Speaking at the RSAC 365 Virtual Summit Jason Rivera, director, Strategic Threat Advisory Group at CrowdStrike, explored how the COVID-19 health crisis has fundamentally altered the attack surface for organizations across the world.
“We had to use the internet so much more than we ever have in the past. If we use the internet more, then we have a larger, more complex attack surface. That in turn allows adversaries opportunities they did not have before.”
Rivera outlined three distinct ways in which the attack surface has changed in the post-pandemic world when compared to before the health crisis began.
The first concerns internal factors, he continued. Pre-COVID, internal assets such as critical workloads/endpoints, applications and data were contained within defined network boundaries. Transition to remote working has resulted in an exponential increase of exposure to internal assets, implying additional emphasis on defending workloads and endpoints.
The second factor Rivera referred to concerns network perimeters. Pre-COVID, in-person workplaces were largely reliant on firewalls, physical appliances, email gateway and network security solutions. Post-COVID, remote working requirements have forced the mass use of VPN and RDP technologies, which place greater strain on perimeter security.
The third factor cited by Rivera was that of external factors. Pre-COVID, there was a clear differentiation between internal and external environments with an internet characterized by ‘normal’ levels of traffic. Post-COVID, there has been increased reliance on cloud capabilities, blurring the lines between internal and external assets, whilst internet traffic has grown exponentially.
Rivera outlined how, as companies were faced by such issues, adversaries levied tactics designed specifically to exploit pandemic-induced attack surface changes.
“Our adversaries have demonstrated their capability to rapidly adapt,” he said, with web distribution, situational phishing, remote desktop exploitation and COVID-themed lures all proving to be common themes.
Attackers, both of a criminal and state-sponsored nature, have also shifted techniques from big game ransomware hunting, data theft and fraud, national security/economic espionage and internal influencing to ransom-as-a-service, data extortion, themed downloaders and epidemiological tech and decision making throughout the course of the pandemic, Rivera explained.
Addressing how organizations can defend against the heightened cyber-risks brought about by the pandemic, Rivera said it is a “situation of evolve or get left behind,” proposing four key areas of evolution to focus on:
- Decrease reliance on the idea of securing a defined a perimeter
- Prioritize simplicity and adaptability
- Evolve from reactive to proactive measures
- Prepare the workforce for the “new normal”
To conclude, Rivera said: “Your ability to defeat cyber-threats rests almost entirely on your understanding of the [security] problem[s]” your organization faces.