The threat landscape is constantly shifting in cyber security, one must constantly be aware of the new and emerging vulnerabilities and attack vectors that bad actors are using. In this post we’ll cover our top 3 threats currently affecting industries. 

Identity theft

Identity theft keeps being a top threat because of how easy and lucrative these attacks can be. As usual people must be careful of what and where they share information; you should always validate an unusual request that is made with that person using a secured and verifiable channel (e.g. call them directly!); be wary of all types of phishing attacks as some can be very sophisticated and targeted to a very specific group or person.

Strong authentication using a multi-factor authentication (MFA) solution as suggested in NIST SP800-63-3 is great at reducing the impact of password theft and should always be part of a robust Identity and Access Management architecture.

Ransomware

This is a classic. However, lately crackers have changed tactics from infecting masses of people’s machines to focused attacks on big companies. For example, there was the CD Projekt Red ransom where their source code was allegedly sold for 1 to 7 million dollars ; the STM refused to pay a 2.8 millions dollars ransom to unlock all their servers; Colonial Pipeline paid a 4.4 million dollars ransom to restore their servers; and many others. These amounts are a far cry from the hundreds originally requested from the masses. Even if the ransom isn’t paid, the recovery and lost business costs add up tremendously.

Make sure your endpoints and servers are secured and patched, have a system for intrusion detection and train your end users to detect fraudulent emails (crackers entered CDPR’s system with an end user clicking a malicious link in an email).

Supply chain attacks

Supply chain attacks are usually associated with “physical stuff” like chips and firmware, but have you thought about your code supply chain? This is how the SolarWinds hack originated ; crackers were able to inject malicious code in their code development pipeline using custom-made malware to avoid detection. This malware made it to 18 000 of its customers, including the U.S. federal government and fortune 500 companies! 

Make sure your code access is secured, that endpoints are secured so that hackers don’t have a foothold in your network. In addition, never store secrets in code repositories, keep them in a secured vault like Hashicorp.

Stay safe out there!