Submitted by James Slaby on 4 Apr 2019
This article from James R. Slaby, Acronis’ Director of Cyber Protection, originally appeared in Homeland Security Today on 3 Apr 2019.
In 1966, Robert F. Kennedy delivered a speech that cited an ancient Chinese curse: “May [you] live in interesting times”.He continued, “Like it or not, we live in interesting times. They are times of danger and uncertainty, but they are also the most creative of any time in the history of mankind.”
That measured perspective, simultaneously seeing the glass as half-empty and half-full, is a useful one to adopt when considering infrastructure vulnerabilities in 2019.
Wide array of threats
There has never been a more varied and frightening array of infrastructure attackers out there, from hostile nation-states to rogue terrorist groups to cybercriminals ranging in sophistication from highly-organized gangs of software adepts to hapless crooks with zero skills but access to malware-as-a-service tools. And that’s before you consider the disgruntled employees and contractors hatching dark plots in your midst.
The potential entry points into your systems are many, from zero-day exploits of unpatched OS vulnerabilities to infected USB devices to compromised tech supply chains, as in the recent hijacking of Asus’s software update utility to deliver malware to tens of thousands of laptops.
The most popular attack vector, however, remains the simplest: social engineering of unwary employees via carefully-crafted emails with poisoned attachments or links to malware drive-by download websites. Who needs to batter down the fortified portcullis when you can get an unwitting accomplice to let you in via the back gate?
The big two: ransomware and cryptojacking
The job of identifying the most pervasive threats isn’t hard: most tech vendor security research teams (like Verizon, Cisco and Symantec) have fingered ransomware and cryptojacking as the two giant malware flavors-of-the-moment, largely because both are still novel and effective enough to keep raking in profits for cyber thieves and hungry nation-states. Some tech seers have predicted the demise of ransomware, but recent victims of costly, high-profile attacks like Hexion and Momentive suggest that cyber gangsters are simply choosing larger targets that have more to lose from downtime and thus are quicker to pay up.
Meanwhile, the numbers on cryptojacking continue to soar. It’s a sneakier attack than stealing or locking up sensitive data. It merely tries to hijack your PC or server’s processing, memory, electricity and cooling resources in order to quietly mine cryptocurrency and then not share any of the resulting profits with you. Many victims attribute the resulting drop in computer performance to their aging hardware or the latest OS update, not even bothering to report it to IT, and malware engineers have gotten smarter about setting consumption thresholds at less-detectable levels.
The presence of cryptojacking on your system also likely betides the presence of other threats like ransomware or a credential-stealing Trojan; multi-warhead malware that only activates the weapon for which your system has the weakest defenses is increasingly common.
Education is a key to defense
So one high-ROI tactic in fighting these top-tier threats is educating users to be wary about phishing emails. Regular reminders to think twice before clicking on a link or attachment from an unknown user are a no-brainer. But it remains inevitable that one of your colleagues will fall for some wily phisher’s convincing-looking email, perhaps garnished with details lifted from the target’s social media accounts.
Over time, the prospect of a successful breach is an absolute inevitability, so your anti-malware defenses must be complemented with effective data protection and incident response strategies.
Preparing for the inevitable
In short: defend against the most obvious, pervasive and profitable malware threats, but assume that at some point one of them is going to pierce your armor, and be prepared to remediate accordingly. Some useful questions to ask:
As ever, the tech security arms race is an endless tactical back-and-forth, with the bad guys always having first-mover advantage. We may live in interesting (read: scary) times, but with a little focus on priorities, attention to security basics, and the deployment of emerging tech weapons like AI, it is possible to keep the danger and uncertainty of attacks on homeland infrastructure at bay.