How to Cope with Disruptive Shifts in Cyberattacks

No one can argue that 2020 wasn’t disruptive to almost everyone in the world. And businesses were no exception. To accommodate the need for social distancing, countless organizations had to reconfigure everything from their business models to their networks. The almost overnight shift to remote work meant everyone from employees, to students, to healthcare workers had to connect to their business networks from outside. Retailers scrambled to adapt as the pandemic altered how people patronized their businesses and even what they purchased. The ripple effects from these changes affected point of sale systems, supply chains, manufacturing, and everything in between.

Cybercriminals wasted no time in exploiting the disruptions caused by the pandemic. Within a few weeks, they took advantage of people’s fears with an array of increasingly malicious attacks. With attacks targeting both individuals and companies, security teams were working overtime to try to keep up while scams, and malware-as-a-service proliferated across the dark web. And then, after the move to remote work, home networks and unpatched devices offered even more targets for cybercriminals.

Defending Three Key Areas

Thanks to vaccines, it may feel like we’re seeing the light at the end of the pandemic tunnel, but cybercriminals haven’t let up. According to the recent FortiGuard Labs Global Threat Landscape Report from Fortinet, organizations should focus on defending three key areas.

1. Core networks. Attacks that target core networks have escalated since last spring. Even worse, in the last six months ransomware attacks have increased sevenfold. Sadly, this increase isn’t much of a surprise given that malware developers had recently begun selling ransomware-as-a-service on the dark web. Now, any enterprising cybercriminal who is willing to share a portion of their ransom profits with a malware developer can target and take down a corporate network and extort it for a large payoff.
2. Home offices. Cybercriminals continue to target home offices and mobile workers, and there has also been an increase in attacks on consumer IoT devices. Cybercriminals are targeting devices with weak security or ones that are old and haven’t been patched or updated. Those devices are also connected to home networks with little security in place. Adversaries then use those compromised devices and networks to connect to offices or schools.
3. Digital supply chains. Anyone in cybersecurity knows that inadequate patching and updating is behind most viral malware attacks. But when state-sponsored cybercriminals inject malware into a trusted digital supply chain using a software update, that concept is turned on its head. Organizations need to err on the side of caution when applying patches or updates or when installing new devices or applications. They need to assume that anything being added to the network is potentially malicious. IT teams need to take the time to scrutinize everything, even though it may add time-consuming steps to the process.

Addressing Evolving Threats

As everything becomes more interconnected and networks continue to expand, organizations also need to seriously consider new solutions designed to address the ever-evolving threat landscape.

• Integrated artificial intelligence (AI). To defend all of the network edges, organizations should consider integrated AI-driven platform technologies. When combined with consistent threat intelligence, these solutions can help identify and remediate threats in real time.
• Secure Access Service Edge (SASE). Secure access should be extended to all users with SASE. And by combining SASE with zero-trust access, security teams can make sure users and devices can access only the devices they should. Behavioral monitoring in edge control can also help identify and stop external attacks.
• Endpoint Detection and Response (EDR). Next generation EDR solutions can not only prevent most attacks but also detect and disrupt them should a device be breached. It can prevent a device from connecting to command-and-control servers or downloading or launching malware.
• Off-network backup. Critical data, applications, and other resources should be stored off the network to address the spike in ransomware. Organizations also should develop a robust plan for restoring systems quickly in the event of a breach.

Creating a Common Security Framework

Organizations are dealing with an unprecedented level of evolving threats from cybercriminals, targeting their networks from all sides—at the core, from home networks and remote workers, from new edge environments, and even through the digital supply chain. But effective countermeasures do exist. The best cybersecurity defense requires agility, so security teams, strategies, and solutions all need to be adaptable. They also need to be interconnected through a common security framework that works across their entire distributed network for centralized visibility, management, policy orchestration, and response. Coupling this unified framework with advanced technologies that are enhanced with AI can help close security gaps that arise whenever networks and users experience rapid changes.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio. Sign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet NSE Training program, Security Academy program, and Veteran program.