Leveraging At-Home Technology as a Gateway to the Enterprise
An unforeseeable shift in network structures and attack strategies was dropped on the cybersecurity industry in 2020. As the COVID-19 pandemic continues to take its toll on organizations and individuals in Latin America and the Caribbean, we are now dealing with a threat landscape that’s become more intense, complex, and saturated than ever before.
During the pandemic, there has been an exponential rise and a reliance on home networks and consumer grade devices, such as home routers and modems – something which cyber criminals were quick to take notice of. For attackers, this shift has presented a unique opportunity to exploit these devices and gain a foothold in enterprise.
Recent phishing tactics are far more sophisticated and have evolved to target the weak links found at the edges of business networks. The majority of these phishing attacks contain malicious payloads – including ransomware, viruses, and remote access trojans (RATs) designed to provide criminals with remote access to endpoint systems, enabling them to perform remote desktop protocol (RDP) exploits.
Ransomware Attacks Becoming More Sophisticated
Ransomware attacks have always been a significant concern for businesses. But over the past several months they’ve become more prevalent and costlier – both in terms of downtime and damages. Ransomware has been discovered hidden in messages, attachments, and documents related to COVID-19. Moreover, these threats continue to grow more sophisticated.
Regardless of the state of the world around us, the best way to protect against ever-evolving malicious activity is to take a comprehensive, integrated approach to cybersecurity. A vital component of this is continuous access to up-to-date threat intelligence and cybersecurity training.
Exploit Attempts Landscape
Again in the third quarter of 2020, DoublePulsar was the threat with most attempts in Latin America and the Caribbean. DoublePulsar, the backdoor used by the WannaCry ransomware, is still a mechanism for distributing malware in the region. Considering it takes advantage of already resolved vulnerabilities, its continuous use evidences the vast software footprint without updates in Latin America, affecting companies and individuals alike. DoublePulsar is mainly targeted to banks and financial service companies.
In addition, brute-force attacks continue to be very active in the region, 6 out of top 10 exploit threats were a type of
brute-force attack. With the massive transition to the home office, cybercriminals find a significant number of misconfigured Remote Desktop Protocol (RDP) servers, leading to more such attacks.
The growth of remote work has rekindled the interest of cybercriminals in brute force attacks, which are repeated and systematic attempts to guess a credential by sending different usernames and passwords to try to access a system. Brute-force attacks are commonly used to decrypt encryption algorithms or get weak passwords, email passwords, social network credentials, Wi-Fi access, etc.
As threats evolve and being more sophisticated, security teams must ensure they have access to real-time threat intelligence in order to stay up-to-date with the latest attack trends and methods. That effective cybersecurity requires constant vigilance and the ability to adapt to changing threat strategies.
Security professionals should take note: The browser has been a key delivery vector for malware thus far in 2020, and this trend will likely continue into the next year. This corresponds to the documented drop in corporate web traffic, which was generally inspected and sanitized, and the rise in home-based web traffic due to the transition to a remote workforce strategy.
For this reason, organizations must not only provide remote workers with the knowledge and training necessary to secure their own personal networks and the connected business network, but also provide additional resources, such as new endpoint detection and response (EDR) solutions that can detect and stop advanced threats.