Rewinding the Clock: 25 Security Learnings That Ring the Alarm Bells for Future
MITRE ATT&CK • Dec 23, 2019
We use cookies to improve your experience. Do you accept?
MITRE ATT&CK • Dec 23, 2019
As 2019 comes to a close, it is time to rewind and revisit the various trends that shaped the cybersecurity landscape this year and take learnings from them. From the rise of new attack techniques to the adoption of security technologies, the security industry has witnessed many transformations. Stakeholders in both the public and private sectors have seen an increased focus on cybersecurity efforts across the board. With that said, let us recap the top cybersecurity highlights of 2019.
“Unsecured servers” is a phrase that has been in the headlines endlessly this year. Organizations from all different industries have faced the brunt of breaches caused due to storage servers on AWS, MongoDB, or Elasticsearch, being left exposed online.
Among various types of phishing attacks, Business Email Compromise (BEC) has emerged as the major threat for organizations worldwide. The FBI’s Internet Crime Complaint Center (IC3) estimates global ‘exposed dollar losses’ to BEC fraud has exceeded $26 billion in the past three years.
The software and hardware supply chains leveraged by organizations can also become a means of infiltration for threat actors. Supply chain attacks on companies such as ASUS, OnePlus, Lenovo, etc, in 2019 affected millions of users globally. Researchers also described how supply chain attacks on software development tools can result in malware infections downstream for applications developed using those tools.
Robocalls or automated call used for all kinds of scams are an annoyance for everyone. A research revealed that billions of such automated calls are made every month in the US alone. In 2019, all major telcos introduced security features to block such calls. The US government also introduced the Telephone Robocall Abuse Criminal Enforcement and Deterrence(TRACED) Act to enforce stricter penalties and actions against robocall operators.
Security flaws in processors that power our computers can prove to be dangerous for all users. Continuing the trend from last year, 2019 also saw the discovery of side-channel flaws in Intel processors including SWAPGS, Zombieload 2, NETCAT, and Plundervolt.
What happens to the records stolen in large-scale breaches? Well, in many cases, the hackers sell the data on underground forums to generate some revenue, thereby spurring a wave of attacks using those leaked credentials. This year also we witnessed hackers dumping billions of records for sale on the dark web.
Ransomware attacks on schools have been a disturbingly common occurrence this year. Over 1000 schools and school districts in the US were hit by ransomware attacks in 2019.
Apart from schools, other public organizations facing the brunt of ransomware attacks, are the local governments and healthcare facilities in the US. More than 100 government agencies and 700 healthcare providers were affected this year across the US, according to estimates from various security firms.
Securing your own infrastructure is not enough as threat actors can strike through your vendors, partners, or other entities you do operate with. The risk of third-party breaches is perfectly encapsulated by the AMCA incident this year. A security breach at AMCA, a major service provider for the healthcare sector, resulted in a series of third-party data leaks for multiple healthcare firms with over 25 million records exposed in total.
The 2019 Cost of a Data Breach Report by IBM estimated the global average cost of a data breach at $3.92 million, marking a 1.5 percent increase from the previous year. Among all countries, the US had the highest average breach cost at $8.19 million whereas the healthcare care sector averaged $6.45 million, the highest among all industry sectors.
The year 2019 also saw a growth in security initiatives by governments in the form of new bug bounty programs, awareness campaigns, educational programs, takedown of cybercrime operations, and more. On the other hand, technology companies have also expanded their bug bounty programs with Apple leading the way by increasing the maximum payout to $1 million.
The increasing complexity of the security stack deployed by organizations poses major challenges in security operations. Experts indicate that over 50% of Security Operations Centers (SOCs) by 2022 will have integrated capabilities for incident response, threat intelligence, and threat hunting. Organizations are looking to find a balance between response and detection versus prevention.
The e-commerce sector has been in the crosshairs of card skimming attacks in the past few years. In 2019 also, Magecart attackers infected hundreds of online stores to steal customers’ payment information. Meanwhile, hackers have performed card skimming attacks physically as well through skimming devices planted in gas stations, ATMs, and other places.
Cyber threats due to rogue insiders can impact organizations just as much as external threats. 2019 saw some of the largest insider security breaches affecting companies such as Capital One and AT&T.
Zero-day vulnerabilities are always a gold mine for cybercriminals. This year too, we witnessed the discovery of dozens of zero-day flaws in various software and hardware products. Some of the popular software affected this year include Whatsapp, Google Chrome, Android, Microsoft Windows, and Apple iOS, among others.
The gaming industry has grown tremendously over the last few years. However, this rise has also been met with security threats from cybercriminals. Whether it is popular games such as Fortnite, platforms like Steam, or game development companies like Zynga, cybercriminals claimed many victims through targeted attack campaigns in 2019.
Researchers have observed dozens of malicious Android apps on Google Play Store with tens of millions of downloads that are being used to trick users through phishing, click fraud, and other techniques. Malicious apps have emerged as a growing tactic for cybercriminals to find entry points into smartphones.
MITRE’s ATT &CK framework has led to a common evaluation standard for security products based on defensive capabilities against various threat actors’ tactics, techniques, and procedures (TTPs). MITRE has also updated the Common Weakness Enumeration (CWE) list outlining the 25 most dangerous software vulnerabilities. The list got updated for the first time in eight years to include a new threat, namely “Improper Restriction of Operations within the Bounds of a Memory Buffer.”
To counter growing cyber threats, public and private organizations have joined hands through information-sharing programs. Information sharing initiatives by government agencies such as Cybersecurity and Infrastructure Security Agency (CISA) in the US have gained traction, while more and more industry sectors are forming coalitions to boost collaboration in defending against growing cyber threats.
Cryptojacking , an attack technique wherein attackers hijack target systems to mine cryptocurrency, gained traction in various attack campaigns. Over 52 million incidents of cryptojacking were recorded just in the first half of the year.
In 2019, we witnessed some of the largest ever breaches recorded in the form of Collection #1-5 dumps which contained 2.2 billion records in total. Apart from this, several other critical incidents were also reported such as the exposure of over 885 million personal and financial records by First American Financial Corp. and the leak of hundreds of millions of SMS messages by TrueDialog.
The growing concern on user data privacy issues has also reflected in the introduction of new laws such as the California Consumer Privacy Act (CCPA). Meanwhile, the first anniversary of GDPR enactment in Europe has revealed a significant rise in data breach reporting by companies, along with increased penalties for non-compliance.
New AI-powered technologies such as Deepfakes sparked conversations on the security implications of these technologies for spreading misinformation, conducting fraud, and other malicious purposes. Meanwhile, more and more organizations are leveraging AI and Machine Learning in their cyber defense but experts also warned of the threats posed by such technologies getting into the hands of attackers.
The security industry saw some of the biggest security acquisitions and mergers this year, amounting to deals worth over $17 billion in total this year. Some of the notable acquisitions include SecureLink, Endgame, Twistlock, Verodin, Symantec Enterprise Security, Sophos, Shape Security, etc.
The growth of the Zero Trust model in 2019 is another marker of changing the cybersecurity strategies of organizations globally. This model represents a marked shift from the older perimeter security approach. This approach posits that no entity within or outside an organization must be trusted by default and more focus should be placed on user identity and authentication.