Gleaned from a study of 100,000 ransomware attacks in 2020, these frequently- recommended insights bear repeating here.

One of the most frequent and lucrative cyberattacks—which typically begins with a successful phishing scam—is ransomware.

Anecdotes about outrageous cyberattacks can be found everywhere. But to systematically get behind them and formulate recommendations for securing private data, Keysight Technology’s Application and Threat Intelligence Research Center (ATI), examined the most critical areas of concern to network security.

In addition to drawing on its own in-depth experience with network security testing and cloud visibility, ATI’s research included international databases of exploits, the Dark Web, security news alerts, crowdsourcing, social media feeds, and honeypots strategically placed worldwide to lure in and learn more about cybercriminals. 

In 2020, ATI noted that phishing attacks (often the precursor to devastating network incursions) had increased by 62% in just one year. Social engineering attacks linked to the pandemic were prominent among them, particularly in the spring of 2020. Healthcare facilities, which frequently lack the high levels of security found in the financial and defense industries, were major targets, but made worse by adding the particularly cruel twist of holding information hostage which can be essential to vulnerable patients’ survival. 

And while attacks promulgated through a company’s supply chain had been taking place for some time, the nesting of malware into the code of trusted software suppliers like SolarWinds, was a new and ominous development.

Strategic insights

What takeaway lessons were ATI able to glean from those attack patterns?

  1. People need to recognize social engineering scams and avoid them. Bad actors target personally identifiable information (PII) that they can use to propagate future attacks, particularly from PII-rich healthcare and government sources. Periodic updates to staff on phishing tactics can help to keep awareness of deception high.
  2. Business models and social engineering scams used by attackers to hold the victim’s data hostage for ransom, continue to mutate, and so does the malicious software itself. Therefore, it is critical to keep enterprise threat detection systems up to date with the most recent fraud signatures and behavior patterns. Since ransomware builders are getting better at avoiding detection, network security teams need to be kept apprised of evolving exploitation methods.  But industry best practices are not always perfect; as the SolarWinds hack taught us. If the source has been compromised, there is even risk in keeping your system’s software up to date.
  3. Every organization uses external vendors, including those that provide materials that go into building a product, business software the organization uses on its networks, or supplies that keep the company’s facility running smoothly. But third parties in an organization’s supply chain are also frequently used as conduits into its core business files. Network security, as a result, needs to consider not only the risks inherent in their own system, but also the risks associated with every vendor, consultant, partner, or customer that touches the organization’s IT.
  4. Be frugal in extending trust when it comes to granting access to your network. The zero-trust model, which is growing in acceptance, considers trust to be a vulnerability, not an asset. Once access to your network in granted, anyone—including malicious actors—is free to retrieve and remove any data they have access to. And the initial point of an attacker’s infiltration is frequently different, and often less well defended, than the attacker’s primary target. Our recommendation is to implement a zero-trust protocol and to limit qualified users to just those resources they absolutely need.

Finally, it is a good idea to assume that your network has already been breached, even if no overtly malicious messages have surfaced. To know what anomalies may be hiding in the network—whether they are on-premises, in a cloud platform, or with a remote user—you need to see what is going on with those resources. 

Investing in cybersecurity solutions that provide continuous visibility into your organization’s network—allowing your IT teams to spot potential mischief and respond before it becomes a disaster—is money well spent.