2021 was quite a year for the security community. The year started off with many organizations recovering from the aftermath of SolarWinds, one of the largest attacks we’ve ever seen. Then came along the deluge of ransomware attacks. These attacks were unprecedented, as they didn’t just damage the affected company, but significantly disrupted the daily lives of individuals across the globe. Suddenly, we were in the midst of gas and meat shortages due to the attacks against the Colonial Pipeline and JBS. Despite a tumultuous year of security incidents, there is a lot that we can learn to better prepare ourselves for 2022.
We’ve all either experienced, or witnessed, a security incident occur at the hands of trusting content that is actually malicious. Yet, the ability to engage with content and perform digital operations is imperative for workflows and continuity. That’s where zero trust comes into play. With a zero trust strategy, one simply does not trust anyone or anything that attempts to enter your network. With Work-From-Anywhere (WFA) and other hybrid models being permanently implemented across workforces, the zero trust approach is imperative.
In May 2021, President Joe Biden released a cybersecurity executive order with regulations and guidance for federal government agencies to thwart malicious cyber campaigns. One of the components of this order was to have agencies advance toward Zero Trust architecture and develop a plan to implement it. Since then, agencies have submitted their zero trust implementation plans and are entering the execution phase. I anticipate that once these agencies fully build out a zero trust security model, we’ll witness many other organizations begin to create and implement similar strategies.
According to a recent report from MIT Technology Review, 2021 has broken the record for the number of zero-day exploits discovered in a year. The report claims that 66 zero-days have been found in use this year, which is almost double the total for 2020. Threat actors have noticed the success they have had with zero-days this past year and are certainly using it to their advantage. Researchers have even discovered “exploit as a service” models emerging on the dark web. This would allow developers to rent out zero-day exploits to as many threat actors as possible rather than one individual. With these types of models in place, and gaining popularity, we should only expect to see an increase in these types of attacks.
So, what exactly is a zero-day? Zero-day exploits are an umbrella term for attacks that hackers carry out by capitalizing on recently discovered vulnerabilities. This is extremely dangerous for the affected organization because they have little to no time to remediate them. The effects of zero-day exploits were felt during the attack against Kaseya in July. The REvil threat group exploited three zero-days within Kaseya’s VSA, giving the hackers access to Kaseya’s managed service provider (MSP) customer base. This was the start of a massive domino effect—1,500 companies affected.
For so long, security strategies have been focused on detection. With the nature of today’s threat landscape, this approach often falls short. Think of ransomware. There is no tried and true detection method for ransomware, because by the time it has been detected it’s typically too late. After an attack occurs, there is an immediate groundswell of concern. But, the discussions circulate around how the attack occurred, who was responsible, and what damage was incurred.
Many of the affected organizations remediate these attacks with quick fixes when long-lasting changes need to be made. This is likely why 80% of organizations that paid the ransom were hit again. Paying the ransom is a quick fix, especially when new, long-term security investments need to be made. With zero-day exploits and evasive threats on the rise, threat detection systems cannot be the main line of defense. As we’ve witnessed this year, hackers will exploit them, either through you or your third parties.
The moral of the story is that 2021 taught us to expect the unexpected. No region, industry, or organization is off-limits when it comes to a cyberattack. And, hackers will not take the high road. 2022 will bring forth new threats, attack vectors, and other malicious activity that we haven’t even thought of yet. But, we can learn from this year. Hackers have shown us that if we don’t prioritize the prevention of well-known threats—such as ransomware—then they will continue to use these attack methods. Why wouldn’t they if it’s still proving to be so successful? Shifting the focus to prevention of threats and using the zero trust model as a guide can help stop the dissemination of zero-day exploits and ransomware. Making the appropriate security investments and seeking solutions focused on prevention can help stop this year’s trending attacks from occurring more frequently next year and even the next generation of malware.