Cyber Attacks On Kiwi Companies Expected To Increase In 2021, Warns Accenture
Accenture is warning that the types of disruptive cyber attacks that targeted the NZX, Metservice and several high profile New Zealand companies are set to increase in 2021.
The release of Accenture’s 2020 Cyber Threatscape Report shows how cyber threats have evolved over the past year, and details the threats expected to characterise the next 12 months.
It shines a light on the tools and techniques ransomware gangs deployed throughout 2020 and details how threats will continue to evolve.
Accenture’s findings show that ransomware gangs are deploying an increasingly sophisticated arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms.
Accenture New Zealand Managing Director Ben Morgan says:
“Last year cyber adversaries placed several high-profile Kiwi companies and public institutions under siege. They used advanced ransomware and denial of service attacks to disrupt operations and lock owners out of their systems, causing huge frustration for owners, employees and customers.
“Our latest report shows that these kinds of attacks are set to increase. The large number of people now working from home has created a greater scope for sophisticated cyber criminals who are looking to exploit remote working vulnerabilities.
“We have seen this with the rise of spear phishing, where ransomware gangs target specific individuals and businesses with email campaigns. Once compromised, these gangs will harvest credentials to gain greater access to the business network, steal company data, and lock out users until a ransom is paid.
“They are also quick to adapt to current events and exploit people’s fears. We have seen this with an increase in the use of language, themes and imagery related to Covid-19. By mimicking the style of official information and playing upon people’s fears about the pandemic, ransomware groups are tricking users into clicking on links that allow their systems to be compromised.
“We’ve also observed that the greater the amount of disruption cybercriminals are able to cause, the more brazen they can be with their ransom demands. We advise organisations to up their cyber security game by leveraging reliable cyber threat intelligence to understand and expel the most complex threats.”
Accenture’s report provides business leaders with advice on the practical steps they can all take to mitigate the risk of a cyber attack disrupting their organisations.
“Cyber criminals move fast to take full advantage of the latest security exploits. All businesses should make sure their operating systems are up to date with the latest patches and that they regularly back up their data. Failure to do so can have catastrophic results.
“Where possible, enterprises should limit the type of devices connected to their business networks. Every type of device has its own risk profile – the more you have in the mix, the harder it is to counter all the possible ways into your network.
“Most importantly, business leaders should ensure they invest in cyber threat training for their people. Ransomware campaigns are successful because they exploit people to gain access to systems. Making sure staff can identify and report suspected ransomware emails is a must for any organisation in 2021.”
In 2019 Accenture launched its Sydney Cyber Fusion Centre. The Centre provides 24/7 cyber incident and threat monitoring services to government and commercial clients across the Asia-Pacific region and draws on the global expertise of Accenture’s 7000+ strong cyber security practice.
Cyber Security Threats in 2021
1. Covid-19 has accelerated the need for
Personal and business data continues to be highly valuable commodities. Stolen data is traded in the dark corners of the internet, or used to exploit individuals and companies for ransoms. Companies in all industries should plan for these types of attacks to persist indefinitely and to have long-term effects.
Antivirus software became ubiquitous for users of computers and IT systems in the 90s and 2000s. But as cyber threats continued to manifest and evolve, and businesses took more of their systems online, anti-virus software soon became an insufficient defence against determined cyber criminals.
Adaptive security is a modern solution for businesses. Anti-virus software once responded to incidents and infiltrations and picked up threats during regular system scans. Adaptive security is different. Adaptive security architecture detects, responds and predicts cyber threats in real time. Employing adaptive security creates confidence; for instance, organisations can use the cloud or expand access to more remote users.
2. Sophisticated adversaries
mask identities with off-the-shelf
Throughout 2020, Accenture cyber threat intelligence (CTI) analysts observed suspected state-sponsored and organised criminal groups using a combination of off-the-shelf tooling and open source penetration testing tools at unprecedented scale to carry out cyberattacks and hide their tracks.
For example, Accenture tracks the patterns and activities of an Iran-based hacker group referred to as SOURFACE (also known as Chafer or Remix Kitten). Since 2014 the group has become known for its cyberattacks on strategically important industries in the U.S., Israel, Europe, Saudi Arabia, Australia and other regions. Accenture has observed SOURFACE using legitimate Windows functions and freely available tools for credential dumping. Groups use these techniques to steal credentials like usernames and passwords. This allows attackers to escalate privileges or move across the network to compromise other systems and accounts while disguised as a valid user.
Sophisticated actors, including state-sponsored and organised criminal groups, will continue to use off-the-shelf and penetration testing tools as they are easy to use, effective and cost-efficient.
3. New, sophisticated tactics
target business continuity
To maintain long-term unauthorised access to cyber environments, hackers often abuse native Windows functionality or other applications installed on the device or network. By taking over trusted applications, cyber criminals are able to avoid having to deploy tools that may alert network defenders to the presence of their unauthorised activity.
The report notes how one notorious group has aggressively targeted systems supporting Microsoft Exchange and Outlook Web Access. It then uses these compromised systems to hide traffic, relay commands, compromise e-mail, steal data and gather credentials for espionage efforts. Operating from Russia, the group, which Accenture refers to as BELUGASTURGEON (also known as Turla or Snake), has been active for more than 10 years and is associated with numerous cyberattacks aimed at government agencies, foreign policy research firms and think tanks across the globe.
State-aligned operators often have vast arsenals of cyber resources and capability at their disposal. This underlines the importance of identifying and tracking priority adversaries and then threat hunting against the specific behaviours employed by them.
4. Ransomware feeds new profitable,
scalable business model
Ransomware quickly became a more lucrative business model in 2020. Cybercriminals took online extortion to a new level by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The criminals behind the Maze, Sodinokibi (also known as REvil) and DoppelPaymer ransomware strains are the pioneers of this growing tactic, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers.
The success of these hack-and-leak extortion methods, especially against larger organisations, means they will continue throughout 2021 and beyond. In fact, Accenture CTI analysts have recently observed recruitment campaigns on a popular Dark Web forum from the threat actors behind Sodinokibi.
Organisations can mitigate the effects of ransomware attacks by keeping operating systems and software up-to-date, disabling Remote Desktop Protocol connections, teaching staff how to protect themselves against phishing attacks and maintaining regular backups of system data.
5. Connectedness has
The world has never been as connected as it is now. While this provides immense opportunities for businesses, organisations and society, it also poses new threats. As demand for connectivity continues to increase, businesses are using unpatched and untested devices. These devices pose realistic and accessible targets for cyber criminals to gain access to other parts of a business’s systems.
Security leaders are fighting back. More bug bounty programs are being introduced, where hackers are encouraged to find and report bugs or security exploits and vulnerabilities for financial compensation.
The speed at which many new devices have become connected to the internet means that there has been little standardisation of systems across manufacturers. Each device therefore has its own security profile and vulnerabilities. Going forward, security leaders should share their knowledge and develop standardised systems that are simple, easy to integrate, and bear close scrutiny.