CrowdStrike, FireEye and IBM Security recently released their annual threat reports. These reports contain a wealth of information on recent trends in cybersecurity attacks and recommendations on the preventive measures companies can take to protect themselves. As attackers’ tactics, techniques and procedures continue to evolve, and as the attack surface of organizations continues to grow, it is increasingly important that companies stay up to date on these matters.
According to the reports’ authors, 2018 saw some notable changes in attackers’ focus and methodologies. They are increasingly “living off the land” by using common tools already existing on systems to achieve their goals. The use of scripting techniques, including PowerShell, command-line interface and similar techniques, has moved to the fore as a favored approach of attackers, reducing the efficacy of traditional methods of protection. Phishing attempts, including those involving business email compromise scams, and misconfigured systems, servers and cloud environments continue to present some of the largest risks of compromise to organizations. Indeed, based on a 2018 survey, one researcher concluded that misconfigurations represent the single biggest risk to cloud security. Attackers are also targeting suppliers and other third-party providers, broadening organizations’ potential exposure. Ransomware, while still popular, is being overtaken by mineware, or “cryptojacking,” as a vehicle for generating financial gain.
To reduce the risks posed by these developments, the authors recommended that organizations take the following actions, among others:
- continue user awareness training and test campaigns with updated phishing techniques to educate their workforces;
- enable multifactor authentication on O365;
- enable audit logging on O365;
- implement a robust privilege access management process, which will limit the damage that attackers can inflict if they do gain access to an organization’s systems and will limit the attackers’ ability to move laterally;
- check and monitor settings on cloud service architecture and not maintain default settings; and
- thoroughly vet third-party providers before they are engaged to ensure that they have robust security programs and continuously monitor them for compliance throughout the life of the business relationship.
Copies of the reports can be found here: