Cyber Threats and Trends 2020
2020 brought with it a long list of things that most of us would love to forget. It also ushered in or brought to the forefront a host of cybersecurity threats and trends that we ignore at our peril. Many of these attacks, including the new rush of Ransom-related Distributed Denial of Services (RDDoS), have made the news across the globe, but others have been lurking in the background as the world has changed around them.
A Boom Year for Distributed Denial of Service Attacks
As a leading vendor of Distributed Denial of Service mitigation, it isn’t surprising to read about DDoS threats in a Neustar blog. Every year as we review the efforts of our Security Operations Center (SOC) team, we have noted that there is a rise in these attacks; but even in this context, 2020 was something special. The noteworthy element here is just how much DDoS mitigations have risen, with over two and a half times as many attacks as 2019. And not only were there more attacks, they were record breakers. Neustar mitigated an attack with over a terabit per second of attack traffic, in addition to another that lasted close to 6 days. This was especially true when considering Internet Service Providers (ISPs), hosters and registries vertical. Because of Neustar’s vendor-neutral DDoS mitigation services, we have a unique viewpoint on this industry, which saw an unprecedented number of DDoS attacks throughout the year.
Among this year’s memorable DDoS attacks was the “new” trend of Ransom-related Distributed Denial of Service or RDDoS attacks. RDDoS attacks themselves are not really new…what changed was the victimology as these threats extended to finance, government, the energy sector and more. Attacks were generally preceded by an extortion letter that promised a small attack the next day and threatened up to 2 Tbps of attack traffic to follow if the ransom was not paid. Many of the letters were signed by well-known malicious actors, including Fancy Bear, the Lazarus Group and the Armada Collective. While it is unknown how many of these threats were actually perpetuated by these organizations, it is likely that the fear of nation state attack groups such as these were intended to amplify the fear that the letters themselves generated.
Digital Transformation Has Not Been without Casualties
2020 marked a year where many businesses were forced to go online or go out of business. Indeed, pundits have estimated that the pandemic has accelerated digital transformation by 4-6 years in developed countries and almost double that in less developed nations. While business overall may see a benefit from this growth, the drive to get online has led to some vulnerabilities that could have long term consequences.
One of the fastest ways to create a collaborative website is with a Content Management System, or CMS. While these applications can help to quickly create an online presence, they can be fraught with vulnerabilities. In October 2020 a pair of researchers announced more than 30 vulnerabilities across 20 popular content management systems (CMS) at the Black Hat Conference.
Still another issue is how and where applications are housed. The days of the monolithic, single application server housed in a datacenter and connected with dedicated software are largely over. This legacy architecture has been replaced by microservices, in which specific operations or portions of an app can reside in different places, and even in a number of different places, for a myriad of benefits. Using microservices, the elements of an application that require processing power can be easily added to; latency-sensitive content can be stored close to the end user. Changes can be made to only the portion on of the application that requires it.
Like all technology, however, there can be pitfalls. In this case, the drawbacks take the form of vulnerabilities in the Application Programming Interfaces or APIs that stitch the whole architecture together. The wide use of APIs has been a factor in the growth of exploitable vulnerabilities, which necessitated the Open Web Application Security Project, or OWASP, to create a vulnerability database specific to them in 2019.
The Internet’s Phone Book Under Attack
As the pandemic has pushed workforces and businesses online, cybercriminals have been quick to follow suit. The place that any internet activity begins is with the Domain Name System, or DNS. In addition to being a means to launch amplified DDoS attacks, DNS itself has been a target this year, and the far-reaching and sometime unknown nature of these threats can be among the most expensive that an enterprise can face. The average cost per DNS attack is over $900,000, and impacts range from the direct expense of application or service downtime to factors that are more difficult to quantify, such as brand damage.1 only are DNS attacks difficult to pinpoint, but they can also take a staggeringly long time to recover from.
A 2020 study of the top 100,000 websites on the internet, conducted by Carnegie Mellon University, painted a bleak picture of the understanding of the essential nature of DNS in keeping the digital world up and running. Their findings, published at the Internet Measurement Conference last month, show that in 2020, 89.2% of all websites use a third-party DNS provider rather than managing their own DNS server. But crucially, their findings also showed that 84.8% of all analyzed websites relied on one single DNS provider, without having a backup redundancy to which they could switch in case of a failure or attack.2
We are all aware of the cost of the pandemic for businesses overall. One element that may not have garnered much attention, however, is the tendency for companies that go out of business to abandon domains. These abandoned domains can be an invaluable asset to cybercriminals looking for a way in the enterprise door. Abandoned domains can lead to a wealth of data, including email accounts, confidential/proprietary information, contact lists and more. Secondary domains that enterprise security solutions have contextually approved in the past could be snapped up by other buyers and used to get past existing defenses and in the enterprise door, particularly as employees go back to work later in 2021.
What to Take Away
A number of things stand out in a review of last year in cybersecurity. First among them is the variety of threats and the expansion of the attack surface. No one has discovered a single “killer” attack, but bad actors have made the most of what was in their arsenal.
A pointer to enhanced security in 2021, however, is that the best way to handle this onslaught is to consider security holistically, within the context of your specific needs. 2020 caught most individuals and organizations off guard, but by looking forward we can ensure that 2021 is not a repeat. To make the most of what we’ve learned in the last twelve months, take the time to assess what is business-critical for your organization. Look at where assets are housed, and how they are accessed. Look critically at your infrastructure to ensure that it is secure and redundant. Then decide what solutions will work best for you and refuse to be wedged into an “almost” fit based on vendor limitations.
1. IDC, 2020 Global DNS Threat Report