5 Key Takeaways from SonicWall’s 2021 Cyber Threat Report
The events of 2020 delivered the business imperative to move to flexible working environments. As a result, I have seen many businesses focus on the immediate practical issues of business survival and setting up their remote workforce but neglecting their cyber security.
Whilst understanding that business continuity has taken centre stage, it is important to keep front of mind that cyber threats are still here and rapidly growing.
In fact, while reading through SonicWall’s 2021 Cyber Threat Report, new vulnerabilities in Microsoft’s Exchange Email Server were announced to the public and the Australian Cyber Security Centre are reporting malicious hackers are using these vulnerabilities against Australian businesses.
So with that in mind, here are some of my key takeaways from SonicWall’s 2021 Cyber Threat Report and tips on securing your business.
5 Key takeaways from SonicWall’s Cyber Threat Report
1. “2020 ended with ransomware up a staggering 62% worldwide [compared to 2019]”
Ransomware continues to be a top of mind issue. Although ransomware attacks are always threatening, 2020 provided the challenge of skyrocketing cryptocurrency, specifically, Bitcoin making their life easier to get a payout. In case you’re not familiar with cryptocurrency, it’s effectively a decentralised, anonymous digital currency with no central authority or middlemen. Governments have lost control over the currency due to this decentralisation and therefore is an ideal candidate for ransomware attacks.
Although Bitcoin has been targeted by ransomware groups for years, its price explosion over 2020 has made it all the more appealing to hackers. As of March 2021, Bitcoin has risen in price by almost 800% from the same time last year to an all-time high of $69,426 (AUD).
How can I protect my business?
Unfortunately, there is no specific ransomware protection. However, applying general cyber security principles, such as robust anti-virus and advanced network intrusion prevention software can go a long way in preventing the intrusion and spread of ransomware.
In addition, off-site backups are a must. If set up properly, i.e. unconnected from your network, they are less likely to be accessed by ransomware and can be used to restore any potentially encrypted data.
2. 2020 recorded an “unprecedented 74% more never-before-seen malware variants”
This figure really worries me. Never-before-seen malware is always daunting and can have enormous consequences, so a large year-on-year increase is not a great sign.
Although the reason behind these new malware attacks may be attributed to advancement in technology and varying sources of digital media, ultimately it boils down to the simple fact that there is no perfect algorithm to detect all possible viruses, malware, etc. As such, antivirus software needs to use a number of other approaches to protect your devices from hackers. The simplest of these, and the one heavily relied upon by conventional antivirus software, is Signature Detection.
Signature Detection relies on antivirus software using a database of what viruses look like, their unique signature. Generating these signatures relies upon antivirus researchers studying the virus. However, in order to do this, they need to have the virus, which by definition means that it is not never-before-seen.
How can I protect my business?
New technologies such as Sonicwall's Advanced Threat Protection (ATP), Real-Time Threat Protection (RTP) and Intrusion Prevention Systems (IPS) have stepped in to provide protection for these never-before-seen viruses and malware. These systems utilise machine learning and advanced heuristics to scan for unexpected or suspicious behaviour and can detect viruses based on what they are doing (something that often remains constant across many viruses) rather than their unique signature.
3. Malicious Office Files make up approximately 1 in 4 malicious files
There is no software more ubiquitous and widely used than Microsoft Office. So it makes perfect sense that hackers will embed viruses and malware in Microsoft Office file types.
The sheer number of Microsoft Office files we encounter on a daily basis means it is easier for a malicious file to remain hidden amongst a sea of similar files and, to make matters worse, most users see Office files as intrinsically safer than executables such as .exe or scripts such as .bat.
Sending all sorts of Microsoft Office documents to colleagues and clients is a daily occurrence. Office files can be just as dangerous as executables and scripts. The difference is, while our email clients prevent us from sending and receiving executables and our operating systems warn us before opening them, realistically this doesn't happen for Office files.
How can I protect my business?
Unfortunately, as with ransomware, there is no specific remedy for countering malicious Office files. However, there are steps that can be taken to help mitigate the risks of compromised files.
A robust antivirus package that utilises Advanced Threat Protection and Real-time Threat Protection technologies.
Unless Office macros are widely utilised in your workplace, it’s best to disable them as they can provide an attack vector for hackers.
Mandating that all internal documents are shared via a service such as SharePoint or OneDrive can prevent hackers from sending infected documents through spoofed emails.
4. “The Importance of Supply Chain Integrity”
In December 2020 technical departments across the world were shocked to hear of the extensive SolarWinds supply-chain attack.
In case you aren’t familiar, SolarWinds produces IT and network monitoring software used by over 300,000 large companies and U.S. Government agencies. Due to the nature of this monitoring and management software, it is the perfect attack vector for hackers as it essentially has uncompromised access to business networks.
It was discovered that hackers targeted SolarWinds’ software via a supply chain attack. This essentially means that hackers obtained access to SolarWinds update servers and managed to distribute their malicious trojan alongside normal software updates. In other words, they broke into the supply chain and got the software itself to install their virus.
How can I protect my Business?
Once again there is no specific solution that we, as software users, can necessarily do to protect ourselves apart from utilising advanced and robust antivirus and intrusion-prevention systems.
However, by taking advantage of the fallout from the SolarWinds hack we can put pressure on our vendors to ensure that their networks are maintained to the highest possible standards because if our vendor’s network is compromised so is ours.
This brings us to the final takeaway.
5. “The necessity and real-world applicability of zero-trust networking principles.”
I might be slightly deviating here by counting this as a separate takeaway from supply-chain integrity. However, I think the importance and necessity of applying zero-trust networking principles mandate some special attention.
To understand why zero-trust networking is so important, we need to revisit the SolarWinds hack.
The SolarWinds supply-chain hack was disastrous, with the US Department of Homeland Security stating that SolarWinds products “pose an unacceptable risk”. To make matters worse, while the attack was discovered in December 2020, hackers likely entered SolarWinds’ network 9 months earlier in March allowing plenty of time to abuse their position. Incredibly SolarWinds wasn’t the first to identify the attack. Rather it was cybersecurity company FireEye who first noticed the attack after some of their security research applications were stolen. During their investigation, they discovered the SolarWinds breach. But it does not stop here. Through this hack and others, hackers gained access to the networks of tech giants such as Microsoft and then used Microsoft products to infect even more companies.
So, what does all of this have to with zero-trust networking principles?
It all comes down to how you can protect your business.
Zero-trust networking is exactly what it sounds like. Not trusting anyone, even those already in your network. Ultimately zero-trust relies upon the principles of access control and segmentation. No piece of software, user or device should have any more access than they need; only bare-minimum access.
Under zero-trust networking, any compromised account, infected computer or hacked software is limited in what it can do. Obviously, this is a simplistic statement, as there will always be a need for administrator access. However, by limiting which accounts have administrator access and where possible, limiting what the administrator access grants, we can significantly improve the safety of our networks.
A starting point when considering these concepts is to imagine that your house has no locks on any doors or windows. Instead, all you have is a large wall surrounding your house. This wall provides great security. However, as with everything, it is not impenetrable and, if someone gets in, they can freely move around your house. This is akin to more conventional network security, where all your defences are pointed outwards and if a hacker were to gain entry they can wreak havoc.
A zero-trust model utilises this same outer defence layer, the wall. However, it also utilises significant interior defences. Returning to the house analogy, imagine every single door was locked and every hallway monitored with cameras and motion detectors. In addition, you could only unlock rooms that you had a valid reason to be in, not just rooms that you want to be in.
This is zero-trust networking, locking down everything. Ultimately, it’s not realistic to assume that your network will never be compromised, because it will. It is not possible to predict or account for every unknown exploit or perfectly executed phishing email. So, we do the next best thing.
Cyber security and IT as a whole is a very complicated beast. If the recent attacks of 2020-21 have shown us anything, overlooking certain elements of your IT environment and implementing the wrong technical processes can have catastrophic effects on your business.
My takeaway from reading this report is that in our increasingly interconnected world and the ever-increasing presence of malicious forces, cyber security should be very high on the priority list for any business.
Given the technical complexities of securing your environment, the ever-changing technical landscape, emergence of new threats and security products constantly coming out, it’s probably best left to the professionals.
Kon Katsieris - Group Vendor Partnership Manager
As the Group Vendor Manager at the Netway Networks, Kon’s role is to understand the specific needs of Netway’s client base and deliver innovative solutions to ensure client satisfaction, business efficiency, and growth is achieved.
Kon has been working with the PNORS Technology Group for over 25 years and played a significant role in the growth of the company due to his passion for discovering and implementing emerging and innovative tech while taking pride in helping his clients grow their business through digital transformation.
Join our Mailing List today
Our IT insights are yours.
Join our mailing list today and receive free IT insights straight into your inbox.