Cybersecurity

IoT, cryptocurrency may spur more attacks in 2022 — Palo Alto Networks

Over the past year, the Asia Pacific (APAC) region has seen an increase in ransomware attacks. The 2021 Unit 42 Ransomware Threat Report of cybersecurity solutions firm Palo Alto Networks revealed that the average ransom paid by an organization in the first half of 2021 was $570,000 or an 82% increase from the year before. This is just one of the predictions the company revealed during a media briefing.

According to the Palo Alto Networks security researchers, due to the rising value of cryptocurrency and anonymity in ransomware payments, cybercriminals will have more funds and resources to launch bigger attacks on critical infrastructure. Beyond monetary loss for businesses, the systems, and services that entire populations depend on could be crippled.

“We can also expect cybercriminals to take data exploitation to the next level with ‘shameware” attacks, or double extortion in ransomware campaigns, to inflict lasting reputational damage on targets who do not accede to their ransom demands,” Palo Alto Networks said in a media release. “We will also see quadruple extortion tactics rising to the forefront, as threat attackers add pressure points to coerce their victims into paying up.”

Palo Alto Networks updates Prisma Access solution for remote workers
Palo Alto Networks discovers malicious scans on Microsoft Exchange 5 minutes after disclosure

IoT

As the world enters the era of Web 3.0, interaction with smart devices that have intuitive and sensory triggers such as geolocation, computer vision, and biometric or commands may go mainstream.

“The ubiquity of IoT devices in our everyday lives has further blurred the lines between our physical and online worlds,” the cybersecurity company said. “Web 3.0 will make data breaches and other cyberattacks a lot more impactful, as these attacks are on cars, buildings, and physical lives and could lead to far-reaching consequences in the real world.”

With the hyper-connectedness of networks today, organizations will also need an ironclad strategy that offers complete visibility of all devices connected to their networks. AI is a powerful tool that can help to accurately profile, correlate, and contextualize every digital entity. The combination of these capabilities will help organizations validate, authenticate, and apply threat prevention technologies across their entire infrastructure.

Digital banking

Greater reliance on digital services presents more opportunities for cybercriminals to carry out identity theft, fraud, and unauthorized data collection

While digital banking brings greater convenience and accessibility, it is not without potential risks. Especially with the rise of open banking and solid fintech growth in the region, poor programming done at the API level can have serious repercussions as they are the glue that holds most digital apps and software together. New services like Buy Now Pay Later are no exception.

Any security misconfigurations in APIs could be exploited as an entryway for cybercriminals to gain access to personal data, manipulate a transaction, or shut down a key service. Such data is of great value to attackers, who can not only sell the information on the dark web but can also use it to carry out spear-phishing, account takeover attacks, or business email system compromise.

“Financial institutions can build customer trust and enhance anti-fraud measures by including customer education as part of their security strategy,” Palo Alto Networks said. “Special care should be given to groups like the elderly, who may be more susceptible to fraud as new users of digital banking platforms. “

On the backend, financial institutions need to integrate security into all stages of the software delivery process and ensure that they have visibility on their entire API ecosystem. This approach, also known as DevSecOps or “shift left” security, ensures that software is tested for security problems before it goes public, allowing IT teams to plan for any security issues that might appear after deployment.

Hybrid work

Attacks on unsecured home networks will persist as hybrid work will continue for a few years more if not permanently.

“As remote work becomes a critical long-term strategy for most organizations, they need to extend their corporate networks and bring unified security policy management to their work-from-home employees,” the company said. This should include the deployment of new integrated solutions like secure access service edge (SASE) that combine security, networking, and digital experience management. The best of SASE solutions brings about not just security but also operational efficiency. Organizations can enjoy operational efficiency as SASE centralizes the security of remote sites and users to the cloud where it can be managed holistically.”

Zero Trust

A Zero Trust mindset will also have to become an important part of this new security paradigm where organizations will need to “trust nothing and validate everything.” It will be essential to continuously validate every stage of a digital interaction across multiple locations to give organizations the peace of mind and assurance they need in today’s digital workforce.

“We can also expect a lot more harmonization, or application rationalization, around the all-remote-access technologies that people use, such as VPNs, which can be complex to work out,” said Palo Alto Networks. “With a home environment, there will be more expectations from both organizations and employees for remote work solutions to be simple to both deploy and manage. “