Exploitation in the time of COVID

SEC0521-Cyber_Feat-slide1_900px — *loops7 / E+ via Getty Images*

BlackBerry Limited released its 2021 BlackBerry Threat Report, detailing a sharp rise in cyberthreats facing organizations since the onset of COVID-19. The research shows a cybercrime industry which has not only adapted to new digital habits, but also become increasingly successful in finding and targeting vulnerable organizations. The research also highlights a dangerous new shift in the cybercrime world — a topic I raised in recent columns — one in which mercenaries and crimeware-as-a-service model have become increasingly accessible.

At the outset of the pandemic, countless organizations suddenly had to support a large proportion of their workforce remotely, with many forced to digitize various parts of their infrastructure overnight. This evolution and adoption of digital, evermore-mobile offerings has exposed companies to inadequate protections for employees and customers amongst an ever-growing and under-secured attack surface. This surface reflects, with increasing frequency, the convergence of cyber and physical threats and supports cybercriminals who increasingly target healthcare organizations, using the pandemic to trick already vulnerable populations.

Over the years, we have witnessed the cybersecurity industry become more complex as new technologies, devices and innovations emerge – and at no time was this truer than in 2020. Its complexities were compounded by various environmental forces from a global pandemic to those associated with the U.S. election. As the world becomes more interconnected and as new dimensions to cybercrime continue to rise, preparation will become a key factor in successful threat prevention in 2021.

Additionally, the report highlights a burgeoning crimeware-as-a-service business model as well as the increasing sophistication and collaboration of these hacker-for-hire groups. Not only was the ransomware-as-a-service model highly successful – especially as more non-digital natives transacted online – but the additional research into threat actors, such as BAHAMUT and CostaRicto, shows that these groups possess the tools once thought solely the domain of nation-state attackers. This presents a new danger for companies, one where attacks can be more frequent, skillful, and targeted.

Here are some of the key findings from the 2021 Annual Threat Report:

Ransomware attacks shifted from performing indiscriminate targeting to conducting highly focused campaigns deployed via compromised MSSPs.
Elections remained vulnerable to cyberattacks through unsecured mobile technology, insufficient DMARC email protection, and over-exposure of personal information on social media.
Global automakers faced new regulations to protect connected vehicles from cyberattacks and data theft.
Numerous phishing campaigns targeted critical infrastructure systems across manufacturing, healthcare, energy services, and food supply sectors.
Mercenary threat groups experienced a year of growth as unscrupulous actors and organizations outsourced their cyberattacks.
Ransomware-as-a-service offerings grew in popularity, replacing traditional off-the-shelf ransomware with ready-made exploit kits, malspam campaigns and threat emulation software.
Newer APT groups like CostaRicto targeted disparate victims worldwide with their customized backdoors and tooling.
Emotet, the banking trojan turned attack platform, received new upgrades and capabilities, including a flaw that allowed BlackBerry researchers to easily identify and prevent it from installing on systems.

As both public and private organizations work to meet cyber espionage groups at ground zero, the foundation for robust security practices are now being bolstered by the strength of AI-supported machine learning solutions. Supporting around-the-clock monitoring and other time-tested security fundamentals, the robust engagement of insider threat detection via such tools can make the difference between a data breach and a successful cyber defense.

John McClurg served as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?