Anna Chung, Principal Researcher at Unit 42, Palo Alto Networks analyses the 2020 global threat landscape in the Deep and Dark Web … reports Asian Lite News
“We’re continuing to see instances where the failure to configure containers properly is leading to the loss of sensitive information and as a result, default configurations are posing significant security risks to organisations,” said Anna Chung, Principal Researcher at Unit 42, Palo Alto Networks.
“Within the Deep and Dark Web, ransomware attacks are expected to continue in 2020. This year, my team and I came across an increasing number of threat actors selling ransomware, ransomware-as-a-service, and ransomware tutorials. Underground products and services like these enable malicious threat actors who are not technically savvy to enter the game,” she said.
“Threat actors will continue exploring new methods to monetise compromised IoT devices, beyond IoT botnets and IoT-based VPNs, due to the uncapped profit potential. IoT devices remain a popular target among hackers, mostly because IoT security awareness and education is not as prevalent as it should be, and the number of IoT devices will continue to grow at an exponential rate as 5G develops and becomes mainstream,” she added.
“We’re continuing to see instances where the failure to configure containers properly is leading to the loss of sensitive information and as a result, default configurations are posing significant security risks to organisations.”
“Misconfigurations, such as using default container names and leaving default service ports exposed to the public, leave organisations vulnerable to targeted reconnaissance. The implications can vary greatly, as we’ve already seen simple misconfigurations within cloud services lead to severe impacts on organisations.”
“When a company is beginning to address or prepare for these types of attacks, it’s important they never expose a Docker daemon to the internet without a proper authentication mechanism.”
“Many data breaches today are driven by financially motivated cyber threat actors, and this type of attack prefers targets that have rich personal identifiable information (PII), including financial institutes, hospitals, hotels, airlines, and almost all e-commerce sites.”
“From an underground economic perspective, this is data that can be quickly monetised and resold multiple times. Different data has different buyers, but overall speaking in regard to PII, payment information is preferred due to the card-not-present type of fraud. Therefore, sites that process and collect individual payment information typically are more attractive to attackers in this instance.”
“While we have seen a certain amount of cyber-offensive behavior using AI, such as identity impersonation by using deep faking, we are still in the very early stages of seeing the full potential of AI-enabled attacks. On the flipside, we are seeing an increase in cyber defenders using AI to detect and mitigate threats.”
“Businesses and CSOs should prioritise security awareness training for all employees, going beyond just explaining how cyber-attacks occur and how they may impact an organisation as a whole, but educating their workforce at individual level on proactive steps they can take to identify and prevent security attacks. Simple exercises like issuing phishing email detection tests or software update reminders, help raise security awareness among employees to make for more secure daily operations and help reduce the success rate of attacks.”
“One of the major security challenges facing today’s digital age is the fact that there are too many devices and security policies in place, making it difficult to monitor and maintain. Prioritising highly-automated security solutions that cover multiple environments will increase visibility and control over the entire operational environment by simplifying the management process, reducing costs and freeing up more time to identify the existing pain points and future roadmaps,” she concludes.