The digital threat landscape is constantly evolving. This year is an excellent (albeit extreme) example. With Dimensional Research, Tripwire discovered that 58% of IT security professionals were more concerned about securing their employees’ home networks than they were before the 2019 coronavirus outbreak (COVID-19). Slightly fewer respondents expressed concern about the increase in redeemable software, phishing and social engineering attacks, and secure remote system configurations by 45% and 41% respectively.
The security challenges of COVID-19 are not the only ones that organizations will face in the future. Through its managed security services, incident response, penetration testing and vulnerability management, IBM Security has determined that many digital threats will be known by 2019. The IBM 2020 X-Force Threat Intelligence Report highlights three threats: Exploitation technologies (OT), extortion and phishing.
Threat to landscape OT
According to data collected by IBM X-Force since 2018, digital attacks against Industrial Control Systems (ICS) and operational technologies have increased by more than 2000%. Many of these attacks involved exploiting known vulnerabilities in SCADA and ICS hardware components, as well as password-protecting attacks using brute force login techniques.
IBM X-Force 2020 threat report, p. 2. 5
IBM noted that these tactics highlight the digital security challenges that organizations face when trying to secure their EO environments:
X-Force IRIS security assessments conducted for our customers before 2019 revealed vulnerabilities in EO systems that often use outdated software and hardware. Maintaining production systems that can no longer be repaired and removing old vulnerabilities that have been publicly available for a long time means that even if EO systems do not connect to the Internet, non-repaired EO systems can easily be exploited. In the case of sideways movements, once the attacker has secured himself in the first position, these systems can be reached from the network and damaged by relatively simple means.
As a result, X-Force researchers predict that the number of attacks on EO/ICT targets will continue to increase in 2020 as attackers start to exploit more and more industrial goods.
In 2019, X-Force IRIS responded to ransom demands in 13 different industries, in 12 countries and on five continents. The researchers found that 19% of the attacks were related to ransom payments in the first half of 2019, which is more than 10% compared to the second half of 2018. The number of such attacks continued to increase throughout the rest of the year. The number of extortion incidents in the fourth quarter of 2019 was even 67% higher than in the previous quarter.
The IBM X-Force combines this growth with campaigns aimed at different types of organizations. In particular, the perpetrators had no problems with communities such as the city of Baltimore, the state of Louisiana and the government of Nunavut. These and other attacks prompted the American mayors to jointly decide that they would no longer respond to the attackers’ ransom demands.
Ransom operations use different attack vectors to hunt down their targets. No technology is more popular than the SMB (Windows Server Message Block) vulnerabilities. In about 80% of the ransom attempts, the attackers used this method to spread through the target networks.
Researchers at IBM X-Force have discovered that phishing is the most common attack vector used by attackers to gain initial access. This vector was responsible for 31% of the attacks discovered by X-Force IRIS in 2019. However, these results marked a decline in phishing attacks, as these campaigns accounted for almost half of all initial attempts to access the attacks IBM had analyzed a year earlier.
The X-Force team took a close look at this development and discovered that from 2019 the attackers used other methods of first access. The researchers found, for example, that 30% of the attackers are committed to using vulnerabilities as a means of gaining access. Some have developed zero-day attacks, but most attackers have relied on exploiting code for disclosed vulnerabilities, some of which have been around for years.
Some weaknesses distinguish themselves from others. In fact, the X-Force has found that two CVEs, namely 2017-0199 and 2017-11882, are responsible for 90% of the security vulnerabilities used by attackers in spam campaigns. (They have also reduced the use of other RCE errors in Microsoft Word to a ratio of about 5:1) There is no doubt that digital attackers have turned to these vulnerabilities, partly because they require minimal user interaction.
The use of stolen access data is not far behind in third place – 29% of all first access attempts. Sometimes the stolen information came from a third party website or a website that was not associated with a data breach. In other cases, malicious parties use this data for a phishing attack.
Digital security for leisure 2020
The trends identified by IBM above emphasize the need for organizations to strengthen their digital security position in light of the changing challenges they are likely to face in the remainder of 2020. One of the best ways to do this is to invest in basic safety. For example, by managing security configuration, logging, managing vulnerabilities and monitoring file integrity, they can provide comprehensive protection against the various digital threats that can be targeted at them during the year.
Find out how Tripwire solutions can prepare you for these and other security challenges.