The COVID-19 pandemic forced businesses of all shapes and sizes to make rapid changes in how they operated, with employees predominantly working remotely and sensitive data and systems being accessed from outside the office.
For many, this triggered an increased reliance on remote-access infrastructure and cloud-delivered services. IT departments rushed to install, expand, or upgrade remote desktop access (RDA) servers, virtual private network (VPN) concentrators, and remote access routers to meet surging workforce demand for remote access to data centers. Moreover, widespread reliance on video conferencing apps forced many businesses to upgrade enterprise wide-area network and local-area network capacity, as well as to reevaluate routing and DNS resolution paths within the network.Enterprises also quickly began to adopt software-as-a-service (SaaS) and cloud applications to handle the large scale and rapid modifications required by the sea change in remote work practices.
Not surprisingly, cyberattackers were quick to spot an opportunity. 2020 saw record-breaking attacks targeting vulnerabilities brought about by these new business practices, putting security professionals on the defensive.
Shifting Threat Tactics
Threat tactics are constantly evolving. Cyberattackers are preying on the anxieties surrounding the pandemic to exploit new opportunities for perpetrating fraud. According to the recently published HardenStance white paper “Cyber Security After the Pandemic,” several tried-and-true tactics are being modified to the current environment. For instance, lure attacks have taken on COVID-19 themes. Email, SMS, and other messaging applications were used in the early days of the pandemic to prey on victims’ fears regarding personal protective equipment (PPE) shortages, contact tracing, and more recently, fraudulent vaccine passport requirements.
Distributed denial-of-service (DDoS) attacks also have been on the rise, as attackers unleashed more than 10 million DDoS attacks in 2020. Because of the shift to remote work, attackers increasingly targeted on-premises VPN concentrators. Another trend has been the rise of DDoS extortion attacks, also known as ransom DDoS. In fact, the threat actors behind the Lazarus Bear Armada DDoS extortion attacks targeted VPN concentrators as part of their campaign.
The Importance of Developing Security Strategies
Although the future is always difficult to predict, one thing is certain: cyberattacks will not abate. That means enterprises need to develop both short- and long-term strategies for combatting these attacks.
In the short term, security professionals will need to focus on plugging the holes that have emerged since the lockdowns began. The HardenStance white paper recommends implementing cloud security controls in development environments, preventing VPN concentrators from being easily identified by probing attackers, and upgrading to a dedicated DDoS protection capability.
In the long term, enterprises should develop well-thought-out strategies that put security first in this ongoing battle against cybercombatants.
Download the white paper “Cyber Security After the Pandemic”