Remote Work Sparking Rise in Cybersecurity Threats, HTSA Told
Computer malware detections were down over 43% year on year in 2020, partly due to work-from-home trends, said Rick Meder, solutions architect at SonicWall, at a Home Technology Specialists of America session Monday, referencing the company’s annual cyberthreat report. But remote desktop protocol attacks soared from just over one per day worldwide in January 2020 to eight attacks per second in September, Meder said at HTSA's virtual spring meeting.
IoT malware detections grew over 66% last year globally and 152% in North America, said Meder. Cryptojacking is at a three-year high, up over 300% from 2019, he said. A widely publicized $50 million ransomware attack on Acer last month was the largest known to date, he said.
Consumers often think they couldn’t be targets of a cybercriminal attack because corporate targets are more lucrative, said Meder, but the “dramatic change” in work patterns brought about by COVID-19 “absolutely changed the landscape. It’s no longer the case that a home network isn’t valuable. They don’t know until they get into that network,” he said, because behind it could be a “highly valuable corporate asset.”
Home networks are commonly protected by simple consumer-grade network security appliances, including those from ISPs, Meder said: “We have seen an extremely high increase” in attacks on consumer-grade routers, security tools and firewalls. In the past, bad actors didn’t care about home networks “because it wasn’t worth the money,” he said. SonicWall is now seeing “really high blankets of attacks … just being pushed out over and over.”
The 66% increase in IoT malware is due largely to the proliferating entry points in smart homes, said Meder, citing a “major increase in hits on light bulbs” from different brands. In addition to the known issues -- default passwords that aren’t changed and highly publicized distributed denial-of-service attacks -- “now they’re being used as junk points,” he said. “If they can be used to gain access, it allows [cybercriminals] to get one point deeper.”
Cryptocurrency is a particularly attractive target due to its value, Meder said. Bad actors are “going in and taking over anything that has processing power to attempt to mine bitcoin,” such as smart thermostats, lights, locks, controllers and TVs, since "everything is connected these days.” Smart home devices previously were of relatively low concern to cybercriminals, he said, but there has been a “major shift": If criminals infiltrate a network, “there’s a good chance there’s a great amount of value behind it.”
On how to deal with the threats, Meder said integrators have to consider what edge protection devices their clients need to secure their networks and smart devices -- and their hosted email. It’s a “cops-and-robbers game,” where “as the cops get better, the robbers keep finding new ways," he said. HTSA integrators need to move their businesses and customers away from routers with consumer-grade security to enterprise-grade with a next-generation firewall. He also suggested installing a VPN that’s locked down tight and protecting cloud services with phishing detection.
The need for custom integrators to shore up cyber liability insurance is growing as “illicit cyberactivity continues to proliferate on a global scale,” said Tom Doherty, HTSA director-new technology initiatives. Global losses due to cybercrime will exceed $6 trillion this year, said Doherty, citing Cybersecurity Ventures data. Small and medium-size businesses (SMBs) are particularly vulnerable, he said, citing National Cyber Security Alliance data that shows over 70% of all cyberattacks target small businesses. SMBs that store any records online “need dedicated cyber liability protection,” he said.
In the past two years, ransomware has become much more prevalent, said Brian Thornton, president of cyber insurance brokerage company ProWriters. He described a “hockey stick” rise of ransomware, along with social engineering that's used to deceive people into divulging confidential information. The 30,000 businesses using Microsoft Exchange “all realized, at that moment, they had a big vulnerability” when Microsoft announced tools for a zero-day vulnerability last month.
When a company announces a patch to address a vulnerability, there's a "flurry of criminal activity where criminals that weren’t aware of these vulnerabilities … then start to target it,” Thornton said. “The slower that people patch, the more often they’re going to be potentially targeted” as criminals look for weak points, he said.
For SMBs, threats are less about targeting a specific business and more about targeting a “known vulnerability,” said Thornton. When hackers “cast a wide net, they’re searching for something specific, a known vulnerability where they know how to get in.” A $300,000 ransomware demand “would be small these days,” he said, compared with two years ago, when that amount was above average. Demands of $750,000 are common, he said, a significant hit to an SMB vs. a $500 million corporation that “may be able to pay that and move on.”
With social engineering, hackers try to mimic internal communications to make a request for information look as “real as possible,” said Thornton. They may take a real invoice “and just change the routing and account number,” he said: An employee “wouldn’t think twice” about processing the invoice. Companies then need to investigate the degree of the breach and determine whether they need to notify customers and consider legal ramifications.
Cyber insurance companies have begun to be proactive with SMB customers, notifying them when they learn of a vulnerability and an available patch “before you actually have a claim,” said Thornton.