The current global pandemic has disrupted how organizations work. Some businesses quickly adapt while other organizations are still figuring out the new landscape. Unfortunately, criminals are exploiting vulnerabilities during this challenging time. There has been an 238% increase in cyberattacks attacks during the pandemic according to data presented in the VMware Carbon Black Modern Bank Heists 3.0 report.
Insider threats aren’t just about employees not practicing good cybersecurity hygiene or malicious ex-employees, which are all still legitimate concerns. Today, attackers are finding new methods to penetrate defenses and stay undetected. Criminals are also buying illegal access to corporate networks and, when discovered, are often launching counter-defensive attacks.
In this article, we’ll examine some evolving insider attack trends, challenges faced by security teams and share some best practices on how to fortify security.
Today, data is everywhere: on-premise, on mobile devices, in the cloud and in transit. With COVID-19 disrupting our lives, the current challenge is not only protecting that data in motion but the apps, networks, employees and partners that have moved beyond the traditional on-premise security perimeter. The cloud, working from home, system administration rights, traditional approaches to network security—all of these factors augment the obstacles of defending these attributes.
“The old security perimeter is in need of re-structuring and re-thinking,” explains Tom Kellermann, CISM, Head of Cybersecurity Strategy, VMware. “There are illegal marketplaces that are dedicated to providing insider access to high-profile corporate networks. All of this is compounded by the fact that the old security standard espoused perimeter defense, but because of cloud computing, teleworking, and new SaaS capabilities, all those defenses and approaches went out the window.”
Many enterprises, as well as SMBs, are taking digital transformation steps to stay relevant and competitive. However, without new approaches and solutions to security, organizations are left exposed.
“You need to treat insider threats like a home invasion,” says Kellermann.
Attackers are penetrating your network—often unbeknownst to you¾ then use your network as a launching pad to attack your constituents of customers, partners, and other parts of your organization. This is known as Island Hopping; in fact, approximately one-third of attacks today involve some form of Island Hopping, according to recent VMware Carbon Black research.
Imagine your network as your home, with a burglar sneaking in, staying undetected and then moving to different parts of the house, all without you knowing it.
“We’ve been seeing increased access mining activity across various malware families,” says Greg Foss, Senior Threat Researcher, VMware Carbon Black. “Criminals are harvesting data from compromised endpoints such as usernames and passwords, and posting this information for sale on the dark net, opening up access into corporate networks for anyone who chooses to purchase access.”
Recent trends in malware research has picked up on “modular” malware. Hackers will add functionalities to malware to extend its capabilities in addition to hiding key components of the malware’s capabilities while performing various post exploitation activities. Meanwhile, attackers will wait until the time is ideal for the attack and infiltration on the target network.
Foss also explains that access information is frequently sold on the digital black market and in criminal forums. And it’s a very lucrative market.
“In those forums, access to networks to high profile corporate target companies can fetch upwards of $50,000 USD,” adds Foss.
What happens when these “home invaders” on your network are found and set off alarms?
Some attackers will leave when discovered, but some use nefarious tactics to fight back. Examples of counter-defensive tactics include encrypted payloads, Trojan horses, or tactics that involve looking for other ways to avoid detection.
The number one goal for these attackers is to bypass all the security measures and remain in your compromised network. The network “home invasion” breach may still continue as these attackers hide in other rooms of your “house” (network).
“Treat your network as a hostile environment. Always assume the worst-case scenario; that you’ve been breached,” recommends Kellermann.
Use the following 6 best practices to combat these insider threats.
The cybersecurity battle is constantly changing and challenging. And with evolving threats, such as insider threats, it can seem a little daunting. However, the best practices and insights from our VMware Carbon Black security experts covered can help provide strategic and actionable insights to combat these advanced threats for our customers, partners and help push the entire security industry forward.
Looking for more insights?
Read Tom Kellermann’s article Modern Bank Heists’ Threat Report Finds Dramatic Increase in Cyberattacks Against Financial Institut....
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.