Pandemic effect: Cyberattacks getting more destructive and targeted

By Jagdish Mahapatra

The year 2021 was unmistakably one of the toughest years for cybersecurity teams in many industries across the globe. In the face of disruption caused by Covid-19, adversaries sharpened their skills. They took advantage of an increase in endpoints as a result of remote working, and an expanded attack surface caused by an acceleration of digital transformation leading to unsecured technology stacks. The result was a series of high-profile attacks that rocked many organisations and, on their own, represented watershed moments in cybersecurity.

Such attacks meant organisations had to re-evaluate vetting processes for partners in order to defend supply chains and interconnected systems. Many were left reeling after adversaries exploited zero-day vulnerabilities and architectural restrictions in legacy IT systems. In addition, e-criminals refined their tactics, techniques and procedures (TTPs), leading to an increase in big game hunting (BGH) ransomware attacks.

The growth in BGH in 2021 was felt in nearly every region of the world, with nearly 2,600 incidents observed by CrowdStrike. Ransomware-related data leaks increased by 82% in 2021, with 2,686 attacks as of Dec 31, 2021, compared to 1,474 in 2020. The pressure on security teams was amplified even more at the end of the year when the Log4Shell vulnerability impacted pretty much every industry. Opportunistic e-criminals – affiliated to Doppel Spider and Wizard Spider – adopted Log4Shell as an attack vector to facilitate ransomware operations. Furthermore, state-nexus actors, including Nemesis Kitten (Iran) and Aquatic Panda (China), were affiliated with possible Log4Shell exploitation before 2021 end.

Understanding these incidents is essential to remain ahead of today’s risks. Enterprise risk is coalescing around three critical areas: endpoints and cloud workloads, identity and data, according to CrowdStrike’s Global Threat Report 2022. It also shows how state-sponsored adversaries exploited IT and cloud service providers; how they weaponised vulnerabilities to evade detection and get access to critical applications, as well as how threat actors intensified cyberattacks on important cloud infrastructure.

Threat actors continue to utilise stolen credentials to get around legacy antivirus and other outdated solutions and gain access to critical data. CrowdStrike Intelligence has observed that 62% of attacks comprise non-malware, hands-on-keyboard activity. As adversaries advance their tradecraft, organisations must adopt human threat hunting and threat intelligence since autonomous machine learning alone is not enough to thwart such attacks.

Organisations should unify a modern approach to security with a platform that delivers full Zero Trust protection. It’s critical to provide proactive security across the full cloud-native stack. To alleviate the burden of the constant cycle of patching, prioritising the vulnerabilities that create the most risk will be key. And for the most sophisticated attacks, it is critical to deliver powerful new extended detection and response (XDR) capabilities to help security teams deal with them.

It is evident that the adversary will not rest. Attacks are growing more destructive and more targeted. With all the lessons learnt from the past year, 2022 will be a year of adaptability for security leaders who cloud-native security solutions to reduce the threat level and risk to their organisations.

The writer is vice-president – Asia, CrowdStrike, an Austin, Texas-based cybersecurity firm