Observed Changes to the Threat Landscape in 2020
Reflecting on the cybersecurity threat landscape in 2020, we can't overlook the massive changes that landed on us. Global security attacks increased at a significant pace between 2019 and 2020, and the COVID-19 pandemic only deepened these troubling conditions. As corporations tried to adapt to remote working practices and other environmental changes, cybercriminals ramped up their attacks.
By following the trends, we will try to show the clear line of escalation, with a brief overview of the current state and how Akamai solutions and technologies interact to help corporate security teams face the day-to-day challenges in a much more holistic way that is relevant to the always-changing threat landscape.
Phishing is one of the top threat vectors used in most attacks today. It exploits the human factor, which is often the weakest link in the chain. People usually work according to a daily routine, and attackers apply social engineering and psychological techniques so their victims provide the information they seek. Illustrated below are some phishing campaigns that succeeded in getting victims to provide attackers with their credentials.
During 2020, Akamai enterprise traffic saw more than 100% increase in year-over-year phishing attacks that targeted mostly gaming, technology, and e-commerce verticals, as shown in Figures 1, 2, and 3.
Emotet is one of the largest malware campaign infrastructures. It started by initially targeting finance but soon after transformed to malware as a service for cybercriminals, opening a path for other attacks from TrickBot to Ryuk ransomware.
Figure 4 shows that the Emotet campaign threat activity increased by more than 5 times in 2020.
Specifically, we can still see Emotet activity during the time frame from July 2020 to even after the FBI took down the infrastructure. Only time will tell if the takedown worked completely or if Emotet will rise again.
In addition to Emotet, the somewhat related TrickBot banking Trojan started to gain momentum. In Figure 5, we can see the almost negligible attack count observed in 2019 and the massive growth in attacks over the last months of 2020, along with recently published updates that would "help" TrickBot to better evade endpoint technologies.
In early 2021, we started hearing about and seeing massive supply chain attacks that began during 2020, providing us with indicators over what to look for:
Supply chain attacks are highly dangerous because they hit us in our soft belly and impact the services we trust and use on a daily basis. However, there are important actions all of us can take to reduce, and sometimes even eliminate, the attack surface:
Make sure to apply security patches on time
Update, and make sure you always use the latest code
Do not turn off endpoint security; this is often overlooked
Employ Zero Trust; make sure identity and access solutions track and monitor all activity
Enforce change password policy when possible
Use multi-factor authentication wherever possible
Overall, 2020 was a busy year and signs indicate that it will be even busier in 2021. As the Akamai Security Technology Group expands more deeply into the security landscape, it plans to extend its solutions for tracking, monitoring, and responding to threats on all levels -- and will look forward to devising groundbreaking smart solutions that provide additional security layers of detection and protection.
How Akamai solutions interact with cybersecurity framework
Corporate security operations often can be overwhelmed with tasks / alerts / vulnerabilities / incidents; to assure security posture, organizations need to work based on well defined flows and procedures.
The solution would often be to rely on cybersecurity frameworks. Such as one most common Cybersecurity NIST Framework 1.1
Identify -- Develop organization-wide understanding of the assets and inventory from all types
Protect -- Develop and implement organizational controls and safeguards to protect the assets
Detect -- Develop and implement organizational identification and monitoring
Respond -- Develop and implement organizational procedures to take action on incidents
Recover -- Develop and implement organizational procedures for recovering from cybersecurity incidents
Akamai products and solutions are available to provide organizations with tools to assist in all aspects of the framework.
Enterprise Application Access provides the Zero Trust model to provide the tool to list and identify organizational assets to protect your inside work environment from insider threats as well as detecting potential anomalies.
Network to application layer:
Enterprise Threat Protector (ETP) provides detection via real-time and historical monitoring and provides a protection layer to the external activity both on customer premises and off network using tools and policies to custom fit the corporate risk appetite.
Leveraging tools such as:
ETP Client installed over desktop and mobile OS for allowing onsite and off-network protection and identification
DNS Forwarder to provide in network any node activity detection and identify the offender host
Employing Akamai sophisticated edge proxy technology to assure data leak detection and threat protection
APIs to be integrated with third-party solutions for incident response and recovery
Multi-actor authentication (MFA) offers you an additional layer of protection on top of your username and password, which gives you more control over the identity and access management challenges.
Overall, 2020 was a year in which we saw a massive increase in cybercriminal activity, mostly targeting weaknesses that arose from the changes enforced on most corporations. Social engineering attacks are not going to go away, they will adapt according to market trends. Looking forward, cybercriminals will become more and more sophisticated by updating old threats with new techniques, hitting the supply chain, and adapting their attacks in pursuit of higher monetary gains.
Akamai, as the largest edge cloud platform in the world, processing huge data sets of DNS and web traffic on a daily basis facilitating highly sophisticated home breed machine learning-based algorithm for attacks and anomaly detections like:
DNS exfiltration anomaly and signature-based identification
domain generation algorithm threat detection
zero day phishing, allowing phishing campaigns detection in real time
user behavior analytics algorithms
Providing tools for customers to get more context such as MISP for enriching corporate own threat information, apply APIs for monitoring and controlling corporate policy from SIEM according to desired security posture, all based on flexible and dynamic policy rules for active detection and protection from attacks both inside and outside the corporate perimeter.
Learn more about Akamai's technologies: