attackers in general (cyber or not) will often take the easiest route to achieving their goal. If manual compromise followed by manual deployment of a less advanced ransomware against a more specific set of targets overcomes having to create complex and intelligent malware that can account for any number of outcomes on its own, and also increases the success rate of deployment tenfold, that is the route they will take.
Exchange Server Vulnerabilities
Several hard-hitting vulnerabilities in Exchange Server have plagued Microsoft over the last year, and these have resulted in a large number of incident response calls to our CSIR department during Q2 and Q3 2021. Given the widespread use of Exchange Server, these vulnerabilities continue to be a widely researched, problematic topic that has seen a lot of organisations switching to a fully cloud-based environment. A number of ransomware groups, such as those behind the well-known Conti malware, have also started to use these vulnerabilities as a method of gaining an initial foothold on the network. This is a clear sign that these groups stay up-to-date, and also have the skills for manual exploitation and deployment.
Protect Your Organisation in 2022 and Beyond
We’re seeing an arms race between attackers and defenders. Without all organisations taking preventative measures to protect themselves, the attackers will win. The sheer volume of cyber-attacks being launched means that siloed security solutions are unable to keep up.
Making cyber smart decisions that align to your wider organisational strategy is an essential element of maintaining operational integrity and ensuring success in this hostile digital landscape. Partnering with an experienced, credible cyber security provider will allow you to establish your organisation’s risk appetite and enhance your cyber security posture. Click here to arrange a call with one of our experts today.