Cyber Defense eMagazine August 2020 Edition
Cyber Defense eMagazine August Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine August Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
that 60-day threshold has begun to pass. Attackers who have been biding their time may soon be ready<br />
to strike.<br />
Today’s ransomware attackers don’t operate like they used to. While older ransomware attacks tended<br />
to be “smash and grab” operations stealing and encrypting any data they could, human-operated<br />
Ransomware 2.0 involves attackers spreading throughout the network to identify and target the most<br />
valuable information for the highest financial gain. For the largest possible payout, attackers want to take<br />
down a whole organization, not just one machine. Quickly spreading throughout the network to establish<br />
a stronger foothold is the smartest move, and given that the average ransomware payout was over<br />
$111,000 in Q1 <strong>2020</strong> (up 33% from the previous quarter), the strategy appears to be working.<br />
The COVID-19 Lockdown Has Created New Opportunities<br />
The extensive remote work necessitated by COVID-19 has, unfortunately, exacerbated the issue. Most<br />
businesses simply were not prepared for this volume of employees working from home, and the sudden<br />
onset of the crisis meant that they had to make security compromises in the spirit of achieving service<br />
availability. Naturally, both technology-based and human-based security issues have arisen as a result.<br />
Network endpoints are more exposed, as employees access the network from the outside rather than<br />
from within. Employees are pulling data out of the company that may never have been off-premises<br />
before, creating opportunities for attackers to target less secure machines. Similarly, attackers are<br />
entering the network via split-tunneling VPNs, which separates personal employee traffic from company<br />
networks but doesn’t have all the traditional security controls needed to protect the remote systems from<br />
attacks. Multi-factor authentication can help verify identity as employees work remotely, but some<br />
organizations still do not mandate its use, and it is not always effective against targeted attacks.<br />
Phishing and other scams have also noticeably increased during the lockdown, preying on employees<br />
that are distracted or flustered by the sudden shift in routine, underscoring the fact that organizations<br />
have less control over employees working remotely. The number of BYOD devices (laptops, routers,<br />
access points, etc.) on the network has increased, and it is harder to verify that employees are doing<br />
things like installing security updates promptly, creating potential vulnerabilities. Even employee turnover<br />
can create openings for attackers, as it can be harder to verify the full removal of stored credentials and<br />
other attack paths from all applications and systems. Given that misused or stolen credentials continue<br />
to be at the center of countless breaches, this poses a significant threat.<br />
There are tools designed to help protect against these new threats, but they require effective security<br />
controls at multiple levels of the network. Traditional Endpoint Protection Platforms (EPPs) and Endpoint<br />
Detection and Response (EDR) tools try to stop attacks at the initial compromise of the system. Still,<br />
given the potential new vulnerabilities created by extensive remote work, attackers may have an easier<br />
time bypassing those tools during the current crisis, highlighting the importance of overlapping security<br />
controls and building in a safety net to boost detection capabilities.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>August</strong> <strong>2020</strong> <strong>Edition</strong> 31<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.