Network security threats are evolving in surprising ways. This is not one of those general top 10 network security threats posts. Instead, we dive deeper into what we believe are two of the most significant network security threats in 2021: DDoS and ransomware attacks.
Why DDoS attacks are a threat to network security in 2021
DDoS or distributed denial of service attacks always were a relatively easy way to take down an online target. That's why they never went away. They've gotten more massive and destructive as botnets have grown bigger, and the amount of data used in these attacks is a result of their relative increase in size.
That's got a lot to do with more devices coming online in the last few decades. And it's not only more people buying laptops or desktops or businesses starting up more servers. Attackers have taken control of a wide range of newer types of Internet of Things or IoT devices, like security cameras, smart TVs or even smart fridges. This allows them to create an even larger army of so-called “zombies” controlled remotely by the attacker.
Since the market is flooded with (cheap) IoT devices that rarely (if ever) receive firmware or software security updates, they are an easy target for malicious actors to grow their botnets. Although, truth to be told, your average consumer router or multi-functional printer also belongs to the category of devices that rarely receive regular firmware or software security updates.
Nowadays, nefarious groups even rent out their attack capabilities via DDoS-as-a-Service tools. So even if your adversary lacks the technical knowledge to DDoS, they can purchase such an attack online. Indeed, instead of pizza or gadgets, they order an attack that can bring down your site or servers.
Because it's so easy to order such a destructive force, you know it's time to create a serious defensive capability against it.
How to protect yourself against DDoS attacks
For starters, it's essential to prevent each one of your devices from becoming part of any zombie army. There are various ways a device or endpoint can become compromised.
Let's start with the basics. You probably already know of prevention measures like running up-to-date antivirus software or setting up a solid firewall. You’re likely also aware that you need to keep all your endpoints up-to-date on the software/firmware level. You should also look at a security training strategy to prevent the manual installation of malware by one of your users.
But, to stick with the zombie lingo, those are no-brainers for seasoned pros. To effectively repel these attacks, it's best to look at an advanced DDoS protection tool that's tailored to your business size and industry. One that doesn't impact the user experience or efficiency and is suited to any environment: on-premise, cloud or hybrid.
Why ransomware is a threat to network security in 2021
A ransomware attack is an attack where all data on a server or device is secretly encrypted. Once the victims are locked out of their data or systems, payment is demanded to regain access—usually in a cryptocurrency like Bitcoin.
Ransomware can target both consumers and businesses, but is mainly targeted at big organisations. The more nefarious attackers go after companies or organisations responsible for critical infrastructures, such as hospitals, government agencies or, as recently reported in the news, a company operating a major oil pipeline and a large meatpacking plant in the US.
Ransomware attacks have become more popular with cybercriminals. Cryptocurrency is also gaining popularity and more widespread acceptance. Add to this the stricter anti-money laundering regulations that have come into force in, for example, the EU in recent years. This makes it more attractive for cybercriminals to explore the crypto space and extort businesses since their old ways of laundering money are now riskier.
And it's not only cybercriminals who use ransomware attacks. Various reports suggest states like North Korea and Russia have either been carrying out ransomware attacks themselves or allowing criminal gangs in their countries to do so without punishing them.
This shows the urgency to invest in a serious deterrence against these attacks as there are extremely capable actors operating in this area.
How to protect yourself against ransomware
Recently, a report surfaced that revealed that a US organisation decided to rebuild their systems from scratch after suffering a ransomware attack. While even the FBI advised them to pay the ransom—many ransomware attacks were deployed around that time in 2019—their insurance ultimately didn't want them to pay up. In the end, the organisation decided to go the most extreme route and managed to piece most of their data together from backups.
We mention this because there are a few valuable lessons that we can learn from this incident.
First, you need a proper, timely backup and restore strategy for your data. One where the data can be recovered quickly in case of such an attack. Just like fire drills, you should practice the process on a regular basis, because, you know; practice makes perfect.
Secondly, rebuilding their systems from scratch might seem excessive, but at least they then knew for sure that the criminals didn't leave some hidden backdoor to do their party trick all over again on a later day.
While we don't necessarily recommend this route, it shows that you have options if you come prepared. Yes, they didn't manage to prevent the ransomware attack from happening. But at least they had enough backups to develop a creative solution instead of paying up and hoping they could detect and flush out all the malware responsible for the attack.
Other best practices for ransomware security and prevention strategies include educating employees, patching and updating your software as soon as those are available, and monitoring endpoints and your network for suspicious activity. Especially in this hybrid/remote work world we live in, it's vital to do this properly.
Lastly, to combat this the right way, we recommend using modern, advanced cybersecurity controls specialising in preventing unknown threats. After all, the bad guys and girls don't fear legacy antivirus tools as they are relatively easily disabled or removed.
Remco Hobo - 20 July 2021
Get in touch with us today
Do you want to learn more about this subject, or do you have specific questions? Give us a call or leave a message.