Malicious hackers are taking cybercrime to the next level by exploiting ever more sophisticated toolsets and deploying quickly developing tactics to escape antivirus systems. We’ll go through the most significant cybersecurity threats that enterprises will encounter in 2022 and provide tips on lowering your organization’s exposure to them in this blog.
We have a lot of territories to cover, so let’s get started.
Mass Vulnerability Abuse and Zero-Day Exploits
Hackers are using holes in regularly used software to compromise endpoints throughout the globe. Today, digital information and apps are crucial for practically every element of corporate operations. There were an average of 110 SaaS applications in use by businesses in 2021. If hackers identify a weakness in your company software or SaaS applications, you may be attacked with a zero-day exploit or mass vulnerability assault.
How will thieves utilize these vulnerabilities? Zero-day exploits and widespread vulnerabilities may be used to penetrate your environment and install malware, steal data, move laterally to increase their scope of control, and run commands.
Mass vulnerability exploitation was widespread in 2021 and is likely to continue in 2022 because of increased code libraries and software complexity. Hackers have targeted Microsoft Exchange, Atlassian Confluence, Windows 10, and the Log4j package in recent years, among other popular programs that have been targeted for compromise. Let’s look at the Log4j attack, which is less well-known than the more well-known Exchange and Windows 10 flaws.
As a component of the widely used Apache Log4j Java-based logging library, the Log4j vulnerability has the potential to affect numerous companies. This code is used by a large number of software and SaaS developers. Organizations like SAP and Apple had to hustle to swiftly patch their internal software and provide fixes for their products to solve vulnerabilities. Over the first several days after the vulnerability’s discovery, Checkpoint discovered over 60 variants of the Log4Shell attack and over 1.8 million exploit attempts. Clearly, mass exploits will continue to be one of the most significant challenges to cybersecurity in 2022.
What can you do to minimize your chances of being targeted?
Request a Software Bill of Materials from your software providers. What is the definition of a Software Bill of Materials (SBOM), and how does it differ from a traditional bill of materials? An overview of all development tools and codebases, including open-source software, dependencies and packages, vendor agents and SDKs, and more used in a software application. In the case of a significant attack like Log4j, having this information will allow you to react more swiftly. Biden’s administration produced a 2021 Executive Order that mandates federal agencies to get SBOMs from contractors due to the Colonial Pipeline assault. We anticipate an increase in SBOM requests in 2022, thus making this a condition for your new suppliers.
Keep abreast with cybersecurity developments by subscribing to threat intelligence services. When a large-scale attack is announced, you must respond quickly. Many corporations and organizations keep a list of cybersecurity alerts or provide this information via their newsletters.
More robust rules for managing software patching. 42 percent of those who had their security compromised said it was because of an unpatched vulnerability for which a patch was available but had not been implemented, according to a Ponemon Institute poll. Most firms have a patch management strategy that asks for monthly or bi-weekly patching intervals. However, when a serious vulnerability is disclosed, hackers may aggressively attempt to attack your server within hours or days rather than weeks. Patch management rules and processes must be updated to fix major vulnerabilities more quickly and thoroughly. Numerous businesses mistakenly believe their software has been fixed, only to learn that the fix failed. Patch management systems, such as Microsoft WSUS or a commercial one should be used, and fixes should constantly be verified.
Monitor and log more often. Turn on logging and specify suitable retention times for log files.
A proactive approach to spotting potential threats. When a zero-day exploit or widespread vulnerability is revealed, this is one of the first things that CISA recommends. Hunting for signs of odd behavior might help you discover whether an intruder is hiding nearby. Because many zero-day vulnerabilities can evade antivirus, you should implement a threat hunting application or tools.
Request a risk assessment. As a part of your cybersecurity risk assessment, you’ll need to identify the assets you need to safeguard (such as vital systems) and the risks they face. In the next step, your vulnerabilities and threats are analyzed to determine the probability and possible effect of an exploit, considering any current security measures that may mitigate or lessen the overall likelihood of an attack.
Cross-cloud compromise
In an effort to take advantage of the growing number of cloud-based applications, cybercriminals are turning their attention to cross-cloud breach, which involves gaining access to one cloud service and spreading it to others. Cross-cloud compromise is something you’ve never heard of? Let’s look at a recent example to see what I mean. A phishing attempt on a finance clerk was the starting point of one recent incident. There was no need for multi-factor authentication, which meant that this was an easy way for criminals to access accounts belonging to high-ranking employees. Payroll vendor information was found by scouring the clerk’s emails. Only then did the thief type the clerk’s email password to connect to the company’s payroll cloud platform (the clerk had used the same password for various accounts). Direct payments from various workers were sent into a bank account belonging to the criminal, emptied, and closed following the next pay period.
What can you do to protect your company against a cross-cloud breach?
In order to ensure that you are the only one accessing your account, you should use multi-factor authentication (MFA). This is one of the easiest ways for a company to decrease risk in several areas. For the most part, an MFA program requires two of the following three things:
- A username or password that you are familiar with
- You have a physical token or an app that authenticates your identity.
- Your fingerprints or retinal scans – for example.
One of these elements, such as a password, is likely to be all an attacker has. It’s easy to prevent hackers from your account by adding the MFA step. Set up multi-factor authentication (MFA) on all your online accounts and devices. Alternatives to static secrets that are more secure should also be considered. Various identification methods, such as the Yubikey hardware fob, biometric fingerprint, or face recognition authentication, are increasingly widely used by businesses. Any MFA is better than no MFA, so long as it’s an MFA.
A password manager should be used. An individual’s brain has a limited memory capacity. It’s important to have a password manager that proposes and securely saves each password in an encrypted vault; this assures that your team members won’t need to re-use passwords. The proposed passwords are typically stronger than what most individuals produce. When choosing a password manager for your company, ensure it has multi-factor authentication (MFA) and teach your staff how to safeguard their vault with a strong master password.
Everyone in your company should get regular cybersecurity training. Phishing was the fundamental cause of the breach in the cross-cloud assault described above. Human mistake is the most typical cause of a data leak. The Verizon Data Breach Investigations Report (VDBIR) reported that social engineering and phishing were responsible for more than 80% of all successful assaults.’ Every employee in your company should get general cybersecurity training, specialized training for IT teams in breach response, and executive training in cybersecurity risk. Your staff should get regular cybersecurity tips and articles or quarterly training, but you should get started as soon as possible, regardless of how much money you have to spend. In fact, you can get started right away with free phishing prevention, password security, and remote work safety advice sheets you can send to your staff.
If you observe any unusual behavior, consider a full password reset, which includes the user’s email address, as promptly as possible. Many IT teams mistake merely changing the password for a single cloud account when confronted with this sort of breach. Often, attackers begin by hacking email or a local system and then move to the cloud. Any new passwords you create for your employee’s email account will be immediately overwritten if the thief is still hiding there. If in doubt, reset the victim’s email password and any other linked passwords.