Jens Monrad, the Head of Mandiant Threat Intelligence for EMEA, at FireEye speaks about the security threat landscape in the region
How has the security threat landscape evolved over the past few months?
The Middle East is an attractive target to cyber threat actors whose motivations can be politically or financially driven. Much like the rest of the world, the threat landscape has been significantly impacted by the increased digitalization in the region which has attracted financially motivated threats with a primary focus on stealing credentials, monetizing unauthorized access, or attempt to extort victims via ransomware schemes. The continued normalization of the UAE-Israel relations could also increase the cyberthreat, especially from countries or activists who disagree.
What sort of security challenges are people facing when working from home and how is your company equipped to handle those challenges?
As the world went to remote and hybrid work models, several cybersecurity challenges fell into the laps of the people who were safeguarding the organisation from cyber threats. With more people working remotely using multiple devices and from multiple networks, the attack surface for hackers has dramatically increased, giving them many more options to exploit. As organisations rushed to introduce or scale up remote access technology, it led to insecure connections such as VPNs.
How has ransomware evolved during the pandemic period and what are you doing to tackle the problem?
Recent ransomware attacks aren’t similar to those before and have resulted in different business consequences, requiring different protections to be put in place. To better confront and mitigate these incidents, Mandiant has adopted the term “multifaceted extortion” to characterize this evolved form of ransomware. The different facets include – ransom for unlocking encrypted data; theft of sensitive data and publishing data to ‘name and shame’ organisations.
After reviewing ransomware engagements supported throughout 2020, Mandiant experts uncovered several actions organizations should prioritize to mitigate the risk of ransomware incidents. These actions would address several common issues observed, including:
- Large numbers of highly privileged accounts in Active Directory
- Highly privileged non-computer accounts configured with service principal names (SPNs)
- Security controls not configured to minimize the exposure and usage of privileged accounts across endpoints
- Attackers modifying Group Policy Objects (GPOs) for ransomware deployment
Do you believe companies today have accelerated their digital transformation initiatives?
Yes, companies have accelerated their digital transformation initiatives in the Middle East. A Gartner report projects the total IT spend to a total $171 billion in 2021. The analyst attributes rapid digitalisation in the MENA region as a driving factor for the increase in spend and expects organisations to focus their spending on servers, applications, remote working technologies, and infrastructure software this year, in support of their digitalization efforts. Additionally, due to the circumstances of a global pandemic, many organizations fast-forwarded their strategies when it comes to outsourcing and moving to the cloud.
What are the cybersecurity trends for 2021?
In the report, A Global Reset: Cyber Security Predictions 2021, we tackle the following topics: remote work and other impacts of the global pandemic, ransomware, nation-state activity, cloud security, and security validation.
- Remote Work and Other Impacts of the Global Pandemic: In the near term, the coronavirus will likely continue to have a significant impact on normal business operations, with a focus on supporting remote work, virtual events, and new productivity platforms. In the longer term, technology solutions will step in to facilitate the return to work, school, and other activities, potentially introducing new risks for privacy, personally identifiable information (PII), and protected health information (PHI).
- Persistence and Growth of Ransomware Usage: Ransomware will continue its rapid growth in 2021 and it’s varieties will increase along with the frequency of attacks. Through post-intrusion reconnaissance and the deep enumeration of networks, threat actors locking up the most relied on and sensitive data and architectures, which leads to much higher ransom amounts.
- Cloud Security Taking the Limelight: Companies will need to spend time building up awareness of their cloud presence in 2021. Many cloud threats are the same as those encountered on in-house networks. In 2021, cloud hacks are expected to continue to be executed through:
1) Stolen credentials, typically via phishing
2) Exploitation of cloud misconfigurations
3) Vulnerable cloud application hacking
What are the key factors to consider to make sure the digital economies of today are secured?
While we are seen an expanded surface area for cyberattacks due to digitalization and how we rely on connectivity today, many threats exploit the same vectors when it comes to intrusions:
Using social engineering via emails to lure users into installing malware or giving away their credentials.
They are exploiting a vulnerable internet-facing product or technology.
Many cyberattacks are successful because organizations are yet to implement a more robust user control when it comes to credential handling. Enforcing multi-factor authentication, fewer privileges for users, rather than global or local administrative privileges, could minimize the threat and make it harder for an attacker to compromise an infrastructure successfully.
Additionally, lack of insight into the infrastructure means that many organizations still have a significant gap between discovery and recovery. While many might consider investing in additional technology first, understanding the threat landscape, which threats you should be most concerned about, and how they operate, and adjust your internal processes accordingly is more important as it will also highlight where you might have gaps in your security controls.