InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
There were no less cyber-attacks in 2021, quite the opposite in fact - and the trend is not looking good. The number of cyber-attacks on companies that have been made public in the media has increased in 2021 - in Switzerland too. In the past, a headline used to appear once every few months, but now there are several every week. Also in our cyber security blog, we report every week on the latest cyber threats, and give tips on how current ransomware attacks can be avoided. In this blog article, you can find out which top 3 articles were of the greatest interest to our readers in 2021, and which 3 issues will be keeping us busy in 2022.
The most clicked-on article was "[InfoGuard CSIRT warning] Current Ransomware attacks with the parcel trick“. The article was published in mid-April, but since has definitely not lost any of its relevance. Our Computer Security Incident Response Team (abbreviated to CSIRT) found the same initial infection in numerous ransomware attacks on companies: a phishing e-Mail using the well-known package trick. Stefan Rothenbühler, Senior Cyber Security Analyst at InfoGuard, described in the article how there were a number of scams, phishing e-mails to employees involving a supposed parcel or letter delivery, and this was sometimes even communicated by phone call. In these e-mails, a link then had to be clicked on to ensure that the parcel was delivered. In the background, however, an e-banking Trojan was downloaded which could then be used to spy on the company's financial transactions.
To prevent this from happening, we always recommend that you coach your staff in security awareness training sessions. We are making helpful tips and tricks for recognising phishing attacks available to you, free of charge, in a whitepaper:
The article in second place is no less surprising, because the threat posed by these vulnerabilities was beyond critical, and we reported on this in the article “Microsoft Exchange vulnerabilities – MS cleaning tool is not removing all adversaries footholds”. On 2 March 2021, Microsoft published updates for security vulnerabilities on the Exchange server. Within a period of two weeks, the InfoGuard CSIRT checked over 50 potential Exchange server breaches at customers’ premises and urged immediate action, saying: Watch AV warnings very closely! If an alert pops up with a name like 'Cobalt Strike' or 'Powersploit', you have a serious problem and your data may be siphoned off now, encryption may be imminent. Have you also been affected by this?
Another alert from our CSIRT that we wrote about in article in October comes in at number three: “Dark clouds in the security sky - Azure accounts compromised“. As you can see, blog articles like this are an esteemed, important way of warning the general public, not just our customers, and as a way to suggest recommendations made by our experts'.
Over the months, there have been various cyber incidents in the Azure environment, most notably the so-called “business email compromise", where an attacker gains access to a company's email account. The fact that so many companies have outsourced services, including Exchange Online, to the Microsoft Cloud has provided attackers with new opportunities to compromise company accounts and gain access to the compromised user's emails. What was the attackers' approach, based on a real-life case? Find out when you read the whole story.
Do you suspect that your Azure tenant has been hacked? Our CSIRT experts have the knowledge you need, as well as extensive experience in investigating Azure compromises. We would also be happy to check your Azure tenant for hacked accounts based on a compromise assessment.
In 2021, cyber criminals became even more brazen. The number of incidents noticeably increased, and in 2022, cyber security continues to be impacted by the Covid-19 pandemic and its ongoing effects. This makes it all the more important to learn from past experience, in order to stay one step ahead of the attackers. So what should we expect in 2022? As a CISO and security officer in 2022 and beyond, the following three potential security issues should be borne in mind:
Making hybrid work environments secure will continue to keep us busy in 2022. The past two years of crisis have driven the use of cloud services, and companies have invested heavily in digital transformation. However, there are still many security vulnerabilities, especially cloud misconfigurations that can be exploited by cybercriminals.
As the need to protect cloud identities intensifies, organisations will need to ensure secure identity management in the cloud and adopt zero trust, authentication and access models. Zero trust ensures that all devices and users that attempt to connect to the company's applications and systems are scanned. Zero trust also ensures that devices and users are continuously scanned for suspicious activity and behaviour in order to create a secure environment.
Another threat that has emerged since 2020 is supply chain attacks. Persistent business bottlenecks and disruptions offer malicious players the opportunity to put pressure on the victims targeted. Above all, Access-as-a-Service (AaaS) brokers have a specific interest in gaining access and selling it to the highest bidder(s). Attackers rely on compromising the source code of widely used applications. This enables them to attack a large number of victims at the same time before they even have time to react. This means that attacks on the victim's entire supply chain, including their customers and partner suppliers, are possible.
There should therefore be a review of IT security with suppliers or service providers. This includes assessing risks in coupling IT systems, in data exchange and in the user awareness of the new partner.
In 2022, everyone can access the tools needed to carry out ransomware attacks, because ransomware has long since become a lucrative business. Malware can be bought or rented, and hackers now offer their expertise as a service! This means that even inexperienced attackers can get the job done thanks to Ransomware-as-a-Service (RaaS). This new business model has provided cybercriminals with another lucrative business, and it is clear that this market will continue to grow significantly. What that means for companies is: secure the technical infrastructure, develop a good emergency concept and invest in security awareness training sessions for staff.