Sophos lists hackers’ emerging behaviors, recommends solutions to mitigate attacks

Data is the new currency and organizations are advised to put at the top of priorities cybersecurity solutions to protect users’ personal details. Money is not the only thing that companies lose from a breach or hacking but also its reputation.

In the recent Sophos 2019 Threat Report, the security firm found out that cybercriminals are getting more and more sophisticated with their strategies and methods that the “traditional” anti-virus or endpoint solutions are often not enough. They have their uses but may not be able to withstand the types of attacks hackers devise these days.

An independent global research study commissioned by Sophos found that over three quarters or 77 percent of ransomware victims were actually running up-to-date endpoint security when they were attacked.

Emerging behaviors

The report also found out the emerging behaviors of cybercriminals.

Cybersecurity firms have become more responsive to the types of attacks that happened in the past and resulted in stricter solutions that are difficult to get past. These make hackers more patient in their methods and ditched the “spray and pray” style attacks that automatically distribute malicious software through emails and pray that someone or a number of people would fall for it. These days, they have resorted to premeditated and targeted ransomware attacks. These are more damaging than if delivered from a bot, as human attackers can find and stake out victims at sometimes a higher yield. They now possess a mindset that any roadblock in targeted attacks can be overcome to give that final push that wipes out back-ups and hold the victim’s information hostage.

Criminals are using organizations’ own resources such as the Advanced Persistent Threat (APT) techniques to advance through the system and complete their mission of stealing sensitive information off the server or deploy ransomware. Lateral distribution on corporate networks allows cybercriminals to quickly infect multiple machines, increasing payouts to the hacker and heavy costs to victims.

More platforms means more battlegrounds. Hackers unleash malware not only in enterprise servers but also on mobile and IoT. With illegal Android apps on the increase, 2018 has seen an increased focus on malware pushed to different devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks.

Multi-layered security

Sophos offers its own recommendations to mitigate, if not totally stop, attacks that may result in data breaches.

1. Implement multi-layered security. This will protect organizations from multiple frontlines. As attackers today become increasingly sophisticated, they use multiple techniques and points of entry to bypass defenses and evade detection. This drives the need for securing not just endpoints such as laptops, mobile devices, and workstations, but also organizations’ networks and firewalls.

While the time, cost and complexity of implementing additional layers of technology can be overwhelming, synchronized security simplifies things and enables defenses to work together as a system to be more coordinated than the attackers. In today’s world of constant and changing cyber-threats, having an endpoint and network products communicating with each other and sharing intelligence is more important than ever. It also eliminates the additional task of having to deal with multiple endpoint agents, multiple management consoles, and multiple security vendors.

2. Predictive protection is the future of IT security. It allows organizations to protect against the next unknown attack instead of waiting for it to arrive, changing the way IT operations in every organization can protect their users and assets. Security solutions with predictive protection powered by deep learning neural-network algorithms make smarter and more scalable detection than endpoint solutions that use traditional machine learning or signature-based detection alone.

3. Stay on top of patching, vulnerability scans, and penetration tests. Security experts estimate that 90 percent of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting.

4. Maintain good password discipline and use multi-factor authentication. Passwords are at the frontline of cybersecurity and can provide a formidable barrier to targeted attacks. Explore creating unique and complex passphrases or getting assistance from password managers. Fortify this barrier by making it a standard to enable multi-factor authentication.

5. Establish cybersecurity protocols with the team. Restrict RDP (remote desktop protocol) access to staff connecting over a VPN (virtual public network). RDP allows organizations to outsource their IT to remote system administrators. While it can be a helpful and cost-effective measure for organizations, it also has its own dangers. SamSam, a particularly sophisticated and destructive ransomware known for its ability to put entire organizations under siege, enters victims’ networks using exploits in internet-facing servers or by brute-forcing RDP passwords. This is why RDP needs to be highly secured. In case a crook has been able to sneak in through an open RDP, organizations can have another measure of protection if they have back-up files that are kept offline and offsite.

The past year proved to be challenging for chief information security officers as evidenced by high-profile data breaches that compromised millions of user data. Many people are hopeful that this year organizations will be able to see the bigger picture and why stringent cybersecurity solutions are no longer just an afterthought but already a part of an organization’s business model.

Image by Pete Linforth/Pixabay

Categories: News

Tagged as: , , ,