Hack Your 2023 Security Strategy
STORY INLINE POST
With 2023 right around the corner, it’s a good opportunity to look back at this year’s most notorious cyberthreats and learn from them, as they could set the trends to look out for in the coming months. Please do not worry if you are not a cybersecurity professional, I promise not to go Christopher Nolan on you and keep things simple, so everyone can pick something up from this article and hopefully be better prepared.
Even though security incidents have been a reality for a long time, the post-pandemic era has experienced relentless activity from malicious actors; ranging from politically motivated nation-state threat groups to organized crime, actively looking to monetize and scale their business. Together with a growing digital economy and a hyperconnected world, we are witnessing daily headlines where organizations pay the toll to cyberthreats and face public scrutiny. Even if we, as individuals, think that the highest risk lies solely on large organizations, think twice because, most likely, you or your data have been involved and impacted in some way (cough, cough, Guacamayaleaks). So, without further ado, let’s go over this Gulag called 2022.
Ransomware
To kick things off, we will go over one of the most prolific threats of our time, generating multibillions of dollars in damage costs, introducing the “he who must not be named” of cyber: ransomware. As a general definition, ransomware is a form of malware designed to encrypt data, rendering any files and the systems that rely on them unusable (CISA, 2022). Attackers will demand ransom in exchange for the decryption key, per a standard extortion procedure, so the popularity of this threat is its ability to monetize malware efficiently and favor growth of professionalized ransomware groups.
The global cost of ransomware will continue to increase dramatically in the upcoming years.
To face this, many organizations have prepared themselves with backup solutions and antimalware software. However, in this past year, we have seen criminals getting creative through triple extortion campaigns, where attackers encrypt your data, threaten to expose it to the public and apply additional pressure by executing DDoS (distributed denial of service) attacks that take your online services down. Therefore, being able to recover encrypted data is no longer enough and we must face the ransomware challenge through a holistic approach.
Stormous group asking their followers to choose the next victim of their triple-extortion attacks.
If we have learned something from ransomware gangs this year it is that they must not be underestimated, as many of them are highly coordinated and will continue to look at new ways to keep you at the negotiation table. How can you face such a diverse and sophisticated threat? Unfortunately, there is no silver bullet or technology that solves the challenge; nonetheless, a purposeful security strategy that combines user awareness, data protection policies, threat intelligence, and automated detection and response may help drive risk down and keep you out of unfavorable headlines. I would recommend looking into a unified security platform approach and XDR solutions.
Cloud Security Threats
The good news is that organizations accelerated cloud adoption during the COVID lockdown, capitalizing on consumer inclination to digital channels and profiting from benefits like scalability and agility. The bad news is that cloud initiatives rarely consider security best practices, exposing operations to new vulnerabilities.
During 2022, we witnessed many data breaches in both SMB and large enterprises (think Microsoft big) caused by cloud security misconfigurations. So, it comes as no surprise that through 2025, 99 percent of cloud security failures are expected to be the customer's fault (Gartner, 2019). When discussing this with IT and security teams, we feel their frustration due to the reduced visibility and control over assets in the cloud. For example, self-service provisioning features make it easy for anyone in the organization to deploy new resources in the cloud without the security team’s consent, giving an extra advantage to hackers actively scanning unsecured infrastructure.
How can we increase our cloud security posture?
Firstly, you cannot protect what you cannot see, so visibility is key. Look out for security solutions that help you discover unsanctioned cloud services, misconfigurations, compliance violations and publicly exposed assets through cross-cloud environments.
Secondly, bear in mind that limited centralized control in a fast-paced changing environment will not scale (think of one security guard attempting to supervise all Super Bowl attendees coming into the stadium). Organizations must not limit themselves to CSP default security controls; instead, they should develop a cloud architecture strategy with design principles aligned to their specific security governance and business KPIs. Establishing a top-down approach makes everyone accountable for cloud adoption and its associated risks.
Finally, identity and access control are fundamental in preventing sensitive data exposure in the cloud. Since most breaches originate from compromised accounts, identity management, multifactor identification and permission-hardening solutions are ideal to enforce the principle of least privilege and reduce the attack surface.
Radware identifies excessive permissions through its cloud security services.
DDoS Attacks
Denial of service has been around for a long time and this year, we have seen it emerge as the digital weapon of choice for hackers motivated by activism or what is popularly known as “hacktivism.” Early this year, when the Russia-Ukraine conflict began, a series of DDoS attacks began to disrupt critical infrastructure and public services in the Ukraine, demonstrating that cyberwar is a reality. Since then, hacktivists have taken sides and while pro-Ukrainian groups like Anonymous have successfully disrupted Russian operations, pro-Russian groups like Killnet have been going after NATO members and private organizations that support Ukraine, including France, Italy, Germany, Norway, Japan, and the US.
What’s most alarming is that DDoS attacks have significantly grown in volume, normalizing Tbps traffic, and have also become more dynamic, as seen in the rise of Bad Bot traffic disrupting online services, and pose a serious threat to free speech and democracy, like we saw in the attacks targeting the Philippines general elections and US midterms.
Radware Emergency Response Team analysis of DDoS attack trends, 2022.
What can we learn from this and employ in our 2023 strategy? Top of mind should be resilience, considering the main goal of the attack is to disrupt or take down your operations. The concept of operational resilience can be condensed into how reliable your security controls are, what is your risk appetite and how fast you can detect and respond to cyberattacks. Your logic rock should point you toward proactive and automatic security processes that allow you to respond effectively in seconds. I would personally recommend behavior-based, battle-tested solutions that have proven to detect DDoS attacks on any scale and can automatically generate mitigation policies without human intervention. Threat intelligence feeds are also a good idea to know the attackers and be better prepared for them. Bottom line: in today’s operations, every second counts and makes the difference for end-user experience in modern online services.
Hopefully, this article will help raise awareness and provide useful information for anyone looking to be better prepared for whatever next year’s threat landscape has waiting for us. In any case, let us all continue to collaborate through past experiences, innovation, and best practices to empower our security community. This is the way!