The Shifting Cyber Threat Landscape
Stop-gap measures and insecure software
During testing and advisory engagements carried out by SureCloud, we found organizations using copy-paste security scripts downloaded from the internet, unreliable third-party VPNs and third-party management software such as TeamViewer, which are common targets for attackers. Furthermore, software such as TeamViewer is so heavily abused by scammers that many home ISPs actively block it, which has caused further problems for the organizations concerned in remotely managing endpoints.
Sophisticated phishing attacks
Phishing attacks saw a significant increase in volume and efficacy over as remote workers, isolated from their colleagues, depended on outreach support via phone calls and emails to identify and respond to a suspect email. When it comes to mimicking real services and departments, phishing emails have become so sophisticated that just about anybody can fall for them if they’re alone, stressed and not regularly trained on what to look out for.
Hidden scam phone calls
Another area uncovered was an increase in scam phone calls. With an internal fixed-line system, employees would easily be able to identify a scam call from someone claiming to be from the IT department because it would have the wrong phone extension. However, the switch to mobile devices from fixed-line systems removes this very simple barrier, making it easy for scammers to call up a team member and pretend to be someone from the business.
Security boundaries and controls
Historically, organizations have relied on a solid external perimeter as a security boundary, but as the number of employees working from home increased over the last year, the security boundary has shifted to the individual endpoint devices in use.
As a fundamental change in how systems interact, this changes the attack surface of an organization, placing more focus on identity management than on networking and physical security controls. Additionally, endpoint security, including secure configuration and patch management, has also become very prominent. This shift has been evident in SureCloud’s Red Team and Adversary Simulation engagements where initial access, lateral movement and evasive techniques have had to evolve with these types of zero-trust architectures.