By Bob Hansmann
Senior Product Marketing Manager – Security, Infoblox
The combination of employees working from anywhere with the increase in phishing attacks and lack of cohesive security has created a cybercriminal’s paradise. The recently released Infoblox Q1 2021 Cyber Threat Intelligence Report contains original research from our Cyber Intelligence Unit (CIU), including actionable insights for the current state of cybersecurity.
The report provides up-to-date and objective information about the most prevalent malware campaigns our CIU saw between January 1 and March 31, 2021; gives security teams useful insights into how these attacks operate; and outlines best practices to mitigate their effects.
Here are some highlights and key takeaways from the report:
The Supply Chain is At Risk – It’s no secret that businesses of are moving apps and other workloads to the cloud. What’s not as well-known is that the learning curve (and investment curve) associated with digital transformation is too steep for many companies. The leading cause of cloud breach vulnerabilities continues to be basic errors in cloud administration (such as configuration and setup) along with factors like too many dashboards, points of administration, and policies to propagate through different systems. The cyber attacks organizations face today require a zero-trust strategy that assumes breach. Organizations need cloud security layers in addition to the on-premises security basics they implemented years ago. For example, when protecting against cloud misconfigurations, CASB is an excellent first step for access controls. But businesses also need a cloud workload protection platform (CWPP) and cloud security posture management (CSPM) security controls to confirm their configurations are set up correctly. Further, they need to administer a security orchestration and response (SOAR) platform to ensure their security systems can work together. To these layers, companies should add SASE (secure access service edge) and DNS security, which acts as an added sheriff protecting against advanced malware threats in the cloud as well as on-premises.
- Cybercriminals Continue to Exploit User Trust – In last year’s SolarWinds attack, sophisticated cybercriminals compromised a technology provider’s most trusted continuous integration/continuous delivery (CI/CD) pipeline. This was the first of several major attacks seen this year leveraging cybersecurity weaknesses in the service provider supply chain resulting in serious breaches. Once compromised, the bad actors use the provider’s trusted reputation to distribute malware across its user base, paving the way for widespread damage. SolarWinds estimated that up to 18,000 of its customers, including several well-known names like the Department of Energy and Microsoft, and even security vendors like FireEye and Mimecast, downloaded the software update that contained the malicious code. These incidents prove traditional security tactics that focus on the network edge and assume the “middle” is secure are no longer adequate.
- Lack of Security Frameworks Can Increase Risk Exposure – It is understood that 90 percent or more of malware is introduced through email directly or through malicious links. This, combined with the acceleration of work-from-anywhere (WFA) that followed 2020 COVID quarantines, means organizations must prepare their infrastructure to counter sophisticated cyber adversarial tactics. End users have struggled to avoid clicking on links and attachments from unknown users. Now, many people are working from home and accessing personal and corporate emails on the same device. And they’re receiving more phishing attacks with fewer security safeguards than at the office. Together with the problems caused by cloud misconfigurations mentioned earlier, these factors have created a paradise of opportunity for cybercriminals – one that security teams must prepare for.
- Zero Trust Should be the New Norm for Organizations – Whether malware comes from an email claiming to be from the recipient’s bank, a fraudulent software update certificate or a new device connecting to a corporate network, misplaced trust lies at the heart of most security breaches. Users can’t get by in today’s cyber landscape with blind trust. A zero-trust strategy, in which all users and devices must be authenticated before accessing corporate applications, is critical in today’s world. DNS security is a must-have component in your zero-trust arsenal. The vast majority of cyberattacks involve “phoning home” to a command and control (C&C) center to get additional instructions such as a ransomware encryption key, exploit tools, or other malicious code to facilitate lateral movement or data theft once they have infiltrated the victim’s network. All these callbacks require DNS, meaning a sound and properly configured DNS security solution can stop calls to unknown or malicious domains, detect malicious activity, and alert defenders of a threat or the potential compromise.
In conclusion, security teams can defend today’s hybrid workplace better by understanding and addressing the risks they face through supply chains, filling critical defensive gaps and defining and implementing zero trust security strategies.
DNS security plays an essential part in all three areas as it operates at a layer where new and unusual communications can be exposed, doctored links are revealed and extensive visibility and control can drive powerful zero trust initiatives.