Cybersecurity threats, malware and ransomware are clear and present danger threats to American businesses and way of life.
This week, Americans wake-up to dire warnings from the federal government in Washington to growing cyber threats and malware from Russia. The federal government warns American citizens, organizations and businesses to enhance their cyber vigilance and security in preparation of cyber attacks originating from Russia targeting critical information and infrastructure.
The latest cybersecurity threats are taking advantage of pandemic induced work-from-home environments, remote access tools, and new cloud services. According to CISA, these evolving cybersecurity threats include:
- Malware — malicious software variants—such as worms, viruses, Trojans, and spyware—that provide unauthorized access or cause damage to a computer. Malware attacks are increasingly “fileless” and designed to get around familiar detection methods, such as antivirus tools, that scan for malicious file attachments.
- Ransomware — a type of malware that locks down files, data or systems, and threatens to erase or destroy the data – or make private or sensitive data to the public – unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to breach than organizations and under pressure to pay ransoms in order to restore applications and web sites on which citizens rely.
- Phishing / social engineering — a form of social engineering that tricks users into providing their own sensitive information. In phishing scams, emails or text messages appear to be from a known individual or legitimate company asking for sensitive information, such as credit card data or login information. The FBI has noted about a surge in pandemic-related phishing, tied to the growth of remote work.
- Insider threats — Current or former employees, business partners, contractors, or anyone who has had access to systems or networks in the past can be considered an insider threat if they abuse their access permissions. Insider threats can be invisible to traditional security solutions like firewalls and intrusion detection systems, which focus on external threats.
- Distributed denial-of-service (DDoS) attacks — attempts to crash a server, website or network by overloading it with traffic, usually from multiple coordinated systems. DDoS attacks overwhelm enterprise networks via the simple network management protocol (SNMP), used for modems, printers, switches, routers, and servers.
- Advanced persistent threats (APTs) — an intruder or group of intruders infiltrate a system and remain undetected for an extended period. The intruder leaves networks and systems intact so that the intruder can spy on business activity and steal sensitive data while avoiding the activation of defensive countermeasures. The recent Solar Winds breach of United States government systems is an example of an APT.
- Man-in-the-middle attacks — an eavesdropping attack, where a cybercriminal intercepts and relays messages between two parties in order to steal data. For example, on an unsecure Wi-Fi network, an attacker can intercept data being passed between guest’s device and the network.
A majority of Americans have moved their financial and daily lives online, and thus are more susceptible than ever to of cyber crime, malware and ransomware attacks.
As you might image, today’s world is more interconnected than ever before. Yet, for all its advantages, increased connectivity brings increased risk of theft, fraud, and abuse.
As Americans become more reliant on modern technology, we also become more vulnerable to cyberattacks and cybercrimes.
Every organization—large and small—must be prepared to respond to cybercrime and disruptive cyber incidents, explains the Cybersecurity and Infrastructure Security Agency (CISA). CISA leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.
CISA recommends all individuals and organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets, like a “zero trust strategy”.
A zero trust strategy assumes compromise and sets up controls to validate every user, device and connection into the business for authenticity and purpose. To be successful executing a zero trust strategy, organizations need a way to combine security information in order to generate the context (device security, location, etc.) that informs and enforces validation controls.
References: