The COVID-19 pandemic may not be totally over, but in many parts of the world, people are starting to enjoy the outdoors once again—and that’s attributable, in large part, to the COVID-19 vaccine. The vaccine supply chain, however, is in grave danger.
This 2022, cybercriminals will carry out a ransomware attack against one of the companies producing the COVID-19 vaccine, predicts James Carder, Chief Security Officer at cybersecurity solutions provider LogRhythm. “This will interrupt the production of critical booster shots and keep many other lifesaving drugs from reaching patients.” Not only will this create problems for people needing the vaccines, but it may also further stoke the ongoing vax vs. anti-vax debate. “The resulting fallout will fan the flame for foreign and domestic vaccine disinformation campaigns,” adds Carder.
Of course, none of these concerns cybercriminals. All they want is money. The problem is they’ve been getting it, with systems in place to make it easier to grab quick and dirty scores.
Threat Landscape Analysis: An Overview
The term “threat landscape” refers to a combination of various elements, including:
- The vulnerabilities of individuals and organizations, such as sensitive data or unpatched systems
- Malware permeating the internet
- Organizations of attackers
- The techniques attackers use
- Geopolitical elements, such as tensions between countries that could inspire hackers from one region to go after assets in another
Although all malware and the entities that use them are dangerous, the degree of threat they pose differs. The result is an ever-evolving threat landscape.
For example, viruses have always been an issue and continue to cause problems. Years ago, cybersecurity companies sought to address the virus problem with antivirus software, which gained popularity and became the go-to tool for eradicating computer viruses.
Now, however, even though viruses persist, the more pressing concern on the threat landscape is less about how viruses can slow down computers and more about how other types of malware can be used to steal information or cripple entire networks. A virus seems mild compared to ransomware or a distributed denial-of-service (DDoS) attack.
What Is a Threat Landscape Report?
Cybersecurity and business leaders rely on threat landscape reports to stay on top of the threats impacting their sectors.
A threat landscape report provides a summary and description of the kinds of cybersecurity threats that are currently impacting the world. They’re typically released once a year and performed by cybersecurity companies, such as CrowdStrike and Deep Instinct. Organizations sponsored by different countries, such as the European Network and Information Security Agency (ENISA), also release threat landscape reports. Professionals armed with data gleaned from threat detection systems and cyber intelligence networks provide the analysis outlined in these types of reports.
The Types of Threats That Concern Organizations the Most
Cybercriminals are the new mafia—yet far more dangerous.
By the time organized crime became a cultural fixture, capturing the imaginations of filmmakers and authors around the world, it had gone through a maturation process. Gangsters realized the importance of unification, setting up rules, and striking bargains with victims so they could continue their exploits.
Hacker organizations are already there. As evidenced by multiple threat landscape reports, instead of being just a bunch of introverted nerds experimenting with code and exploiting companies for digital street cred, they’ve organized themselves into efficacious, vicious, relentless crime organizations.
Phishing Campaigns to Continue Rising
Based on current threat landscape trends, attackers are likely to continue using phishing and spear-phishing campaigns to gain access to sensitive access credentials and financial information. In these kinds of attacks, a cybercriminal can steal credentials from someone who enters them into a fake web page they think comes from a legitimate organization. This usually involves one or multiple steps.
For example, the attacker may create an email with a sender URL somewhat similar to that of an authentic organization, such as “[email protected]” They then create a fake page that mimics the design and branding of the trusted site—this is where they harvest the account information or login credentials of unwitting victims.
Attackers use shortened versions of malicious domains, according to a report by Trellix, so users have to be doubly careful when clicking on shortened links.
Increased activity has shined a bright spotlight on ransomware’s latest evolution, ransomware-as-a-service (RaaS). Much like software-as-a-service (SaaS), RaaS is a platform that enables a hacker to purchase ransomware on a subscription basis. In other words, every month, they pay for their electric, water, and internet bills—and their regular subscription to some of the best ransomware services available.
With RaaS, there’s no need to waste time manually adjusting code and figuring out the best way to ensure the ransomware delivers a devastating blow to a company’s system—that has been handled.
The RaaS Business Model
For hackers, the RaaS business model is a win-win. It’s efficient, lean, and manageable. It’s also simple.
A RaaS organization is composed of two basic groups of people: developers and affiliates.
- Developers design and code the ransomware, making sure it’s ready for release before making it available to affiliates
- Affiliates buy the ransomware, paying via a subscription, and then start spreading it. When they get a company to pay up, the developer decides how much they take and how much goes to the affiliate
In a way, a RaaS operation isn’t unlike a large company that has a remote sales force. Their people are out in the field, pushing products and landing deals, and headquarters decides how the profits get divided up. Except in a RaaS infrastructure, the “deals” are ransomware settlements.
Did Remote Work Expand the Attack Surface?
In short, yes, remote work has greatly expanded the attack surface. The “expansion” is simultaneously geographical and digital. Remote workers are easy targets for attackers, especially because they’re more likely to access insecure networks.
To illustrate, let’s say you run a power utility company. Your job is to purchase power from people with solar farms, coal generators, wind turbines, and hydroelectric generation systems. You then sell this power to regular people. During the pandemic, you recognized the need to make your operations leaner by hiring more remote employees, as well as converting some in-office workers to either remote or hybrid.
Connecting Through Insecure Networks
Suppose a remote employee disconnects their laptop from your network. They then decide to connect to the internet at a coffee shop down the road called Sip and Chill. While connected at the coffee shop, they’re on a public network that anyone can hook up to.
How Hackers Take Advantage of Remote Employees
In our fictional example, if a hacker sees that your employee comes to Sip and Chill on a regular basis, they can capitalize on the opportunity by creating a fake Wi-Fi network and naming it something that makes it look like a legit public connection, such as “Sip and Chill Guest 1.” The hacker makes sure there’s no password required to connect to the network. Then they sit in a corner with a latte and wait.
When your employee comes in, they connect to the attacker’s network, thinking it’s a free perk courtesy of the coffee shop. This results in email logins and passwords, financial information, and anything else the remote worker shares falling into the attacker’s hands, giving them a distinct advantage. For example, they could use stolen login credentials to access a sensitive area of your network and launch ransomware they purchased from a RaaS provider.
Being Prepared and How to Stay Protected from a Cyber Attack
To avoid becoming a victim, it’s essential that you educate your employees, whether remote or on-site, on the steps to take to protect themselves and your organization from cyber attacks. Knowledge, after all, is power.
- Always use a virtual private network (VPN) and require employees to only connect through this portal
- Never click on suspicious links in an email
- Never divulge login information or personal data over an insecure internet connection, such as public or unprotected Wi-Fi
- Always verify the developers of an app and check customer reviews before downloading
- Never reuse your passwords
- Always update your devices and applications because these patches may fix vulnerabilities
- Never enter your username or password to any account while connected to a public network
- Always check the address of any site that asks you to enter your login credentials or any other personal information
The Future Is Bright for Those Who Are Prepared
Remember that hackers like to go after the easiest targets possible. Regardless of how prevalent ransomware and other forms of cyber attacks have become, you can avoid them by keeping a close eye on the sites you visit, never clicking anything suspicious, and advising people in your organization to do the same. In this way, you can build security resilience and bolster your defenses against both new and old tricks.